Secret pushed if doesn't exit

Signed-off-by: William Young <will.young@engineerbetter.com>
Co-authored-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Co-authored-by: Marcus Dantas <marcus.dantas@engineerbetter.com>

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -107,6 +107,11 @@ func (sm *SecretsManager) fetch(_ context.Context, ref esv1beta1.ExternalSecretD
 	return secretOut, nil
 }
 
+type RequestFailure interface {
+	StatusCode() int
+	RequestID() string
+}
+
 func (sm *SecretsManager) SetSecret(ctx context.Context, value []byte, remoteRef esv1beta1.PushRemoteRef) error {
 	secretName := remoteRef.GetRemoteKey()
 	secretRequest := awssm.CreateSecretInput{
@@ -117,15 +122,19 @@ func (sm *SecretsManager) SetSecret(ctx context.Context, value []byte, remoteRef
 	secretValue := awssm.GetSecretValueInput{
 		SecretId: &secretName,
 	}
+	_, err := sm.client.GetSecretValueWithContext(ctx, &secretValue)
 
-	output, err := sm.client.GetSecretValueWithContext(ctx, &secretValue)
+	if reqerr, ok := err.(RequestFailure); ok {
+		if reqerr.StatusCode() == 400 {
+			goto CREATE
+		}
+	}
 
 	if err != nil {
 		return err
 	}
 
-	fmt.Println(output)
-
+CREATE:
 	_, err = sm.client.CreateSecretWithContext(ctx, &secretRequest)
 
 	if err != nil {

pkg/provider/aws/secretsmanager/secretsmanager_test.go

@@ -22,6 +22,7 @@ import (
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/private/protocol"
 	awssm "github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/crossplane/crossplane-runtime/pkg/test"
 	"github.com/google/go-cmp/cmp"
@@ -345,6 +346,13 @@ func TestSetSecret(t *testing.T) {
 		VersionStages: versionOutput,
 	}
 
+	notFoundErr := &awssm.ResourceExistsException{
+		RespMetadata: protocol.ResponseMetadata{
+			StatusCode: 400,
+			RequestID:  secretName,
+		},
+	}
+
 	type args struct {
 		store  *esv1beta1.AWSProvider
 		client fakesm.Client
@@ -358,8 +366,8 @@ func TestSetSecret(t *testing.T) {
 		args   args
 		want   want
 	}{
-		"SetSecretSucceeds": {
-			reason: "a secret can be puahed to aws secrets manager",
+		"SetSecretSucceedsWithExistingSecret": {
+			reason: "a secret can be pushed to aws secrets manager when it already exists",
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
@@ -371,6 +379,19 @@ func TestSetSecret(t *testing.T) {
 				err: nil,
 			},
 		},
+		"SetSecretSucceedsWithNewSecret": {
+			reason: "a secret can be pushed to aws secrets manager if it doesn't already exist",
+			args: args{
+				store: makeValidSecretStore().Spec.Provider.AWS,
+				client: fakesm.Client{
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(nil, notFoundErr),
+					CreateSecretWithContextFn:   fakesm.NewCreateSecretWithContextFn(secretOutput, nil),
+				},
+			},
+			want: want{
+				err: nil,
+			},
+		},
 		"SetSecretCreateSecretFails": {
 			reason: "CreateSecretWithContext returns an error if it fails",
 			args: args{