WIP: fixed CRD generation

Signed-off-by: Gustavo <gusfcarvalho@gmail.com>

apis/externalsecrets/v1alpha1/pushsecret_types.go

@@ -100,6 +100,7 @@ type PushSecretStatusCondition struct {
 	// +optional
 	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
 }
+type SyncedPushSecretsMap map[string][]PushSecretData
 
 // PushSecretStatus indicates the history of the status of PushSecret.
 type PushSecretStatus struct {
@@ -111,7 +112,7 @@ type PushSecretStatus struct {
 	// SyncedResourceVersion keeps track of the last synced version.
 	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`
 	// Synced Push Secrets for later deletion. Matches Secret Stores to PushSecretData that was stored to that secretStore.
-	SyncedPushSecrets map[string]PushSecretData
+	SyncedPushSecrets SyncedPushSecretsMap `json:"syncedPushSecrets"`
 	// +optional
 	Conditions []PushSecretStatusCondition `json:"conditions,omitempty"`
 }

apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go

@@ -1168,6 +1168,21 @@ func (in *PushSecretSpec) DeepCopy() *PushSecretSpec {
 func (in *PushSecretStatus) DeepCopyInto(out *PushSecretStatus) {
 	*out = *in
 	in.RefreshTime.DeepCopyInto(&out.RefreshTime)
+	if in.SyncedPushSecrets != nil {
+		in, out := &in.SyncedPushSecrets, &out.SyncedPushSecrets
+		*out = make(SyncedPushSecretsMap, len(*in))
+		for key, val := range *in {
+			var outVal []PushSecretData
+			if val == nil {
+				(*out)[key] = nil
+			} else {
+				in, out := &val, &outVal
+				*out = make([]PushSecretData, len(*in))
+				copy(*out, *in)
+			}
+			(*out)[key] = outVal
+		}
+	}
 	if in.Conditions != nil {
 		in, out := &in.Conditions, &out.Conditions
 		*out = make([]PushSecretStatusCondition, len(*in))
@@ -1481,6 +1496,35 @@ func (in *ServiceAccountAuth) DeepCopy() *ServiceAccountAuth {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in SyncedPushSecretsMap) DeepCopyInto(out *SyncedPushSecretsMap) {
+	{
+		in := &in
+		*out = make(SyncedPushSecretsMap, len(*in))
+		for key, val := range *in {
+			var outVal []PushSecretData
+			if val == nil {
+				(*out)[key] = nil
+			} else {
+				in, out := &val, &outVal
+				*out = make([]PushSecretData, len(*in))
+				copy(*out, *in)
+			}
+			(*out)[key] = outVal
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncedPushSecretsMap.
+func (in SyncedPushSecretsMap) DeepCopy() SyncedPushSecretsMap {
+	if in == nil {
+		return nil
+	}
+	out := new(SyncedPushSecretsMap)
+	in.DeepCopyInto(out)
+	return *out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom) {
 	*out = *in

config/crds/bases/external-secrets.io_pushsecrets.yaml

@@ -183,10 +183,43 @@ spec:
                 format: date-time
                 nullable: true
                 type: string
+              syncedPushSecrets:
+                additionalProperties:
+                  items:
+                    properties:
+                      match:
+                        description: Match a given Secret Key to be pushed to the
+                          provider.
+                        properties:
+                          remoteRef:
+                            description: Remote Refs to push to providers.
+                            properties:
+                              remoteKey:
+                                description: Name of the resulting provider secret.
+                                type: string
+                            required:
+                            - remoteKey
+                            type: object
+                          secretKey:
+                            description: Secret Key to be pushed
+                            type: string
+                        required:
+                        - remoteRef
+                        - secretKey
+                        type: object
+                    required:
+                    - match
+                    type: object
+                  type: array
+                description: Synced Push Secrets for later deletion. Matches Secret
+                  Stores to PushSecretData that was stored to that secretStore.
+                type: object
               syncedResourceVersion:
                 description: SyncedResourceVersion keeps track of the last synced
                   version.
                 type: string
+            required:
+            - syncedPushSecrets
             type: object
         type: object
     served: true

deploy/crds/bundle.yaml

@@ -3413,9 +3413,40 @@ spec:
                   format: date-time
                   nullable: true
                   type: string
+                syncedPushSecrets:
+                  additionalProperties:
+                    items:
+                      properties:
+                        match:
+                          description: Match a given Secret Key to be pushed to the provider.
+                          properties:
+                            remoteRef:
+                              description: Remote Refs to push to providers.
+                              properties:
+                                remoteKey:
+                                  description: Name of the resulting provider secret.
+                                  type: string
+                              required:
+                                - remoteKey
+                              type: object
+                            secretKey:
+                              description: Secret Key to be pushed
+                              type: string
+                          required:
+                            - remoteRef
+                            - secretKey
+                          type: object
+                      required:
+                        - match
+                      type: object
+                    type: array
+                  description: Synced Push Secrets for later deletion. Matches Secret Stores to PushSecretData that was stored to that secretStore.
+                  type: object
                 syncedResourceVersion:
                   description: SyncedResourceVersion keeps track of the last synced version.
                   type: string
+              required:
+                - syncedPushSecrets
               type: object
           type: object
       served: true

pkg/controllers/pushsecret/pushsecret_controller.go

@@ -94,31 +94,38 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		return ctrl.Result{}, err
 	}
 
-	err = r.PushSecretToProviders(ctx, secretStores, ps, secret)
+	syncedSecrets, err := r.PushSecretToProviders(ctx, secretStores, ps, secret)
 	if err != nil {
 		msg := fmt.Sprintf(errFailedSetSecret, err)
 		cond := NewPushSecretCondition(esapi.PushSecretReady, v1.ConditionFalse, esapi.ReasonErrored, msg)
 		ps = SetPushSecretCondition(ps, *cond)
+		r.SetSyncedSecrets(&ps, syncedSecrets)
 		r.recorder.Event(&ps, v1.EventTypeWarning, esapi.ReasonErrored, msg)
 		return ctrl.Result{}, err
 	}
 	msg := "PushSecret synced successfully"
 	cond := NewPushSecretCondition(esapi.PushSecretReady, v1.ConditionTrue, esapi.ReasonSynced, msg)
 	ps = SetPushSecretCondition(ps, *cond)
-	// Set status for PushSecret
+	r.SetSyncedSecrets(&ps, syncedSecrets)
 	r.recorder.Event(&ps, v1.EventTypeNormal, esapi.ReasonSynced, msg)
 	return ctrl.Result{RequeueAfter: refreshInt}, nil
 }
-func (r *Reconciler) PushSecretToProviders(ctx context.Context, stores []v1beta1.GenericStore, ps esapi.PushSecret, secret *v1.Secret) error {
+func (r *Reconciler) SetSyncedSecrets(ps *esapi.PushSecret, status esapi.SyncedPushSecretsMap) {
+	ps.Status.SyncedPushSecrets = status
+}
+
+func (r *Reconciler) PushSecretToProviders(ctx context.Context, stores []v1beta1.GenericStore, ps esapi.PushSecret, secret *v1.Secret) (esapi.SyncedPushSecretsMap, error) {
 	// TODO - Delete Secrets from Stores if they no longer exist in spec but still exist in status
+	out := esapi.SyncedPushSecretsMap{}
 	for _, store := range stores {
+		out[store.GetName()] = make([]esapi.PushSecretData, 0)
 		provider, err := v1beta1.GetProvider(store)
 		if err != nil {
-			return fmt.Errorf(errGetProviderFailed)
+			return out, fmt.Errorf(errGetProviderFailed)
 		}
 		client, err := provider.NewClient(ctx, store, r.Client, ps.Namespace)
 		if err != nil {
-			return fmt.Errorf(errGetSecretsClientFailed)
+			return out, fmt.Errorf(errGetSecretsClientFailed)
 		}
 		defer func() { //nolint
 			err := client.Close(ctx)
@@ -129,18 +136,18 @@ func (r *Reconciler) PushSecretToProviders(ctx context.Context, stores []v1beta1
 		for _, ref := range ps.Spec.Data {
 			secretValue, ok := secret.Data[ref.Match.SecretKey]
 			if !ok {
-				return fmt.Errorf("secret key %v does not exist", ref.Match.SecretKey)
+				return out, fmt.Errorf("secret key %v does not exist", ref.Match.SecretKey)
 			}
 			err := client.SetSecret(ctx, secretValue, ref.Match.RemoteRef)
 			if err != nil {
-				return fmt.Errorf(errSetSecretFailed, ref.Match.SecretKey, store.GetName(), err)
+				return out, fmt.Errorf(errSetSecretFailed, ref.Match.SecretKey, store.GetName(), err)
 			}
+			out[store.GetName()] = append(out[store.GetName()], ref)
 		}
 		// TODO - for ref in Status.Synced[store], ref not belonging to ps.Spec.Data, remove ref from provider.
 	}
-	return nil
+	return out, nil
 }
-
 func (r *Reconciler) GetSecret(ctx context.Context, ps esapi.PushSecret) (*v1.Secret, error) {
 	secretName := types.NamespacedName{Name: ps.Spec.Selector.Secret.Name, Namespace: ps.Namespace}
 	secret := &v1.Secret{}