@@ -456,7 +456,8 @@ func (h *handler) handleBind(w http.ResponseWriter, r *http.Request) {
456456 }
457457
458458 // Resolve the UI sentinel to a real identity derived from the authenticated session.
459- if identity == auth .UIIdentity {
459+ isUIFlow := identity == auth .UIIdentity
460+ if isUIFlow {
460461 identity = state .Token .Issuer + "/" + state .Token .Subject
461462 logger .Info ("Resolved ui-identity from session" , "identity" , identity )
462463 }
@@ -499,20 +500,24 @@ func (h *handler) handleBind(w http.ResponseWriter, r *http.Request) {
499500 },
500501 }
501502
502- // Create the APIServiceExportRequest on the provider cluster and wait for reconciliation.
503- // This ensures the binding is fully set up server-side for both CLI and UI flows.
504- exportRequest , err := h .kubeManager .CreateAPIServiceExportRequest (
505- r .Context (),
506- params .ClusterID ,
507- handleResult .Namespace ,
508- bindRequest .Name ,
509- request .Spec ,
510- )
511- if err != nil {
512- logger .Error (err , "failed to create APIServiceExportRequest" )
513- statusCode , code , details := mapErrorToCode (err )
514- writeErrorResponse (w , statusCode , code , "Failed to create API service export request" , details )
515- return
503+ // For UI-only flow, create the APIServiceExportRequest on the provider cluster
504+ // and wait for reconciliation. In CLI flow the konnector handles this instead.
505+ var exportRequestName string
506+ if isUIFlow {
507+ exportRequest , err := h .kubeManager .CreateAPIServiceExportRequest (
508+ r .Context (),
509+ params .ClusterID ,
510+ handleResult .Namespace ,
511+ bindRequest .Name ,
512+ request .Spec ,
513+ )
514+ if err != nil {
515+ logger .Error (err , "failed to create APIServiceExportRequest" )
516+ statusCode , code , details := mapErrorToCode (err )
517+ writeErrorResponse (w , statusCode , code , "Failed to create API service export request" , details )
518+ return
519+ }
520+ exportRequestName = exportRequest .Name
516521 }
517522
518523 // callback response
@@ -537,7 +542,7 @@ func (h *handler) handleBind(w http.ResponseWriter, r *http.Request) {
537542 Kubeconfig : handleResult .Kubeconfig ,
538543 Requests : []runtime.RawExtension {{Raw : requestBytes }},
539544 ProviderNamespace : handleResult .Namespace ,
540- BindingName : exportRequest . Name ,
545+ BindingName : exportRequestName ,
541546 }
542547
543548 payload , err := json .Marshal (& response )
0 commit comments