fix: #241 Decode secret service account and credentials for connecting to Keycloak

lbroudoux · lbroudoux · commit 556d9e4ee9f2 · 2026-03-09T16:48:22.000+01:00
Signed-off-by: Laurent Broudoux &lt;laurent.broudoux@gmail.com&gt;
diff --git a/documentation/microcks-dependent-cr.md b/documentation/microcks-dependent-cr.md
@@ -84,7 +84,7 @@ This secrete will need to have -at least- two keys:
 * `service-account-name` will hold the value of the Service Account name to use,
 * `service-account-credentials` will hold the corresponding credentials to authenticate on your target Keycloak instance and realm.
 
-The last thing is how to tell the Microcks operator the secret to be used for Service Account retrievel? Well this
+The last thing is how to tell the Microcks operator the secret to be used for Service Account retrieval? Well this
 is done using an additional annotation on your Microcks-dependent resource: the `microcks.io/service-account-secret`
 annotation allows you to specify the name of secret to consider:
 
diff --git a/operator/src/main/java/io/github/microcks/operator/KeycloakHelper.java b/operator/src/main/java/io/github/microcks/operator/KeycloakHelper.java
@@ -154,8 +154,19 @@ private ServiceAccountAndCredentials getServiceAccountAndCredentials(ObjectMeta
          Secret saSecret = client.secrets().inNamespace(resourceMetadata.getNamespace())
                .withName(serviceAccountSecret).get();
 
-         serviceAccountName = saSecret.getStringData().get("service-account-name");
-         serviceAccountCredentials = saSecret.getStringData().get("service-account-credentials");
+         if (saSecret == null) {
+            logger.errorf("Could not find secret '%s' in namespace '%s'", serviceAccountSecret, resourceMetadata.getNamespace());
+            logger.errorf("Please check that the secret exists and is in the same namespace as the Microcks instance '%s'", resourceMetadata.getName());
+         } else {
+            String encodedServiceAccountName = saSecret.getData().get("service-account-name");
+            String encodedServiceAccountCredentials = saSecret.getData().get("service-account-credentials");
+            if (encodedServiceAccountName != null && encodedServiceAccountCredentials != null) {
+               serviceAccountName = new String(Base64.getDecoder().decode(encodedServiceAccountName));
+               serviceAccountCredentials = new String(Base64.getDecoder().decode(encodedServiceAccountCredentials));
+            } else {
+               logger.errorf("Could not find service account name or credentials in secret '%s'", serviceAccountSecret);
+            }
+         }
       }
 
       return new ServiceAccountAndCredentials(serviceAccountName, serviceAccountCredentials);
