A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
fix mirroring again
+11
-3
+11
-3
internal/mirror/manager.go
+11
-3
internal/mirror/manager.go
···
611
611
return nil
612
612
}
613
613
614
-
// getAvailableDevices gets list of available HSM devices from HSMPools in the operator namespace
614
+
// getAvailableDevices gets list of available physical HSM devices from HSMPools in the operator namespace
615
615
func (mm *MirrorManager) getAvailableDevices(ctx context.Context, operatorNamespace string) ([]string, error) {
616
616
var hsmPoolList hsmv1alpha1.HSMPoolList
617
617
// HSMPools are always in the operator namespace (where controller-manager runs)
···
623
623
624
624
for _, pool := range hsmPoolList.Items {
625
625
if pool.Status.Phase == hsmv1alpha1.HSMPoolPhaseReady {
626
-
for _, deviceRef := range pool.Spec.HSMDeviceRefs {
627
-
deviceNames[deviceRef] = true
626
+
// Count actual aggregated physical devices, not just device references
627
+
for i, aggregatedDevice := range pool.Status.AggregatedDevices {
628
+
if aggregatedDevice.Available {
629
+
// Create unique device name for each physical device instance
630
+
// This matches the agent naming scheme: deviceRef-i
631
+
for _, deviceRef := range pool.Spec.HSMDeviceRefs {
632
+
physicalDeviceName := fmt.Sprintf("%s-%d", deviceRef, i)
633
+
deviceNames[physicalDeviceName] = true
634
+
}
635
+
}
628
636
}
629
637
}
630
638
}