:sparkles: Implements Deletion policy for Hashicorp vault. (#1879)

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

pkg/provider/vault/fake/vault.go

@@ -54,6 +54,9 @@ func NewDeleteWithContextFn(secret map[string]interface{}, err error) DeleteWith
 
 func NewReadWithContextFn(secret map[string]interface{}, err error) ReadWithDataWithContextFn {
 	return func(ctx context.Context, path string, data map[string][]string) (*vault.Secret, error) {
+		if secret == nil {
+			return nil, err
+		}
 		vault := &vault.Secret{
 			Data: secret,
 		}

pkg/provider/vault/vault.go

@@ -418,9 +418,9 @@ func (v *client) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushRemot
 		return err
 	}
 	// Retrieve the secret map from vault and convert the secret value in string form.
-	_, err = v.logical.ReadWithDataWithContext(ctx, path, nil)
+	_, err = v.readSecret(ctx, path, "")
 	// If error is not of type secret not found, we should error
-	if err != nil && !strings.Contains(err.Error(), "secret not found") {
+	if err != nil && errors.Is(err, esv1beta1.NoSecretError{}) {
 		return nil
 	}
 	if err != nil {
@@ -468,7 +468,7 @@ func (v *client) PushSecret(ctx context.Context, value []byte, remoteRef esv1bet
 	// Retrieve the secret map from vault and convert the secret value in string form.
 	vaultSecret, err := v.readSecret(ctx, path, "")
 	// If error is not of type secret not found, we should error
-	if err != nil && !strings.Contains(err.Error(), "secret not found") {
+	if err != nil && !errors.Is(err, esv1beta1.NoSecretError{}) {
 		return err
 	}
 	// If the secret exists (err == nil), we should check if it is managed by external-secrets
@@ -878,7 +878,7 @@ func (v *client) readSecret(ctx context.Context, path, version string) (map[stri
 		return nil, fmt.Errorf(errReadSecret, err)
 	}
 	if vaultSecret == nil {
-		return nil, errors.New(errNotFound)
+		return nil, esv1beta1.NoSecretError{}
 	}
 	secretData := vaultSecret.Data
 	if v.store.Version == esv1beta1.VaultKVStoreV2 {

pkg/provider/vault/vault_test.go

@@ -627,7 +627,7 @@ func TestGetSecret(t *testing.T) {
 				},
 			},
 			want: want{
-				err: errors.New(errNotFound),
+				err: esv1beta1.NoSecretError{},
 			},
 		},
 	}
@@ -1386,7 +1386,6 @@ func (f fakeRef) GetRemoteKey() string {
 
 func TestSetSecret(t *testing.T) {
 	noPermission := errors.New("no permission")
-	secretNotFound := errors.New("secret not found")
 
 	type args struct {
 		store    *esv1beta1.VaultProvider
@@ -1406,7 +1405,7 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault,
 				vLogical: &fake.Logical{
-					ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, secretNotFound),
+					ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, nil),
 					WriteWithContextFn:        fake.NewWriteWithContextFn(nil, nil),
 				},
 			},
@@ -1420,7 +1419,7 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault,
 				vLogical: &fake.Logical{
-					ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, secretNotFound),
+					ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, nil),
 					WriteWithContextFn:        fake.NewWriteWithContextFn(nil, noPermission),
 				},
 			},