Allow public clients without secrets (#19)

Author: bastjan

controllers/cluster_controller.go

@@ -154,11 +154,12 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
 	}
 
 	// Vault secret
-	if client.Secret == nil || *client.Secret == "" {
-		return ctrl.Result{}, fmt.Errorf("client %q has no secret", *templatedClient.ClientID)
-	}
-	if err := r.syncVaultSecret(ctx, instance, *client.Secret); err != nil {
-		return ctrl.Result{}, fmt.Errorf("unable to sync vault secret: %w", err)
+	if client.Secret != nil && *client.Secret != "" {
+		if err := r.syncVaultSecret(ctx, instance, *client.Secret); err != nil {
+			return ctrl.Result{}, fmt.Errorf("unable to sync vault secret: %w", err)
+		}
+	} else {
+		l.Info("Client has no secret, might be a public client. Skipping vault secret sync.")
 	}
 
 	// template client roles