TT-9857 Only first certificate of certificate_secret_names is assigned to API

[fvanzee]

When defining multiple certificate_secrets_names on an ApiDefinition it seems only the first one is actually assigned to the API by the operator.

Providing this in the ApiDefinition resource:

certificate_secret_names:
  - cert1-secret
  - cert2-secret

Results in an API with only the first certificate id:

"certificates" : [
  "cert1-id"
]

Switching the order of certificate_secret_names will result in only cert2-id being assigned to the API

Expected Behavior

All certificates defined in certificate_secret_names should be assigned to the API

Current Behavior

Only the first entry in certificate_secret_names is assigned to the API. Both certificates are provisioned in Tyk though, and are visible on the dashboard under the Certificates menu.

Steps to Reproduce

1. Provision at least 2 TLS certificates as Kubernetes secrets
2. Assign both secrets to the certificate_secret_names on the ApiDefinition
3. Note only 1 certificate id is assigned to the API

Context

A workaround we have now is to define the certificate ids directly on the certificates field on the ApiDefinition. This does required getting the certificates provisioned first using certificate_secrets_names and then updating the definitions with the ids on the certificate field instead. When using certmanager to autorotate the certs/secrets, we then still have to manually update the certificates, because this changes the ids. This won't work nicely in the long term.

certificates:
- cert1-id
- cert2-id

Your Environment

• OS (e.g. Linux, macOS, Windows):
  • OS version: Tyk Operator Container tykio/tyk-operator
• tyk-operator version/commit: v0.15.0