Add fallback for fetchClientIdBySeedIdentifier

[adenitiu]

What this PR does / why we need it:
This PR introduces a fallback for fetchClientIdBySeedIdentifier , e.g. if only one client is configured and no annotation is set, use that client.

Which issue(s) this PR fixes:
The proposed change is intended for the use-case where one client for multiple seeds in a landscape should be used, instead of having to annotate each seed individually.

Special notes for your reviewer:
cc @nickytd

Release note:

Add fallback for `fetchClientIdBySeedIdentifier`

[hyperspace-insights]

Summary

The following content is AI-generated and provides a summary of the pull request:

---

How to categorize this PR?
/kind enhancement
/area oidc-apps

What this PR does / why we need it:
This PR introduces a fallback mechanism in the fetchClientIdBySeedIdentifier Helm template helper. Previously, the function required a seed to be annotated with oidc-apps.extensions.gardener.cloud/client-name to resolve the correct OIDC client ID. Now, if no annotation is set but exactly one client is configured, that single client will be used automatically. Additionally, the function now safely handles the case where gardener.seed.annotations is nil by defaulting to an empty dict before calling get.

Code changes:

• In charts/oidc-apps-controller/templates/_helpers.tpl, the fetchClientIdBySeedIdentifier template was updated to:
  1. Use default (dict) when accessing seed annotations to avoid nil-map panics.
  2. Wrap the annotation-based client lookup in an {{- if $clientName }} block.
  3. Add an {{- else if eq (len .Values.clients) 1 }} fallback that automatically selects the single configured client's clientId when no annotation is present.

Additional context:
This enables a simpler operational model where a single OIDC client can be shared across multiple seeds in a landscape without needing to annotate each seed individually.

Which issue(s) this PR fixes:

Special notes for your reviewer:
cc @nickytd

Release note:

Add fallback in `fetchClientIdBySeedIdentifier` to automatically use the single configured OIDC client when no seed annotation is set, simplifying multi-seed landscapes that share one client.

---

• 🔄 Regenerate and Update Summary
• ✏️ Insert as PR Description (deletes this comment)
• 🗑️ Delete comment

PR Bot Information

Version: 1.20.0 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

• Summary Prompt: PR Prompt File
• Output Template: PR Template File
• LLM: anthropic--claude-4.6-sonnet
• File Content Strategy: Full file content
• Event Trigger: pull_request.opened
• Correlation ID: dc3a8730-32a2-11f1-9ffd-fca4cb4234a0

---

💌 Have ideas or want to contribute? Create an issue and share your thoughts with us!
📑 Check out the documentation for more information.
📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!

Made with ❤️ by Hyperspace.

[gardener-prow]

@hyperspace-insights[bot]: The label(s) area/oidc-apps cannot be applied, because the repository doesn't have them.

Details

In response to this:

Summary

The following content is AI-generated and provides a summary of the pull request:

---

How to categorize this PR?
/kind enhancement
/area oidc-apps

What this PR does / why we need it:
This PR introduces a fallback mechanism in the fetchClientIdBySeedIdentifier Helm template helper. Previously, the function required a seed to be annotated with oidc-apps.extensions.gardener.cloud/client-name to resolve the correct OIDC client ID. Now, if no annotation is set but exactly one client is configured, that single client will be used automatically. Additionally, the function now safely handles the case where gardener.seed.annotations is nil by defaulting to an empty dict before calling get.

Code changes:

• In charts/oidc-apps-controller/templates/_helpers.tpl, the fetchClientIdBySeedIdentifier template was updated to:

1. Use default (dict) when accessing seed annotations to avoid nil-map panics.
2. Wrap the annotation-based client lookup in an {{- if $clientName }} block.
3. Add an {{- else if eq (len .Values.clients) 1 }} fallback that automatically selects the single configured client's clientId when no annotation is present.

Additional context:
This enables a simpler operational model where a single OIDC client can be shared across multiple seeds in a landscape without needing to annotate each seed individually.

Which issue(s) this PR fixes:

Special notes for your reviewer:
cc @nickytd

Release note:

Add fallback in `fetchClientIdBySeedIdentifier` to automatically use the single configured OIDC client when no seed annotation is set, simplifying multi-seed landscapes that share one client.

---

• 🔄 Regenerate and Update Summary
• ✏️ Insert as PR Description (deletes this comment)
• 🗑️ Delete comment

PR Bot Information

Version: 1.20.0 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

• Summary Prompt: PR Prompt File
• Output Template: PR Template File
• LLM: anthropic--claude-4.6-sonnet
• File Content Strategy: Full file content
• Event Trigger: pull_request.opened
• Correlation ID: dc3a8730-32a2-11f1-9ffd-fca4cb4234a0

---

💌 Have ideas or want to contribute? Create an issue and share your thoughts with us!
📑 Check out the documentation for more information.
📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!

Made with ❤️ by Hyperspace.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[nickytd]

/lgtm

[gardener-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nickytd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [nickytd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gardener-prow]

LGTM label has been added.

Details

Git tree hash: fc7971581c3fe1859128a2ddd95332f29e15d939