Refactor/add tests for versions + new secrets

pkg/provider/aws/secretsmanager/fake/fake.go

@@ -29,10 +29,22 @@ type Client struct {
 	valFn                       map[string]func(*awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error)
 	CreateSecretWithContextFn   CreateSecretWithContextFn
 	GetSecretValueWithContextFn GetSecretValueWithContextFn
+	PutSecretValueWithContextFn PutSecretValueWithContextFn
 }
 
 type CreateSecretWithContextFn func(aws.Context, *awssm.CreateSecretInput, ...request.Option) (*awssm.CreateSecretOutput, error)
 type GetSecretValueWithContextFn func(aws.Context, *awssm.GetSecretValueInput, ...request.Option) (*awssm.GetSecretValueOutput, error)
+type PutSecretValueWithContextFn func(aws.Context, *awssm.PutSecretValueInput, ...request.Option) (*awssm.PutSecretValueOutput, error)
+
+func (sm Client) CreateSecretWithContext(ctx aws.Context, input *awssm.CreateSecretInput, options ...request.Option) (*awssm.CreateSecretOutput, error) {
+	return sm.CreateSecretWithContextFn(ctx, input, options...)
+}
+
+func NewCreateSecretWithContextFn(output *awssm.CreateSecretOutput, err error) CreateSecretWithContextFn {
+	return func(ctx aws.Context, input *awssm.CreateSecretInput, options ...request.Option) (*awssm.CreateSecretOutput, error) {
+		return output, err
+	}
+}
 
 func (sm Client) GetSecretValueWithContext(ctx aws.Context, input *awssm.GetSecretValueInput, options ...request.Option) (*awssm.GetSecretValueOutput, error) {
 	return sm.GetSecretValueWithContextFn(ctx, input, options...)
@@ -44,12 +56,12 @@ func NewGetSecretValueWithContextFn(output *awssm.GetSecretValueOutput, err erro
 	}
 }
 
-func (sm Client) CreateSecretWithContext(ctx aws.Context, input *awssm.CreateSecretInput, options ...request.Option) (*awssm.CreateSecretOutput, error) {
-	return sm.CreateSecretWithContextFn(ctx, input, options...)
+func (sm Client) PutSecretValueWithContext(ctx aws.Context, input *awssm.PutSecretValueInput, options ...request.Option) (*awssm.PutSecretValueOutput, error) {
+	return sm.PutSecretValueWithContextFn(ctx, input, options...)
 }
 
-func NewCreateSecretWithContextFn(output *awssm.CreateSecretOutput, err error) CreateSecretWithContextFn {
-	return func(ctx aws.Context, input *awssm.CreateSecretInput, options ...request.Option) (*awssm.CreateSecretOutput, error) {
+func NewPutSecretValueWithContextFn(output *awssm.PutSecretValueOutput, err error) PutSecretValueWithContextFn {
+	return func(aws.Context, *awssm.PutSecretValueInput, ...request.Option) (*awssm.PutSecretValueOutput, error) {
 		return output, err
 	}
 }

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -110,11 +110,6 @@ func (sm *SecretsManager) fetch(_ context.Context, ref esv1beta1.ExternalSecretD
 	return secretOut, nil
 }
 
-type RequestFailure interface {
-	StatusCode() int
-	RequestID() string
-}
-
 func (sm *SecretsManager) SetSecret(ctx context.Context, value []byte, remoteRef esv1beta1.PushRemoteRef) error {
 	secretName := remoteRef.GetRemoteKey()
 	secretRequest := awssm.CreateSecretInput{
@@ -127,11 +122,10 @@ func (sm *SecretsManager) SetSecret(ctx context.Context, value []byte, remoteRef
 	}
 
 	awsSecret, err := sm.client.GetSecretValueWithContext(ctx, &secretValue)
-	fmt.Println(awsSecret)
 
 	if awsSecret != nil && reflect.DeepEqual(awsSecret.SecretBinary, secretRequest.SecretBinary) {
 		return nil
-	} else {
+	} else if awsSecret.ARN != nil {
 		input := &awssm.PutSecretValueInput{
 			SecretId:     awsSecret.ARN,
 			SecretBinary: value,
@@ -140,8 +134,8 @@ func (sm *SecretsManager) SetSecret(ctx context.Context, value []byte, remoteRef
 		if err != nil {
 			return err
 		}
-
 	}
+
 	var aerr awserr.Error
 	if ok := errors.As(err, &aerr); ok {
 		if aerr.Code() != awssm.ErrCodeResourceNotFoundException {

pkg/provider/aws/secretsmanager/secretsmanager_test.go

@@ -329,35 +329,30 @@ func (f fakeRef) GetRemoteKey() string {
 }
 
 func TestSetSecret(t *testing.T) {
-	secretName := "fake-key"
 	secretValue := []byte("fake-value")
 	noPermission := errors.New("no permission")
-	versionID := "384898A7-A5AE-4775-A08D-B417B059ED11"
-	versionStages := "AWSCURRENT"
-	versionOutput := []*string{&versionStages}
+	arn := "arn:aws:secretsmanager:us-east-1:702902267788:secret:foo-bar5-Robbgh"
+
+	getSecretCorrectErr := awssm.ResourceNotFoundException{}
+	getSecretWrongErr := awssm.InvalidRequestException{}
 
 	secretOutput := &awssm.CreateSecretOutput{
-		Name: &secretName,
+		ARN: &arn,
 	}
 
 	secretValueOutput := &awssm.GetSecretValueOutput{
-		Name:          &secretName,
-		VersionId:     &versionID,
-		VersionStages: versionOutput,
+		ARN: &arn,
 	}
 
 	secretValueOutput2 := &awssm.GetSecretValueOutput{
-		Name:          &secretName,
-		VersionId:     &versionID,
-		VersionStages: versionOutput,
-		SecretBinary:  secretValue,
+		ARN:          &arn,
+		SecretBinary: secretValue,
 	}
 
-	notFoundErr := &awssm.ResourceExistsException{
-		RespMetadata: protocol.ResponseMetadata{
-			StatusCode: 400,
-			RequestID:  secretName,
-		},
+	blankSecretValueOutput := &awssm.GetSecretValueOutput{}
+
+	putSecretOutput := &awssm.PutSecretValueOutput{
+		ARN: &arn,
 	}
 
 	type args struct {
@@ -380,6 +375,7 @@ func TestSetSecret(t *testing.T) {
 				client: fakesm.Client{
 					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(secretValueOutput, nil),
 					CreateSecretWithContextFn:   fakesm.NewCreateSecretWithContextFn(secretOutput, nil),
+					PutSecretValueWithContextFn: fakesm.NewPutSecretValueWithContextFn(putSecretOutput, nil),
 				},
 			},
 			want: want{
@@ -391,7 +387,7 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
-					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(nil, notFoundErr),
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(blankSecretValueOutput, &getSecretCorrectErr),
 					CreateSecretWithContextFn:   fakesm.NewCreateSecretWithContextFn(secretOutput, nil),
 				},
 			},
@@ -406,6 +402,7 @@ func TestSetSecret(t *testing.T) {
 				client: fakesm.Client{
 					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(secretValueOutput, nil),
 					CreateSecretWithContextFn:   fakesm.NewCreateSecretWithContextFn(nil, noPermission),
+					PutSecretValueWithContextFn: fakesm.NewPutSecretValueWithContextFn(putSecretOutput, nil),
 				},
 			},
 			want: want{
@@ -417,7 +414,7 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
-					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(nil, noPermission),
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(blankSecretValueOutput, noPermission),
 				},
 			},
 			want: want{
@@ -436,6 +433,31 @@ func TestSetSecret(t *testing.T) {
 				err: nil,
 			},
 		},
+		"SetSecretPutSecretValueFails": {
+			reason: "PutSecretValueWithContext returns an error if it fails",
+			args: args{
+				store: makeValidSecretStore().Spec.Provider.AWS,
+				client: fakesm.Client{
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(secretValueOutput, nil),
+					PutSecretValueWithContextFn: fakesm.NewPutSecretValueWithContextFn(nil, noPermission),
+				},
+			},
+			want: want{
+				err: noPermission,
+			},
+		},
+		"SetSecretWrongGetSecretErrFails": {
+			reason: "GetSecretValueWithContext errors out when anything except awssm.ErrCodeResourceNotFoundException",
+			args: args{
+				store: makeValidSecretStore().Spec.Provider.AWS,
+				client: fakesm.Client{
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(blankSecretValueOutput, &getSecretWrongErr),
+				},
+			},
+			want: want{
+				err: &getSecretWrongErr,
+			},
+		},
 	}
 
 	for name, tc := range tests {