Просмотр исходного кода

SetSecret creates new version, checks label is external-secrets

Refactored testing for SetSecret

Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Co-authored-by: William Young <will.young@engineerbetter.com>
Adrienne Galloway 4 лет назад
Родитель
Сommit
16a48ef575

+ 102 - 0
apis/externalsecrets/v1beta1/fakes/pushremoteref.go

@@ -0,0 +1,102 @@
+// Code generated by counterfeiter. DO NOT EDIT.
+package fakes
+
+import (
+	"sync"
+
+	"github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
+)
+
+type PushRemoteRef struct {
+	GetRemoteKeyStub        func() string
+	getRemoteKeyMutex       sync.RWMutex
+	getRemoteKeyArgsForCall []struct {
+	}
+	getRemoteKeyReturns struct {
+		result1 string
+	}
+	getRemoteKeyReturnsOnCall map[int]struct {
+		result1 string
+	}
+	invocations      map[string][][]interface{}
+	invocationsMutex sync.RWMutex
+}
+
+func (fake *PushRemoteRef) GetRemoteKey() string {
+	fake.getRemoteKeyMutex.Lock()
+	ret, specificReturn := fake.getRemoteKeyReturnsOnCall[len(fake.getRemoteKeyArgsForCall)]
+	fake.getRemoteKeyArgsForCall = append(fake.getRemoteKeyArgsForCall, struct {
+	}{})
+	stub := fake.GetRemoteKeyStub
+	fakeReturns := fake.getRemoteKeyReturns
+	fake.recordInvocation("GetRemoteKey", []interface{}{})
+	fake.getRemoteKeyMutex.Unlock()
+	if stub != nil {
+		return stub()
+	}
+	if specificReturn {
+		return ret.result1
+	}
+	return fakeReturns.result1
+}
+
+func (fake *PushRemoteRef) GetRemoteKeyCallCount() int {
+	fake.getRemoteKeyMutex.RLock()
+	defer fake.getRemoteKeyMutex.RUnlock()
+	return len(fake.getRemoteKeyArgsForCall)
+}
+
+func (fake *PushRemoteRef) GetRemoteKeyCalls(stub func() string) {
+	fake.getRemoteKeyMutex.Lock()
+	defer fake.getRemoteKeyMutex.Unlock()
+	fake.GetRemoteKeyStub = stub
+}
+
+func (fake *PushRemoteRef) GetRemoteKeyReturns(result1 string) {
+	fake.getRemoteKeyMutex.Lock()
+	defer fake.getRemoteKeyMutex.Unlock()
+	fake.GetRemoteKeyStub = nil
+	fake.getRemoteKeyReturns = struct {
+		result1 string
+	}{result1}
+}
+
+func (fake *PushRemoteRef) GetRemoteKeyReturnsOnCall(i int, result1 string) {
+	fake.getRemoteKeyMutex.Lock()
+	defer fake.getRemoteKeyMutex.Unlock()
+	fake.GetRemoteKeyStub = nil
+	if fake.getRemoteKeyReturnsOnCall == nil {
+		fake.getRemoteKeyReturnsOnCall = make(map[int]struct {
+			result1 string
+		})
+	}
+	fake.getRemoteKeyReturnsOnCall[i] = struct {
+		result1 string
+	}{result1}
+}
+
+func (fake *PushRemoteRef) Invocations() map[string][][]interface{} {
+	fake.invocationsMutex.RLock()
+	defer fake.invocationsMutex.RUnlock()
+	fake.getRemoteKeyMutex.RLock()
+	defer fake.getRemoteKeyMutex.RUnlock()
+	copiedInvocations := map[string][][]interface{}{}
+	for key, value := range fake.invocations {
+		copiedInvocations[key] = value
+	}
+	return copiedInvocations
+}
+
+func (fake *PushRemoteRef) recordInvocation(key string, args []interface{}) {
+	fake.invocationsMutex.Lock()
+	defer fake.invocationsMutex.Unlock()
+	if fake.invocations == nil {
+		fake.invocations = map[string][][]interface{}{}
+	}
+	if fake.invocations[key] == nil {
+		fake.invocations[key] = [][]interface{}{}
+	}
+	fake.invocations[key] = append(fake.invocations[key], args)
+}
+
+var _ v1beta1.PushRemoteRef = new(PushRemoteRef)

+ 10 - 0
pkg/provider/gcp/secretmanager/fake/fake.go

@@ -33,6 +33,10 @@ type MockSMClient struct {
 	closeFn        func() error
 }
 
+func (mc *MockSMClient) GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) {
+	return nil, nil
+}
+
 func (mc *MockSMClient) AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error) {
 	return mc.accessSecretFn(ctx, req)
 }
@@ -113,6 +117,12 @@ func (mc *MockSMClient) DefaultAccessSecretVersion(wantedVersionName string) {
 	}
 }
 
+func (mc *MockSMClient) AccessSecretVersionWithError(err error) {
+	mc.accessSecretFn = func(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error) {
+		return nil, err
+	}
+}
+
 // TODO: func (mc...) DefaultAccessSecretVersion (similar to above)
 
 func (mc *MockSMClient) WithValue(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, val *secretmanagerpb.AccessSecretVersionResponse, err error) {

+ 516 - 0
pkg/provider/gcp/secretmanager/internal/fakes/client.go

@@ -0,0 +1,516 @@
+// Code generated by counterfeiter. DO NOT EDIT.
+package fakes
+
+import (
+	"context"
+	"sync"
+
+	secretmanagerb "cloud.google.com/go/secretmanager/apiv1"
+	"github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager"
+	gax "github.com/googleapis/gax-go/v2"
+	secretmanagera "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
+)
+
+type GoogleSecretManagerClient struct {
+	AccessSecretVersionStub        func(context.Context, *secretmanagera.AccessSecretVersionRequest, ...gax.CallOption) (*secretmanagera.AccessSecretVersionResponse, error)
+	accessSecretVersionMutex       sync.RWMutex
+	accessSecretVersionArgsForCall []struct {
+		arg1 context.Context
+		arg2 *secretmanagera.AccessSecretVersionRequest
+		arg3 []gax.CallOption
+	}
+	accessSecretVersionReturns struct {
+		result1 *secretmanagera.AccessSecretVersionResponse
+		result2 error
+	}
+	accessSecretVersionReturnsOnCall map[int]struct {
+		result1 *secretmanagera.AccessSecretVersionResponse
+		result2 error
+	}
+	AddSecretVersionStub        func(context.Context, *secretmanagera.AddSecretVersionRequest, ...gax.CallOption) (*secretmanagera.SecretVersion, error)
+	addSecretVersionMutex       sync.RWMutex
+	addSecretVersionArgsForCall []struct {
+		arg1 context.Context
+		arg2 *secretmanagera.AddSecretVersionRequest
+		arg3 []gax.CallOption
+	}
+	addSecretVersionReturns struct {
+		result1 *secretmanagera.SecretVersion
+		result2 error
+	}
+	addSecretVersionReturnsOnCall map[int]struct {
+		result1 *secretmanagera.SecretVersion
+		result2 error
+	}
+	CloseStub        func() error
+	closeMutex       sync.RWMutex
+	closeArgsForCall []struct {
+	}
+	closeReturns struct {
+		result1 error
+	}
+	closeReturnsOnCall map[int]struct {
+		result1 error
+	}
+	CreateSecretStub        func(context.Context, *secretmanagera.CreateSecretRequest, ...gax.CallOption) (*secretmanagera.Secret, error)
+	createSecretMutex       sync.RWMutex
+	createSecretArgsForCall []struct {
+		arg1 context.Context
+		arg2 *secretmanagera.CreateSecretRequest
+		arg3 []gax.CallOption
+	}
+	createSecretReturns struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}
+	createSecretReturnsOnCall map[int]struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}
+	GetSecretStub        func(context.Context, *secretmanagera.GetSecretRequest, ...gax.CallOption) (*secretmanagera.Secret, error)
+	getSecretMutex       sync.RWMutex
+	getSecretArgsForCall []struct {
+		arg1 context.Context
+		arg2 *secretmanagera.GetSecretRequest
+		arg3 []gax.CallOption
+	}
+	getSecretReturns struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}
+	getSecretReturnsOnCall map[int]struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}
+	ListSecretsStub        func(context.Context, *secretmanagera.ListSecretsRequest, ...gax.CallOption) *secretmanagerb.SecretIterator
+	listSecretsMutex       sync.RWMutex
+	listSecretsArgsForCall []struct {
+		arg1 context.Context
+		arg2 *secretmanagera.ListSecretsRequest
+		arg3 []gax.CallOption
+	}
+	listSecretsReturns struct {
+		result1 *secretmanagerb.SecretIterator
+	}
+	listSecretsReturnsOnCall map[int]struct {
+		result1 *secretmanagerb.SecretIterator
+	}
+	invocations      map[string][][]interface{}
+	invocationsMutex sync.RWMutex
+}
+
+func (fake *GoogleSecretManagerClient) AccessSecretVersion(arg1 context.Context, arg2 *secretmanagera.AccessSecretVersionRequest, arg3 ...gax.CallOption) (*secretmanagera.AccessSecretVersionResponse, error) {
+	fake.accessSecretVersionMutex.Lock()
+	ret, specificReturn := fake.accessSecretVersionReturnsOnCall[len(fake.accessSecretVersionArgsForCall)]
+	fake.accessSecretVersionArgsForCall = append(fake.accessSecretVersionArgsForCall, struct {
+		arg1 context.Context
+		arg2 *secretmanagera.AccessSecretVersionRequest
+		arg3 []gax.CallOption
+	}{arg1, arg2, arg3})
+	stub := fake.AccessSecretVersionStub
+	fakeReturns := fake.accessSecretVersionReturns
+	fake.recordInvocation("AccessSecretVersion", []interface{}{arg1, arg2, arg3})
+	fake.accessSecretVersionMutex.Unlock()
+	if stub != nil {
+		return stub(arg1, arg2, arg3...)
+	}
+	if specificReturn {
+		return ret.result1, ret.result2
+	}
+	return fakeReturns.result1, fakeReturns.result2
+}
+
+func (fake *GoogleSecretManagerClient) AccessSecretVersionCallCount() int {
+	fake.accessSecretVersionMutex.RLock()
+	defer fake.accessSecretVersionMutex.RUnlock()
+	return len(fake.accessSecretVersionArgsForCall)
+}
+
+func (fake *GoogleSecretManagerClient) AccessSecretVersionCalls(stub func(context.Context, *secretmanagera.AccessSecretVersionRequest, ...gax.CallOption) (*secretmanagera.AccessSecretVersionResponse, error)) {
+	fake.accessSecretVersionMutex.Lock()
+	defer fake.accessSecretVersionMutex.Unlock()
+	fake.AccessSecretVersionStub = stub
+}
+
+func (fake *GoogleSecretManagerClient) AccessSecretVersionArgsForCall(i int) (context.Context, *secretmanagera.AccessSecretVersionRequest, []gax.CallOption) {
+	fake.accessSecretVersionMutex.RLock()
+	defer fake.accessSecretVersionMutex.RUnlock()
+	argsForCall := fake.accessSecretVersionArgsForCall[i]
+	return argsForCall.arg1, argsForCall.arg2, argsForCall.arg3
+}
+
+func (fake *GoogleSecretManagerClient) AccessSecretVersionReturns(result1 *secretmanagera.AccessSecretVersionResponse, result2 error) {
+	fake.accessSecretVersionMutex.Lock()
+	defer fake.accessSecretVersionMutex.Unlock()
+	fake.AccessSecretVersionStub = nil
+	fake.accessSecretVersionReturns = struct {
+		result1 *secretmanagera.AccessSecretVersionResponse
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) AccessSecretVersionReturnsOnCall(i int, result1 *secretmanagera.AccessSecretVersionResponse, result2 error) {
+	fake.accessSecretVersionMutex.Lock()
+	defer fake.accessSecretVersionMutex.Unlock()
+	fake.AccessSecretVersionStub = nil
+	if fake.accessSecretVersionReturnsOnCall == nil {
+		fake.accessSecretVersionReturnsOnCall = make(map[int]struct {
+			result1 *secretmanagera.AccessSecretVersionResponse
+			result2 error
+		})
+	}
+	fake.accessSecretVersionReturnsOnCall[i] = struct {
+		result1 *secretmanagera.AccessSecretVersionResponse
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) AddSecretVersion(arg1 context.Context, arg2 *secretmanagera.AddSecretVersionRequest, arg3 ...gax.CallOption) (*secretmanagera.SecretVersion, error) {
+	fake.addSecretVersionMutex.Lock()
+	ret, specificReturn := fake.addSecretVersionReturnsOnCall[len(fake.addSecretVersionArgsForCall)]
+	fake.addSecretVersionArgsForCall = append(fake.addSecretVersionArgsForCall, struct {
+		arg1 context.Context
+		arg2 *secretmanagera.AddSecretVersionRequest
+		arg3 []gax.CallOption
+	}{arg1, arg2, arg3})
+	stub := fake.AddSecretVersionStub
+	fakeReturns := fake.addSecretVersionReturns
+	fake.recordInvocation("AddSecretVersion", []interface{}{arg1, arg2, arg3})
+	fake.addSecretVersionMutex.Unlock()
+	if stub != nil {
+		return stub(arg1, arg2, arg3...)
+	}
+	if specificReturn {
+		return ret.result1, ret.result2
+	}
+	return fakeReturns.result1, fakeReturns.result2
+}
+
+func (fake *GoogleSecretManagerClient) AddSecretVersionCallCount() int {
+	fake.addSecretVersionMutex.RLock()
+	defer fake.addSecretVersionMutex.RUnlock()
+	return len(fake.addSecretVersionArgsForCall)
+}
+
+func (fake *GoogleSecretManagerClient) AddSecretVersionCalls(stub func(context.Context, *secretmanagera.AddSecretVersionRequest, ...gax.CallOption) (*secretmanagera.SecretVersion, error)) {
+	fake.addSecretVersionMutex.Lock()
+	defer fake.addSecretVersionMutex.Unlock()
+	fake.AddSecretVersionStub = stub
+}
+
+func (fake *GoogleSecretManagerClient) AddSecretVersionArgsForCall(i int) (context.Context, *secretmanagera.AddSecretVersionRequest, []gax.CallOption) {
+	fake.addSecretVersionMutex.RLock()
+	defer fake.addSecretVersionMutex.RUnlock()
+	argsForCall := fake.addSecretVersionArgsForCall[i]
+	return argsForCall.arg1, argsForCall.arg2, argsForCall.arg3
+}
+
+func (fake *GoogleSecretManagerClient) AddSecretVersionReturns(result1 *secretmanagera.SecretVersion, result2 error) {
+	fake.addSecretVersionMutex.Lock()
+	defer fake.addSecretVersionMutex.Unlock()
+	fake.AddSecretVersionStub = nil
+	fake.addSecretVersionReturns = struct {
+		result1 *secretmanagera.SecretVersion
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) AddSecretVersionReturnsOnCall(i int, result1 *secretmanagera.SecretVersion, result2 error) {
+	fake.addSecretVersionMutex.Lock()
+	defer fake.addSecretVersionMutex.Unlock()
+	fake.AddSecretVersionStub = nil
+	if fake.addSecretVersionReturnsOnCall == nil {
+		fake.addSecretVersionReturnsOnCall = make(map[int]struct {
+			result1 *secretmanagera.SecretVersion
+			result2 error
+		})
+	}
+	fake.addSecretVersionReturnsOnCall[i] = struct {
+		result1 *secretmanagera.SecretVersion
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) Close() error {
+	fake.closeMutex.Lock()
+	ret, specificReturn := fake.closeReturnsOnCall[len(fake.closeArgsForCall)]
+	fake.closeArgsForCall = append(fake.closeArgsForCall, struct {
+	}{})
+	stub := fake.CloseStub
+	fakeReturns := fake.closeReturns
+	fake.recordInvocation("Close", []interface{}{})
+	fake.closeMutex.Unlock()
+	if stub != nil {
+		return stub()
+	}
+	if specificReturn {
+		return ret.result1
+	}
+	return fakeReturns.result1
+}
+
+func (fake *GoogleSecretManagerClient) CloseCallCount() int {
+	fake.closeMutex.RLock()
+	defer fake.closeMutex.RUnlock()
+	return len(fake.closeArgsForCall)
+}
+
+func (fake *GoogleSecretManagerClient) CloseCalls(stub func() error) {
+	fake.closeMutex.Lock()
+	defer fake.closeMutex.Unlock()
+	fake.CloseStub = stub
+}
+
+func (fake *GoogleSecretManagerClient) CloseReturns(result1 error) {
+	fake.closeMutex.Lock()
+	defer fake.closeMutex.Unlock()
+	fake.CloseStub = nil
+	fake.closeReturns = struct {
+		result1 error
+	}{result1}
+}
+
+func (fake *GoogleSecretManagerClient) CloseReturnsOnCall(i int, result1 error) {
+	fake.closeMutex.Lock()
+	defer fake.closeMutex.Unlock()
+	fake.CloseStub = nil
+	if fake.closeReturnsOnCall == nil {
+		fake.closeReturnsOnCall = make(map[int]struct {
+			result1 error
+		})
+	}
+	fake.closeReturnsOnCall[i] = struct {
+		result1 error
+	}{result1}
+}
+
+func (fake *GoogleSecretManagerClient) CreateSecret(arg1 context.Context, arg2 *secretmanagera.CreateSecretRequest, arg3 ...gax.CallOption) (*secretmanagera.Secret, error) {
+	fake.createSecretMutex.Lock()
+	ret, specificReturn := fake.createSecretReturnsOnCall[len(fake.createSecretArgsForCall)]
+	fake.createSecretArgsForCall = append(fake.createSecretArgsForCall, struct {
+		arg1 context.Context
+		arg2 *secretmanagera.CreateSecretRequest
+		arg3 []gax.CallOption
+	}{arg1, arg2, arg3})
+	stub := fake.CreateSecretStub
+	fakeReturns := fake.createSecretReturns
+	fake.recordInvocation("CreateSecret", []interface{}{arg1, arg2, arg3})
+	fake.createSecretMutex.Unlock()
+	if stub != nil {
+		return stub(arg1, arg2, arg3...)
+	}
+	if specificReturn {
+		return ret.result1, ret.result2
+	}
+	return fakeReturns.result1, fakeReturns.result2
+}
+
+func (fake *GoogleSecretManagerClient) CreateSecretCallCount() int {
+	fake.createSecretMutex.RLock()
+	defer fake.createSecretMutex.RUnlock()
+	return len(fake.createSecretArgsForCall)
+}
+
+func (fake *GoogleSecretManagerClient) CreateSecretCalls(stub func(context.Context, *secretmanagera.CreateSecretRequest, ...gax.CallOption) (*secretmanagera.Secret, error)) {
+	fake.createSecretMutex.Lock()
+	defer fake.createSecretMutex.Unlock()
+	fake.CreateSecretStub = stub
+}
+
+func (fake *GoogleSecretManagerClient) CreateSecretArgsForCall(i int) (context.Context, *secretmanagera.CreateSecretRequest, []gax.CallOption) {
+	fake.createSecretMutex.RLock()
+	defer fake.createSecretMutex.RUnlock()
+	argsForCall := fake.createSecretArgsForCall[i]
+	return argsForCall.arg1, argsForCall.arg2, argsForCall.arg3
+}
+
+func (fake *GoogleSecretManagerClient) CreateSecretReturns(result1 *secretmanagera.Secret, result2 error) {
+	fake.createSecretMutex.Lock()
+	defer fake.createSecretMutex.Unlock()
+	fake.CreateSecretStub = nil
+	fake.createSecretReturns = struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) CreateSecretReturnsOnCall(i int, result1 *secretmanagera.Secret, result2 error) {
+	fake.createSecretMutex.Lock()
+	defer fake.createSecretMutex.Unlock()
+	fake.CreateSecretStub = nil
+	if fake.createSecretReturnsOnCall == nil {
+		fake.createSecretReturnsOnCall = make(map[int]struct {
+			result1 *secretmanagera.Secret
+			result2 error
+		})
+	}
+	fake.createSecretReturnsOnCall[i] = struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) GetSecret(arg1 context.Context, arg2 *secretmanagera.GetSecretRequest, arg3 ...gax.CallOption) (*secretmanagera.Secret, error) {
+	fake.getSecretMutex.Lock()
+	ret, specificReturn := fake.getSecretReturnsOnCall[len(fake.getSecretArgsForCall)]
+	fake.getSecretArgsForCall = append(fake.getSecretArgsForCall, struct {
+		arg1 context.Context
+		arg2 *secretmanagera.GetSecretRequest
+		arg3 []gax.CallOption
+	}{arg1, arg2, arg3})
+	stub := fake.GetSecretStub
+	fakeReturns := fake.getSecretReturns
+	fake.recordInvocation("GetSecret", []interface{}{arg1, arg2, arg3})
+	fake.getSecretMutex.Unlock()
+	if stub != nil {
+		return stub(arg1, arg2, arg3...)
+	}
+	if specificReturn {
+		return ret.result1, ret.result2
+	}
+	return fakeReturns.result1, fakeReturns.result2
+}
+
+func (fake *GoogleSecretManagerClient) GetSecretCallCount() int {
+	fake.getSecretMutex.RLock()
+	defer fake.getSecretMutex.RUnlock()
+	return len(fake.getSecretArgsForCall)
+}
+
+func (fake *GoogleSecretManagerClient) GetSecretCalls(stub func(context.Context, *secretmanagera.GetSecretRequest, ...gax.CallOption) (*secretmanagera.Secret, error)) {
+	fake.getSecretMutex.Lock()
+	defer fake.getSecretMutex.Unlock()
+	fake.GetSecretStub = stub
+}
+
+func (fake *GoogleSecretManagerClient) GetSecretArgsForCall(i int) (context.Context, *secretmanagera.GetSecretRequest, []gax.CallOption) {
+	fake.getSecretMutex.RLock()
+	defer fake.getSecretMutex.RUnlock()
+	argsForCall := fake.getSecretArgsForCall[i]
+	return argsForCall.arg1, argsForCall.arg2, argsForCall.arg3
+}
+
+func (fake *GoogleSecretManagerClient) GetSecretReturns(result1 *secretmanagera.Secret, result2 error) {
+	fake.getSecretMutex.Lock()
+	defer fake.getSecretMutex.Unlock()
+	fake.GetSecretStub = nil
+	fake.getSecretReturns = struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) GetSecretReturnsOnCall(i int, result1 *secretmanagera.Secret, result2 error) {
+	fake.getSecretMutex.Lock()
+	defer fake.getSecretMutex.Unlock()
+	fake.GetSecretStub = nil
+	if fake.getSecretReturnsOnCall == nil {
+		fake.getSecretReturnsOnCall = make(map[int]struct {
+			result1 *secretmanagera.Secret
+			result2 error
+		})
+	}
+	fake.getSecretReturnsOnCall[i] = struct {
+		result1 *secretmanagera.Secret
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *GoogleSecretManagerClient) ListSecrets(arg1 context.Context, arg2 *secretmanagera.ListSecretsRequest, arg3 ...gax.CallOption) *secretmanagerb.SecretIterator {
+	fake.listSecretsMutex.Lock()
+	ret, specificReturn := fake.listSecretsReturnsOnCall[len(fake.listSecretsArgsForCall)]
+	fake.listSecretsArgsForCall = append(fake.listSecretsArgsForCall, struct {
+		arg1 context.Context
+		arg2 *secretmanagera.ListSecretsRequest
+		arg3 []gax.CallOption
+	}{arg1, arg2, arg3})
+	stub := fake.ListSecretsStub
+	fakeReturns := fake.listSecretsReturns
+	fake.recordInvocation("ListSecrets", []interface{}{arg1, arg2, arg3})
+	fake.listSecretsMutex.Unlock()
+	if stub != nil {
+		return stub(arg1, arg2, arg3...)
+	}
+	if specificReturn {
+		return ret.result1
+	}
+	return fakeReturns.result1
+}
+
+func (fake *GoogleSecretManagerClient) ListSecretsCallCount() int {
+	fake.listSecretsMutex.RLock()
+	defer fake.listSecretsMutex.RUnlock()
+	return len(fake.listSecretsArgsForCall)
+}
+
+func (fake *GoogleSecretManagerClient) ListSecretsCalls(stub func(context.Context, *secretmanagera.ListSecretsRequest, ...gax.CallOption) *secretmanagerb.SecretIterator) {
+	fake.listSecretsMutex.Lock()
+	defer fake.listSecretsMutex.Unlock()
+	fake.ListSecretsStub = stub
+}
+
+func (fake *GoogleSecretManagerClient) ListSecretsArgsForCall(i int) (context.Context, *secretmanagera.ListSecretsRequest, []gax.CallOption) {
+	fake.listSecretsMutex.RLock()
+	defer fake.listSecretsMutex.RUnlock()
+	argsForCall := fake.listSecretsArgsForCall[i]
+	return argsForCall.arg1, argsForCall.arg2, argsForCall.arg3
+}
+
+func (fake *GoogleSecretManagerClient) ListSecretsReturns(result1 *secretmanagerb.SecretIterator) {
+	fake.listSecretsMutex.Lock()
+	defer fake.listSecretsMutex.Unlock()
+	fake.ListSecretsStub = nil
+	fake.listSecretsReturns = struct {
+		result1 *secretmanagerb.SecretIterator
+	}{result1}
+}
+
+func (fake *GoogleSecretManagerClient) ListSecretsReturnsOnCall(i int, result1 *secretmanagerb.SecretIterator) {
+	fake.listSecretsMutex.Lock()
+	defer fake.listSecretsMutex.Unlock()
+	fake.ListSecretsStub = nil
+	if fake.listSecretsReturnsOnCall == nil {
+		fake.listSecretsReturnsOnCall = make(map[int]struct {
+			result1 *secretmanagerb.SecretIterator
+		})
+	}
+	fake.listSecretsReturnsOnCall[i] = struct {
+		result1 *secretmanagerb.SecretIterator
+	}{result1}
+}
+
+func (fake *GoogleSecretManagerClient) Invocations() map[string][][]interface{} {
+	fake.invocationsMutex.RLock()
+	defer fake.invocationsMutex.RUnlock()
+	fake.accessSecretVersionMutex.RLock()
+	defer fake.accessSecretVersionMutex.RUnlock()
+	fake.addSecretVersionMutex.RLock()
+	defer fake.addSecretVersionMutex.RUnlock()
+	fake.closeMutex.RLock()
+	defer fake.closeMutex.RUnlock()
+	fake.createSecretMutex.RLock()
+	defer fake.createSecretMutex.RUnlock()
+	fake.getSecretMutex.RLock()
+	defer fake.getSecretMutex.RUnlock()
+	fake.listSecretsMutex.RLock()
+	defer fake.listSecretsMutex.RUnlock()
+	copiedInvocations := map[string][][]interface{}{}
+	for key, value := range fake.invocations {
+		copiedInvocations[key] = value
+	}
+	return copiedInvocations
+}
+
+func (fake *GoogleSecretManagerClient) recordInvocation(key string, args []interface{}) {
+	fake.invocationsMutex.Lock()
+	defer fake.invocationsMutex.Unlock()
+	if fake.invocations == nil {
+		fake.invocations = map[string][][]interface{}{}
+	}
+	if fake.invocations[key] == nil {
+		fake.invocations[key] = [][]interface{}{}
+	}
+	fake.invocations[key] = append(fake.invocations[key], args)
+}
+
+var _ secretmanager.GoogleSecretManagerClient = new(GoogleSecretManagerClient)

+ 56 - 32
pkg/provider/gcp/secretmanager/secretsmanager.go

@@ -75,6 +75,7 @@ type GoogleSecretManagerClient interface {
 	AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error)
 	CreateSecret(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
 	Close() error
+	GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error)
 }
 
 /*
@@ -92,7 +93,7 @@ var _ esv1beta1.Provider = &ProviderGCP{}
 
 // ProviderGCP is a provider for GCP Secret Manager.
 type ProviderGCP struct {
-	projectID           string
+	ProjectID           string
 	SecretManagerClient GoogleSecretManagerClient
 	gClient             *gClient
 }
@@ -198,7 +199,7 @@ func (sm *ProviderGCP) NewClient(ctx context.Context, store esv1beta1.GenericSto
 		}
 	}()
 
-	sm.projectID = cliStore.store.ProjectID
+	sm.ProjectID = cliStore.store.ProjectID
 
 	ts, err := cliStore.getTokenSource(ctx, store, kube, namespace)
 	if err != nil {
@@ -226,9 +227,12 @@ func (sm *ProviderGCP) NewClient(ctx context.Context, store esv1beta1.GenericSto
 // funcName(variable type_of_variable, ...)
 func (sm *ProviderGCP) SetSecret(ctx context.Context, payload []byte, remoteRef esv1beta1.PushRemoteRef) error {
 	createSecretReq := &secretmanagerpb.CreateSecretRequest{
-		Parent:   fmt.Sprintf("projects/%s", sm.projectID),
+		Parent:   fmt.Sprintf("projects/%s", sm.ProjectID),
 		SecretId: remoteRef.GetRemoteKey(),
 		Secret: &secretmanagerpb.Secret{
+			Labels: map[string]string{
+				"managed-by": "external-secrets",
+			},
 			Replication: &secretmanagerpb.Replication{
 				Replication: &secretmanagerpb.Replication_Automatic_{
 					Automatic: &secretmanagerpb.Replication_Automatic{},
@@ -237,40 +241,60 @@ func (sm *ProviderGCP) SetSecret(ctx context.Context, payload []byte, remoteRef
 		},
 	}
 
-	gcpSecret, err := sm.GetSecret(ctx, esv1beta1.ExternalSecretDataRemoteRef{
-		Key: remoteRef.GetRemoteKey(),
+	var gcpSecret *secretmanagerpb.Secret
+	var err error
+
+	gcpSecret, err = sm.SecretManagerClient.GetSecret(ctx, &secretmanagerpb.GetSecretRequest{
+		Name: fmt.Sprintf("projects/%s/secrets/%s", sm.ProjectID, remoteRef.GetRemoteKey()),
 	})
 
-	gErr, ok := err.(*googleapi.Error)
+	var gErr *googleapi.Error
+
+	if errors.As(err, &gErr) {
+		if err != nil && gErr.Code == 404 {
+			gcpSecret, err = sm.SecretManagerClient.CreateSecret(ctx, createSecretReq)
+			if err != nil {
+				return err
+			}
+		}
 
-	if err != nil && ok && gErr.Code == 404 {
-		_, err := sm.SecretManagerClient.CreateSecret(ctx, createSecretReq)
 		if err != nil {
 			return err
 		}
 	}
 
-	if err != nil {
-		return err
-	}
+	manager, ok := gcpSecret.Labels["managed-by"]
 
-	if string(payload) == string(gcpSecret) {
-		return nil
+	if !ok || manager != "external-secrets" {
+		return fmt.Errorf("secret %v is not managed by external secrets", remoteRef.GetRemoteKey())
 	}
 
-	addSecretVersionReq := &secretmanagerpb.AddSecretVersionRequest{
-		Parent: fmt.Sprintf("projects/%s/secrets/%s", sm.projectID, remoteRef.GetRemoteKey()),
-		Payload: &secretmanagerpb.SecretPayload{
-			Data: payload,
-		},
-	}
+	gcpVersion, err := sm.SecretManagerClient.AccessSecretVersion(ctx, &secretmanagerpb.AccessSecretVersionRequest{
+		Name: fmt.Sprintf("projects/%s/secrets/%s/versions/latest", sm.ProjectID, remoteRef.GetRemoteKey()),
+	})
+
+	if errors.As(err, &gErr) {
+		if err != nil && gErr.Code != 404 {
+			return err
+		}
 
-	_, err = sm.SecretManagerClient.AddSecretVersion(ctx, addSecretVersionReq)
+		if gcpVersion != nil && gcpVersion.Payload != nil && string(payload) == string(gcpVersion.Payload.Data) {
+			return nil
+		}
 
-	if err != nil {
-		return err
-	}
+		addSecretVersionReq := &secretmanagerpb.AddSecretVersionRequest{
+			Parent: fmt.Sprintf("projects/%s/secrets/%s", sm.ProjectID, remoteRef.GetRemoteKey()),
+			Payload: &secretmanagerpb.SecretPayload{
+				Data: payload,
+			},
+		}
 
+		_, err = sm.SecretManagerClient.AddSecretVersion(ctx, addSecretVersionReq)
+
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }
 
@@ -292,7 +316,7 @@ func (sm *ProviderGCP) findByName(ctx context.Context, ref esv1beta1.ExternalSec
 		return nil, err
 	}
 	req := &secretmanagerpb.ListSecretsRequest{
-		Parent: fmt.Sprintf("projects/%s", sm.projectID),
+		Parent: fmt.Sprintf("projects/%s", sm.ProjectID),
 	}
 	if ref.Path != nil {
 		req.Filter = fmt.Sprintf("name:%s", *ref.Path)
@@ -350,7 +374,7 @@ func (sm *ProviderGCP) findByTags(ctx context.Context, ref esv1beta1.ExternalSec
 		tagFilter = fmt.Sprintf("%s name:%s", tagFilter, *ref.Path)
 	}
 	req := &secretmanagerpb.ListSecretsRequest{
-		Parent: fmt.Sprintf("projects/%s", sm.projectID),
+		Parent: fmt.Sprintf("projects/%s", sm.ProjectID),
 	}
 	log.V(1).Info("gcp sm findByTags", "tagFilter", tagFilter)
 	req.Filter = tagFilter
@@ -380,8 +404,8 @@ func (sm *ProviderGCP) findByTags(ctx context.Context, ref esv1beta1.ExternalSec
 }
 
 func (sm *ProviderGCP) trimName(name string) string {
-	projectIDNumuber := sm.extractProjectIDNumber(name)
-	key := strings.TrimPrefix(name, fmt.Sprintf("projects/%s/secrets/", projectIDNumuber))
+	ProjectIDNumuber := sm.extractProjectIDNumber(name)
+	key := strings.TrimPrefix(name, fmt.Sprintf("projects/%s/secrets/", ProjectIDNumuber))
 	return key
 }
 
@@ -390,13 +414,13 @@ func (sm *ProviderGCP) trimName(name string) string {
 // (and users would always use the name, while requests accept both).
 func (sm *ProviderGCP) extractProjectIDNumber(secretFullName string) string {
 	s := strings.Split(secretFullName, "/")
-	projectIDNumuber := s[1]
-	return projectIDNumuber
+	ProjectIDNumuber := s[1]
+	return ProjectIDNumuber
 }
 
 // GetSecret returns a single secret from the provider.
 func (sm *ProviderGCP) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
-	if utils.IsNil(sm.SecretManagerClient) || sm.projectID == "" {
+	if utils.IsNil(sm.SecretManagerClient) || sm.ProjectID == "" {
 		return nil, fmt.Errorf(errUninitalizedGCPProvider)
 	}
 
@@ -406,7 +430,7 @@ func (sm *ProviderGCP) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecr
 	}
 
 	req := &secretmanagerpb.AccessSecretVersionRequest{
-		Name: fmt.Sprintf("projects/%s/secrets/%s/versions/%s", sm.projectID, ref.Key, version),
+		Name: fmt.Sprintf("projects/%s/secrets/%s/versions/%s", sm.ProjectID, ref.Key, version),
 	}
 	result, err := sm.SecretManagerClient.AccessSecretVersion(ctx, req)
 	if err != nil {
@@ -442,7 +466,7 @@ func (sm *ProviderGCP) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecr
 
 // GetSecretMap returns multiple k/v pairs from the provider.
 func (sm *ProviderGCP) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
-	if sm.SecretManagerClient == nil || sm.projectID == "" {
+	if sm.SecretManagerClient == nil || sm.ProjectID == "" {
 		return nil, fmt.Errorf(errUninitalizedGCPProvider)
 	}
 

+ 71 - 40
pkg/provider/gcp/secretmanager/secretsmanager_test.go

@@ -11,7 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-package secretmanager
+package secretmanager_test
 
 import (
 	"context"
@@ -20,13 +20,17 @@ import (
 	"strings"
 	"testing"
 
+	"google.golang.org/api/googleapi"
 	secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
 	"k8s.io/utils/pointer"
 
-	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
+	// esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1".
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
+	fakeprr "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1/fakes"
 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
+	"github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager"
 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager/fake"
+	"github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager/internal/fakes"
 )
 
 type secretManagerTestCase struct {
@@ -98,7 +102,7 @@ var setAPIErr = func(smtc *secretManagerTestCase) {
 
 var setNilMockClient = func(smtc *secretManagerTestCase) {
 	smtc.mockClient = nil
-	smtc.expectError = errUninitalizedGCPProvider
+	smtc.expectError = "provider GCP is not initialized"
 }
 
 // test the sm<->gcp interface
@@ -168,9 +172,9 @@ func TestSecretManagerGetSecret(t *testing.T) {
 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
 	}
 
-	sm := ProviderGCP{}
+	sm := secretmanager.ProviderGCP{}
 	for k, v := range successCases {
-		sm.projectID = v.projectID
+		sm.ProjectID = v.projectID
 		sm.SecretManagerClient = v.mockClient
 		out, err := sm.GetSecret(context.Background(), *v.ref)
 		if !ErrorContains(err, v.expectError) {
@@ -182,46 +186,73 @@ func TestSecretManagerGetSecret(t *testing.T) {
 	}
 }
 
-func TestSecretManagerSetSecret(t *testing.T) {
-	secretManagerClient := fakesm.MockSMClient{}
-	secretManagerClient.NilClose()
-	secretManagerClient.WithValue(context.Background(), nil, nil, nil)
-	secretManagerClient.CreateSecretError()
+// func TestSecretManagerSetSecret(t *testing.T) {
+// 	secretManagerClient := fakesm.MockSMClient{}
+// 	secretManagerClient.NilClose()
+// 	secretManagerClient.WithValue(context.Background(), nil, nil, nil)
+// 	secretManagerClient.CreateSecretError()
 
-	key := "foo"
-	want := []byte("bar")
-	projectID := "default"
+// 	key := "foo"
+// 	want := []byte("bar")
+// 	projectID := "default"
 
-	wantedSecretParent := fmt.Sprintf("projects/%s", projectID)
-	wantedVersionParent := fmt.Sprintf("%s/%s", wantedSecretParent, key)
-	wantedVersion := "projects/default/secrets/foo/versions/latest"
+// 	wantedSecretParent := fmt.Sprintf("projects/%s", projectID)
+// 	wantedVersionParent := fmt.Sprintf("%s/%s", wantedSecretParent, key)
+// 	wantedVersion := "projects/default/secrets/foo/versions/latest"
 
-	p := ProviderGCP{
-		SecretManagerClient: &secretManagerClient,
-		projectID:           projectID,
-	}
-	err := p.SetSecret(context.TODO(), want, esv1alpha1.PushSecretRemoteRefs{RemoteKey: key})
-	if err == nil {
-		t.Errorf("expected err got nil from SetSecret")
-	}
+// 	p := secretmanager.ProviderGCP{
+// 		SecretManagerClient: &secretManagerClient,
+// 		ProjectID:           projectID,
+// 	}
+// 	err := p.SetSecret(context.TODO(), want, esv1alpha1.PushSecretRemoteRefs{RemoteKey: key})
+// 	if err == nil {
+// 		t.Errorf("expected err got nil from SetSecret")
+// 	}
 
-	secretManagerClient.DefaultCreateSecret(key, wantedSecretParent)
-	secretManagerClient.DefaultAddSecretVersion(string(want), wantedVersionParent, wantedVersion)
-	secretManagerClient.DefaultAccessSecretVersion(wantedVersion)
+// 	secretManagerClient.DefaultCreateSecret(key, wantedSecretParent)
+// 	secretManagerClient.DefaultAddSecretVersion(string(want), wantedVersionParent, wantedVersion)
+// 	secretManagerClient.DefaultAccessSecretVersion(wantedVersion)
 
-	err = p.SetSecret(context.TODO(), want, esv1alpha1.PushSecretRemoteRefs{RemoteKey: key})
-	if err != nil {
-		t.Errorf("expected nil got err from SetSecret: %v", err)
-	}
-	err = p.SetSecret(context.TODO(), want, esv1alpha1.PushSecretRemoteRefs{RemoteKey: "wrong"})
-	if err == nil {
-		t.Errorf("expected err got nil")
+// 	err = p.SetSecret(context.TODO(), want, esv1alpha1.PushSecretRemoteRefs{RemoteKey: key})
+// 	if err != nil {
+// 		t.Errorf("expected nil got err from SetSecret: %v", err)
+// 	}
+// 	err = p.SetSecret(context.TODO(), want, esv1alpha1.PushSecretRemoteRefs{RemoteKey: "wrong"})
+// 	if err == nil {
+// 		t.Errorf("expected err got nil")
+// 	}
+// 	err = p.SetSecret(context.TODO(), []byte("potato"), esv1alpha1.PushSecretRemoteRefs{RemoteKey: key})
+// 	if err == nil {
+// 		t.Errorf("expected err got nil")
+// 	}
+// }
+
+func TestSecretManagerSecretNotFound(t *testing.T) {
+	client := new(fakes.GoogleSecretManagerClient)
+	pushRemoteRef := new(fakeprr.PushRemoteRef)
+
+	projectID := "default"
+
+	p := secretmanager.ProviderGCP{
+		SecretManagerClient: client,
+		ProjectID:           projectID,
 	}
-	err = p.SetSecret(context.TODO(), []byte("potato"), esv1alpha1.PushSecretRemoteRefs{RemoteKey: key})
-	if err == nil {
-		t.Errorf("expected err got nil")
+
+	client.AccessSecretVersionReturns(nil, &googleapi.Error{Code: 404})
+	pushRemoteRef.GetRemoteKeyReturns("foo-bar")
+	client.GetSecretReturns(nil, &googleapi.Error{Code: 404})
+	client.CreateSecretReturns(&secretmanagerpb.Secret{
+		Labels: map[string]string{
+			"managed-by": "external-secrets",
+		},
+	}, nil)
+
+	p.SetSecret(context.Background(), nil, pushRemoteRef)
+	if client.CreateSecretCallCount() != 1 {
+		t.Error("expected CreateSecret to be called")
 	}
 }
+
 func TestGetSecretMap(t *testing.T) {
 	// good case: default version & deserialization
 	setDeserialization := func(smtc *secretManagerTestCase) {
@@ -250,9 +281,9 @@ func TestGetSecretMap(t *testing.T) {
 		makeValidSecretManagerTestCaseCustom(setNestedJSON),
 	}
 
-	sm := ProviderGCP{}
+	sm := secretmanager.ProviderGCP{}
 	for k, v := range successCases {
-		sm.projectID = v.projectID
+		sm.ProjectID = v.projectID
 		sm.SecretManagerClient = v.mockClient
 		out, err := sm.GetSecretMap(context.Background(), *v.ref)
 		if !ErrorContains(err, v.expectError) {
@@ -319,7 +350,7 @@ func TestValidateStore(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			sm := &ProviderGCP{}
+			sm := &secretmanager.ProviderGCP{}
 			store := &esv1beta1.SecretStore{
 				Spec: esv1beta1.SecretStoreSpec{
 					Provider: &esv1beta1.SecretStoreProvider{