fix: fail helm install if ClusterPushSecrets processing is enabled but PushSecrets processing is disabled. (#4896)

Signed-off-by: Thomas D. Spear <thomas.spear@wcgclinical.com>
Co-authored-by: Thomas D. Spear <thomas.spear@wcgclinical.com>
Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

deploy/charts/external-secrets/templates/_helpers.tpl

@@ -219,3 +219,12 @@ Render the securityContext based on the provided securityContext
 {{- end -}}
 {{- omit $adaptedContext "enabled" | toYaml -}}
 {{- end -}}
+
+{{/*
+Fail the install if a cluster scoped reconciler is enabled while its namespace scoped counterpart is disabled
+*/}}
+{{- define "external-secrets.reconciler-sanity-test" -}}
+{{- if and (not .Values.processPushSecret) .Values.processClusterPushSecret -}}
+  {{- fail "You have disabled processing of PushSecrets but not ClusterPushSecrets. This is an invalid configuration. ClusterPushSecret processing depends on processing of PushSecrets. Please either enable processing of PushSecrets, or disable processing of ClusterPushSecrets." }}
+{{- end -}}
+{{- end -}}

deploy/charts/external-secrets/templates/deployment.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.createOperator }}
+{{- include "external-secrets.reconciler-sanity-test" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata: