[HOTFIX] Instance Creator - Fix logging, add role for its certificate…

… and fix handler bug (#3670)

* Instance Creator - Fix logging, add role for its certificate and fix handler bug (#3662)

* Add role for the instance creator certificate and fix logging

* Update values.yaml

* Fix copy paste errors

* Fix copy paste errors

* Fix bug

* Fix responding with error in the handler

* Fix bug

* Fix logging

* Fix parameters key

* Fix unit tests

* Adjust unit test name

* fix unit tests

* bump instance creator PR in values.yaml

---------

Co-authored-by: ivanetenevvasilev <ivantenevvasilev@abv.bg>

* bump instance creator PR in values.yaml

chart/compass/charts/instance-creator/templates/rbac.yaml

@@ -10,44 +10,31 @@ metadata:
   labels:
     {{- include "instanceCreator.labels" . | nindent 4 }}
 ---
-kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
 metadata:
-  name: {{ template "fullname" . }}
+  name: {{ .Values.global.instanceCreatorCertConfiguration.secrets.instanceCreatorClientCertSecret.name }}
   namespace: {{ $.Release.Namespace }}
   labels:
-    app: {{ $.Chart.Name }}
-    release: {{ $.Release.Name }}
-    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
-    app.kubernetes.io/name: {{ template "name" . }}
-    app.kubernetes.io/managed-by: {{ $.Release.Service }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "fullname" . }}
-    namespace: {{ $.Release.Namespace }}
-roleRef:
-  kind: Role
-  name: director-{{ .Values.global.externalCertConfiguration.secrets.externalClientCertSecret.name }}
-  apiGroup: rbac.authorization.k8s.io
+    {{- include "instanceCreator.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["*"]
+    resources: ["secrets"]
+    resourceNames: ["{{ .Values.global.instanceCreatorCertConfiguration.secrets.instanceCreatorClientCertSecret.name }}"]
+    verbs: ["watch"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ template "fullname" . }}-ext-svc
+  name: {{ .Values.global.instanceCreatorCertConfiguration.secrets.instanceCreatorClientCertSecret.name }}
   namespace: {{ $.Release.Namespace }}
   labels:
-    app: {{ $.Chart.Name }}
-    release: {{ $.Release.Name }}
-    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
-    app.kubernetes.io/name: {{ template "name" . }}
-    app.kubernetes.io/managed-by: {{ $.Release.Service }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
+    {{- include "instanceCreator.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "fullname" . }}
     namespace: {{ $.Release.Namespace }}
 roleRef:
   kind: Role
-  name: director-{{ .Values.global.extSvcCertConfiguration.secrets.extSvcClientCertSecret.name }}
+  name: {{ .Values.global.instanceCreatorCertConfiguration.secrets.instanceCreatorClientCertSecret.name }}
   apiGroup: rbac.authorization.k8s.io

chart/compass/values.yaml

@@ -189,8 +189,8 @@ global:
       version: "v20240202-4a19198c"
       name: compass-kyma-adapter
     instance_creator:
-      dir: prod/incubator/
-      version: "v20240202-275c5acb"
+      dir: dev/incubator/
+      version: "PR-3670"
       name: compass-instance-creator
     default_tenant_mapping_handler:
       dir: prod/incubator/

components/instance-creator/internal/client/types/tenantmapping/tenant_mapping.go

@@ -37,12 +37,12 @@ type Context struct {
 type ReceiverTenant struct {
 	Region        string          `json:"deploymentRegion"`
 	SubaccountID  string          `json:"subaccountId"`
+	AssignmentID  string          `json:"uclAssignmentId"`
 	Configuration json.RawMessage `json:"configuration"`
 }
 
 // AssignedTenant is a structure used to JSON decode the assignedTenant in the Body
 type AssignedTenant struct {
-	AssignmentID  string          `json:"uclAssignmentId"`
 	Configuration json.RawMessage `json:"configuration"`
 }
 
@@ -87,13 +87,7 @@ func (rt ReceiverTenant) Validate() error {
 	return validation.ValidateStruct(&rt,
 		validation.Field(&rt.Region, validation.Required.Error("ReceiverTenant Region must be provided")),
 		validation.Field(&rt.SubaccountID, validation.Required.Error("ReceiverTenant SubaccountID must be provided")),
-	)
-}
-
-// Validate validates the Body's AssignedTenant
-func (at AssignedTenant) Validate() error {
-	return validation.ValidateStruct(&at,
-		validation.Field(&at.AssignmentID, validation.Required.Error("AssignedTenant AssignmentID must be provided")),
+		validation.Field(&rt.AssignmentID, validation.Required.Error("ReceiverTenant AssignmentID must be provided")),
 	)
 }
 
@@ -103,9 +97,6 @@ func (b Body) Validate() error {
 		validation.Field(&b.ReceiverTenant, validation.By(func(interface{}) error {
 			return b.ReceiverTenant.Validate()
 		})),
-		validation.Field(&b.AssignedTenant, validation.By(func(interface{}) error {
-			return b.AssignedTenant.Validate()
-		})),
 		validation.Field(&b.Context,
 			validation.By(func(interface{}) error {
 				return b.Context.Validate()

components/instance-creator/internal/client/types/tenantmapping/tenant_mapping_test.go

@@ -121,7 +121,6 @@ func Test_GetTenantCommunication(t *testing.T) {
 					Operation:   "assign",
 				},
 				AssignedTenant: tenantmapping.AssignedTenant{
-					AssignmentID:  "456",
 					Configuration: json.RawMessage(`{"credentials": {"inboundCommunication": {"key": "value"}}}`),
 				},
 			},
@@ -137,7 +136,6 @@ func Test_GetTenantCommunication(t *testing.T) {
 					Operation:   "assign",
 				},
 				AssignedTenant: tenantmapping.AssignedTenant{
-					AssignmentID:  "456",
 					Configuration: json.RawMessage(`{"credentials": {"inboundCommunication": {"key": {"key2": {"key3": "value"}}}}}`),
 				},
 			},
@@ -153,7 +151,6 @@ func Test_GetTenantCommunication(t *testing.T) {
 					Operation:   "assign",
 				},
 				AssignedTenant: tenantmapping.AssignedTenant{
-					AssignmentID:  "456",
 					Configuration: json.RawMessage(`{"credentials": {"outboundCommunication": {"key": "value"}}}`),
 				},
 			},