From c6642db6fb3c039e35778b05d9bfe5125fdc9a0a Mon Sep 17 00:00:00 2001
From: wjro <wrolleman@nationtech.io>
Date: Fri, 16 Jan 2026 13:39:10 -0500
Subject: [PATCH] fix: modified k8sanywhere implentation of get_ca_cert to use
 the kubernetes certificate name to find its respective secret and ca.crt

---
 .../topology/k8s_anywhere/k8s_anywhere.rs     | 41 +++++++++++++++----
 1 file changed, 33 insertions(+), 8 deletions(-)

diff --git a/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs b/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs
index 0476ac3..93570ab 100644
--- a/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs
+++ b/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs
@@ -460,31 +460,56 @@ impl CertificateManagement for K8sAnywhereTopology {
         config: &CertificateManagementConfig,
     ) -> Result<String, PreparationError> {
         let namespace = config.namespace.clone().unwrap();
-
+        let certificate_gvk = GroupVersionKind {
+            group: "cert-manager.io".to_string(),
+            version: "v1".to_string(),
+            kind: "Certificate".to_string(),
+        };
         let client = self.k8s_client().await.unwrap();
+        let certificate_data = client
+            .get_resource_json_value(&cert_name, Some(&namespace), &certificate_gvk)
+            .await?
+            .data;
+
+        trace!("Certificate Data {:#?}", certificate_data);
+
+        let secret_name = certificate_data
+            .get("spec")
+            .ok_or_else(|| PreparationError {
+                msg: format!("failed to get spec from Certificate {}", cert_name),
+            })?
+            .get("secretName")
+            .ok_or_else(|| PreparationError {
+                msg: format!("failed to get secretName from Certificate {}", cert_name),
+            })?;
+
+        trace!("Secret Name {:#?}", secret_name);
+
+        let secret_name: String = serde_json::from_value(secret_name.clone())
+            .map_err(|e| PreparationError { msg: e.to_string() })?;
 
         let secret = client
-            .get_secret_json_value(&cert_name, Some(&namespace))
+            .get_secret_json_value(&secret_name, Some(&namespace))
             .await?
             .data;
 
         let ca_cert = secret
             .get("data")
             .ok_or_else(|| PreparationError {
-                msg: format!("failed to get data from secret {}", cert_name),
+                msg: format!("failed to get data from secret {}", secret_name),
             })?
             .get("ca.crt")
             .ok_or_else(|| PreparationError {
-                msg: format!("failed to get ca.crt from secret {}", cert_name),
+                msg: format!("failed to get ca.crt from secret {}", secret_name),
             })?;
 
-        trace!("{:#?}", ca_cert.clone());
+        trace!("ca.crt {:#?}", ca_cert.clone());
 
-        let cert: String = serde_json::from_value(ca_cert.clone())
+        let ca_cert: String = serde_json::from_value(ca_cert.clone())
             .map_err(|e| PreparationError { msg: e.to_string() })?;
 
-        trace!("{:#?}", cert.clone());
-        Ok(cert)
+        trace!("ca.crt string {:#?}", ca_cert.clone());
+        Ok(ca_cert)
     }
 }