For a SubaccountApiCredential to work, it has to create a secret containing four keys.
The key client_secret is only being returned during an initial CREATE against the BTP CLI. Subsequent GET requests fail to retrieve this key.
This is an issue when you have an orphaned/already existing ApiCredential on BTP side, causing the SubaccountApiCredential to look healthy but actually it is not, because the client_secret could not be returned.
Therefore when creating a secret using the SubaccountApiCredential its controller should check, whether the secret to be created contains four keys and if not, raise an error message like
"can not read client_secret from source, please delete external resource and re-create Crossplane resource".
ref
For a
SubaccountApiCredentialto work, it has to create a secret containing four keys.The key
client_secretis only being returned during an initial CREATE against the BTP CLI. Subsequent GET requests fail to retrieve this key.This is an issue when you have an orphaned/already existing ApiCredential on BTP side, causing the
SubaccountApiCredentialto look healthy but actually it is not, because theclient_secretcould not be returned.Therefore when creating a secret using the
SubaccountApiCredentialits controller should check, whether the secret to be created contains four keys and if not, raise an error message like"can not read client_secret from source, please delete external resource and re-create Crossplane resource".ref
SubaccountApiCredentialcan not take over resources #434