How to extract the 'amqp10.auth.basic.password' from a message queue binding

For our integration, we only need the password (or dedicated parts like user/password) from the credentials. Currently we use the user/password from the amqp10.auth.basic - however, we have to manually extract it and store it in our credential store. We now want to switch to the btp operator to mount the password in our kubernetes cluster. The operator is connected to btp service manager, we created a "serviceInstance" and a "serviceBinding" but now fail to extract only the password.

we tried multiple variants: this is a sample of the direction we were looking at:

apiVersion: services.cloud.sap.com/v1
kind: ServiceBinding
metadata:
  name: btp-message-queue-binding
  namespace: spm
spec:
  serviceInstanceName: mqs-avengers-3
  secretName: btp-message-queue-secret
  secretTemplate: |
    apiVersion: v1
    kind: Secret
    metadata:
    stringData:
      PASSWORD:  {{ .credentials.amqp10.auth.basic.password }}

Doing it this way, the operator gives an error: invalid template: [].auth interface is nil (i don't have the exact error message, but it points to auth cannot be dereferenced).

We tried some alternatives like PASSWORD: {{ .credentials.amqp10 }}

that returns some rendered string as map[auth:map[basic:map[password: gdsadsaghjgsad that at least looks like you should be able to navigate into the maps further.

Error: 2024-04-16T11:30:49Z ERROR servicebinding-resource failed to create secret from template {"error": "the Secret template is invalid: template: spm/btp-message-queue-binding:5:41: executing \"spm/btp-message-queue-binding\" at <.credentials.amqp10.auth.basic>: nil pointer evaluating interface {}.auth", "errorVerbose": "template: spm/btp-message-queue-binding:5:41: executing \"spm/btp-message-queue-binding\" at <.credentials.amqp10.auth.basic>: nil pointer evaluating interface {}.auth\nthe Secret template is invalid\ngithub.com/SAP/sap-btp-service-operator/api/common/utils.CreateSecretFromTemplate\n\t/workspace/api/common/utils/secret_template.go:36\ngithub.com/SAP/sap-btp-service-operator/api/v1.(*ServiceBinding).validateSecretTemplate\n\t/workspace/api/v1/servicebinding_validating_webhook.go:154\ngithub.com/SAP/sap-btp-service-operator/api/v1.(*ServiceBinding).ValidateUpdate\n\t/workspace/api/v1/servicebinding_validating_webhook.go:97\nsigs.k8s.io/controller-runtime/pkg/webhook/admission.(*validatingHandler).Handle\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/webhook/admission/validator.go:103\nsigs.k8s.io/controller-runtime/pkg/webhook/admission.(*Webhook).Handle\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/webhook/admission/webhook.go:169\nsigs.k8s.io/controller-runtime/pkg/webhook/admission.(*Webhook).ServeHTTP\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/webhook/admission/http.go:98\nsigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics.InstrumentedHook.InstrumentHandlerInFlight.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.17.0/prometheus/promhttp/instrument_server.go:60\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2166\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.17.0/prometheus/promhttp/instrument_server.go:147\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2166\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.17.0/prometheus/promhttp/instrument_server.go:109\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2166\nnet/http.(*ServeMux).ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2683\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:3137\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:2039\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1695"} 38 github.com/SAP/sap-btp-service-operator/api/v1.(*ServiceBinding).validateSecretTemplate 37 /workspace/api/v1/servicebinding_validating_webhook.go:156 36 github.com/SAP/sap-btp-service-operator/api/v1.(*ServiceBinding).ValidateUpdate 35 /workspace/api/v1/servicebinding_validating_webhook.go:97 34 sigs.k8s.io/controller-runtime/pkg/webhook/admission.(*validatingHandler).Handle 33 /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/webhook/admission/validator.go:103 32 sigs.k8s.io/controller-runtime/pkg/webhook/admission.(*Webhook).Handle 31 /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/webhook/admission/webhook.go:169 30 sigs.k8s.io/controller-runtime/pkg/webhook/admission.(*Webhook).ServeHTTP 29 /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/webhook/admission/http.go:98 28 sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics.InstrumentedHook.InstrumentHandlerInFlight.func1 27 /go/pkg/mod/github.com/prometheus/client_golang@v1.17.0/prometheus/promhttp/instrument_server.go:60 26 net/http.HandlerFunc.ServeHTTP 25 /usr/local/go/src/net/http/server.go:2166 24 github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1 23 /go/pkg/mod/github.com/prometheus/client_golang@v1.17.0/prometheus/promhttp/instrument_server.go:147 22 net/http.HandlerFunc.ServeHTTP 21 /usr/local/go/src/net/http/server.go:2166 20 github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2 19 /go/pkg/mod/github.com/prometheus/client_golang@v1.17.0/prometheus/promhttp/instrument_server.go:109 18 net/http.HandlerFunc.ServeHTTP 17 /usr/local/go/src/net/http/server.go:2166 16 net/http.(*ServeMux).ServeHTTP 15 /usr/local/go/src/net/http/server.go:2683 14 net/http.serverHandler.ServeHTTP 13 /usr/local/go/src/net/http/server.go:3137 12 net/http.(*conn).serve 11 /usr/local/go/src/net/http/server.go:2039

What is the best way to extract only the password?

SAP / sap-btp-service-operator

How to extract the 'amqp10.auth.basic.password' from a message queue binding #423