:sparkles: webhook provider: support DeletionPolicy=Delete (external-secrets#1… (#2066)

* feat: DeletionPolicy support for webhook provider (external-secrets#1958)

Signed-off-by: ArtificialQualia <kendall.masse@gmail.com>

* add note to webhook provider docs about deletionPolicy

Signed-off-by: ArtificialQualia <kendall.masse@gmail.com>

---------

Signed-off-by: ArtificialQualia <kendall.masse@gmail.com>

docs/introduction/stability-support.md

@@ -59,7 +59,7 @@ The following table show the support for features across different providers.
 | Oracle Vault              |              |              |                      |                         |        x         |             |                             |
 | Akeyless                  |              |              |                      |                         |        x         |             |                             |
 | 1Password                 |      x       |              |                      |                         |        x         |             |                             |
-| Generic Webhook           |              |              |                      |                         |                  |             |                             |
+| Generic Webhook           |              |              |                      |                         |                  |             |            x                |
 | senhasegura DSM           |              |              |                      |                         |        x         |             |                             |
 | Doppler                   |      x       |              |                      |                         |        x         |             |                             |
 

docs/provider/webhook.md

@@ -71,6 +71,9 @@ data:
 
 Webhook does not support authorization, other than what can be sent by generating http headers
 
+!!! note
+      If a webhook endpoint for a given `ExternalSecret` returns a 404 status code, the secret is considered to have been deleted.  This will trigger the `deletionPolicy` set on the `ExternalSecret`.
+
 ### Templating
 
 Generic WebHook provider uses the templating engine to generate the API call.  It can be used in the url, headers, body and result.jsonPath fields.

pkg/provider/webhook/webhook.go

@@ -286,6 +286,9 @@ func (w *WebHook) getWebhookData(ctx context.Context, provider *esv1beta1.Webhoo
 		return nil, fmt.Errorf("failed to call endpoint: %w", err)
 	}
 	defer resp.Body.Close()
+	if resp.StatusCode == 404 {
+		return nil, esv1beta1.NoSecretError{}
+	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		return nil, fmt.Errorf("endpoint gave error %s", resp.Status)
 	}

pkg/provider/webhook/webhook_test.go

@@ -75,7 +75,7 @@ args:
 want:
   err: failed to call endpoint
 ---
-case: error not found
+case: error no secret err
 args:
   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
   key: testkey
@@ -84,7 +84,18 @@ args:
   response: not found
 want:
   path: /api/getsecret?id=testkey&version=1
-  err: endpoint gave error 404
+  err: ` + esv1beta1.NoSecretErr.Error() + `
+---
+case: error server error
+args:
+  url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
+  key: testkey
+  version: 1
+  statuscode: 500
+  response: server error
+want:
+  path: /api/getsecret?id=testkey&version=1
+  err: endpoint gave error 500
 ---
 case: error bad json
 args: