From 2c36cb5eda223d0e14b5f0f86a092987e7339cae Mon Sep 17 00:00:00 2001
From: Hidde Beydals <hello@hidde.co>
Date: Fri, 29 Apr 2022 21:46:11 +0200
Subject: [PATCH] kubeconfig: err on missing declared SecretRef.Key

Signed-off-by: Hidde Beydals <hello@hidde.co>
---
 controllers/helmrelease_controller.go | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/controllers/helmrelease_controller.go b/controllers/helmrelease_controller.go
index e3e4a4984..0d386e30f 100644
--- a/controllers/helmrelease_controller.go
+++ b/controllers/helmrelease_controller.go
@@ -500,15 +500,20 @@ func (r *HelmReleaseReconciler) getRESTClientGetter(ctx context.Context, hr v2.H
 		}
 
 		var kubeConfig []byte
-		if key := hr.Spec.KubeConfig.SecretRef.Key; key != "" {
+		switch {
+		case hr.Spec.KubeConfig.SecretRef.Key != "":
+			key := hr.Spec.KubeConfig.SecretRef.Key
 			kubeConfig = secret.Data[key]
-		} else if val, ok := secret.Data["value"]; ok {
-			kubeConfig = val
-		} else if val, ok := secret.Data["value.yaml"]; ok {
-			kubeConfig = val
-		} else {
+			if kubeConfig == nil {
+				return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a '%s' key with a kubeconfig", secretName, key)
+			}
+		case secret.Data["value"] != nil:
+			kubeConfig = secret.Data["value"]
+		case secret.Data["value.yaml"] != nil:
+			kubeConfig = secret.Data["value.yaml"]
+		default:
 			// User did not specify a key, and the 'value' key was not defined.
-			return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key", secretName)
+			return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key with a kubeconfig", secretName)
 		}
 
 		return kube.NewMemoryRESTClientGetter(kubeConfig, hr.GetReleaseNamespace(), impersonateAccount, r.Config.QPS, r.Config.Burst, r.KubeConfigOpts), nil