feat: edit all required changes for recursive option (#3939)

* feat: edit all required changes for recursive option

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* chore: make reviewable

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* feat: add missing param

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* feat: change property type to boolean

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* docs: new doc version

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

---------

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

apis/externalsecrets/v1beta1/secretsstore_infisical_types.go

@@ -34,6 +34,9 @@ type MachineIdentityScopeInWorkspace struct {
 	// +kubebuilder:default="/"
 	// +optional
 	SecretsPath string `json:"secretsPath,omitempty"`
+	// +kubebuilder:default=false
+	// +optional
+	Recursive bool `json:"recursive,omitempty"`
 	// +kubebuilder:validation:Required
 	EnvironmentSlug string `json:"environmentSlug"`
 	// +kubebuilder:validation:Required

config/crds/bases/external-secrets.io_clustersecretstores.yaml

@@ -3234,6 +3234,9 @@ spec:
                             type: string
                           projectSlug:
                             type: string
+                          recursive:
+                            default: false
+                            type: boolean
                           secretsPath:
                             default: /
                             type: string

config/crds/bases/external-secrets.io_secretstores.yaml

@@ -3234,6 +3234,9 @@ spec:
                             type: string
                           projectSlug:
                             type: string
+                          recursive:
+                            default: false
+                            type: boolean
                           secretsPath:
                             default: /
                             type: string

deploy/crds/bundle.yaml

@@ -3652,6 +3652,9 @@ spec:
                               type: string
                             projectSlug:
                               type: string
+                            recursive:
+                              default: false
+                              type: boolean
                             secretsPath:
                               default: /
                               type: string
@@ -9490,6 +9493,9 @@ spec:
                               type: string
                             projectSlug:
                               type: string
+                            recursive:
+                              default: false
+                              type: boolean
                             secretsPath:
                               default: /
                               type: string

docs/api/spec.md

@@ -5252,6 +5252,17 @@ string
 </tr>
 <tr>
 <td>
+<code>recursive</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>environmentSlug</code></br>
 <em>
 string

docs/snippets/infisical-generic-secret-store.yaml

@@ -21,5 +21,7 @@ spec:
         environmentSlug: dev # "dev", "staging", "prod", etc..
         # optional
         secretsPath: / # Root is "/"
+        # optional
+        recursive: true # Default is false
       # optional
       hostAPI: https://app.infisical.com

pkg/provider/infisical/api/api.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strconv"
 	"time"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -170,6 +171,7 @@ func (a *InfisicalClient) GetSecretsV3(data GetSecretsV3Request) (map[string]str
 	q.Add("secretPath", data.SecretPath)
 	q.Add("include_imports", "true")
 	q.Add("expandSecretReferences", "true")
+	q.Add("recursive", strconv.FormatBool(data.Recursive))
 	req.URL.RawQuery = q.Encode()
 
 	rawRes, err := a.do(req)

pkg/provider/infisical/api/api_models.go

@@ -52,6 +52,7 @@ type GetSecretByKeyV3Response struct {
 type GetSecretsV3Request struct {
 	EnvironmentSlug string `json:"environment"`
 	ProjectSlug     string `json:"workspaceSlug"`
+	Recursive       bool   `json:"recursive"`
 	SecretPath      string `json:"secretPath"`
 }
 

pkg/provider/infisical/client.go

@@ -49,8 +49,8 @@ func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa
 	secret, err := p.apiClient.GetSecretByKeyV3(api.GetSecretByKeyV3Request{
 		EnvironmentSlug: p.apiScope.EnvironmentSlug,
 		ProjectSlug:     p.apiScope.ProjectSlug,
-		SecretPath:      p.apiScope.SecretPath,
 		SecretKey:       ref.Key,
+		SecretPath:      p.apiScope.SecretPath,
 	})
 
 	if err != nil {
@@ -104,6 +104,7 @@ func (p *Provider) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecr
 		EnvironmentSlug: p.apiScope.EnvironmentSlug,
 		ProjectSlug:     p.apiScope.ProjectSlug,
 		SecretPath:      p.apiScope.SecretPath,
+		Recursive:       p.apiScope.Recursive,
 	})
 	if err != nil {
 		return nil, err
@@ -144,11 +145,12 @@ func (p *Provider) Validate() (esv1beta1.ValidationResult, error) {
 	_, err := p.apiClient.GetSecretsV3(api.GetSecretsV3Request{
 		EnvironmentSlug: p.apiScope.EnvironmentSlug,
 		ProjectSlug:     p.apiScope.ProjectSlug,
+		Recursive:       p.apiScope.Recursive,
 		SecretPath:      p.apiScope.SecretPath,
 	})
 
 	if err != nil {
-		return esv1beta1.ValidationResultError, fmt.Errorf("cannot read secrets with provided project scope project:%s environment:%s secret-path:%s, %w", p.apiScope.ProjectSlug, p.apiScope.EnvironmentSlug, p.apiScope.SecretPath, err)
+		return esv1beta1.ValidationResultError, fmt.Errorf("cannot read secrets with provided project scope project:%s environment:%s secret-path:%s recursive:%t, %w", p.apiScope.ProjectSlug, p.apiScope.EnvironmentSlug, p.apiScope.SecretPath, p.apiScope.Recursive, err)
 	}
 
 	return esv1beta1.ValidationResultReady, nil

pkg/provider/infisical/provider.go

@@ -41,9 +41,10 @@ type Provider struct {
 }
 
 type InfisicalClientScope struct {
-	SecretPath      string
-	ProjectSlug     string
 	EnvironmentSlug string
+	ProjectSlug     string
+	Recursive       bool
+	SecretPath      string
 }
 
 // https://github.com/external-secrets/external-secrets/issues/644
@@ -93,9 +94,10 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore,
 		return &Provider{
 			apiClient: apiClient,
 			apiScope: &InfisicalClientScope{
-				SecretPath:      infisicalSpec.SecretsScope.SecretsPath,
-				ProjectSlug:     infisicalSpec.SecretsScope.ProjectSlug,
 				EnvironmentSlug: infisicalSpec.SecretsScope.EnvironmentSlug,
+				ProjectSlug:     infisicalSpec.SecretsScope.ProjectSlug,
+				Recursive:       infisicalSpec.SecretsScope.Recursive,
+				SecretPath:      infisicalSpec.SecretsScope.SecretsPath,
 			},
 		}, nil
 	}