Fix double secret fetching in BasicAuth processing

This commit addresses the performance issue where spec.secretRef
was being fetched twice - once in extractAuthFromSecret and again
in secrets.BasicAuthFromSecret. The fix moves BasicAuth processing
directly into extractAuthFromSecret using the already-fetched
secret data, eliminating the redundant API call.

This aligns with the special nature of spec.secretRef that contains
multiple authentication methods and follows the advice to not use
runtime/secrets for special requirements as discussed in flux2#5433.

Signed-off-by: cappyzawa <[email protected]>

Author: cappyzawa

internal/server/event_handlers.go

@@ -344,6 +344,13 @@ func extractAuthFromSecret(ctx context.Context, kubeClient client.Client, provid
 		options = append(options, notifier.WithHeaders(headers))
 	}
 
+	if user, ok := secret.Data["username"]; ok {
+		if pass, ok := secret.Data["password"]; ok {
+			options = append(options, notifier.WithUsername(strings.TrimSpace(string(user))))
+			options = append(options, notifier.WithPassword(strings.TrimSpace(string(pass))))
+		}
+	}
+
 	return options, secret.Data, nil
 }
 
@@ -404,12 +411,6 @@ func createNotifier(ctx context.Context, kubeClient client.Client, provider *api
 		if val, ok := secretData[secrets.TokenKey]; ok {
 			token = strings.TrimSpace(string(val))
 		}
-
-		user, pass, err := secrets.BasicAuthFromSecret(ctx, kubeClient, provider.Spec.SecretRef.Name, provider.Namespace)
-		if err == nil {
-			options = append(options, notifier.WithUsername(user))
-			options = append(options, notifier.WithPassword(pass))
-		}
 	}
 
 	if provider.Spec.ProxySecretRef != nil {