Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

feat: implement SecretExists function for gcp secretsmanager (#4127)

* feat: implement SecretExists function for gcp secretsmanager

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactored the test for lesser complexity

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Gergely Brautigam 1 year ago
parent
1d85a90530
commit
44e462f510
2 changed files with 93 additions and 2 deletions
Unified View Show Diff Stats
  1. 14 2
      pkg/provider/gcp/secretmanager/client.go
  2. 79 0
      pkg/provider/gcp/secretmanager/client_test.go

+ 14 - 2
pkg/provider/gcp/secretmanager/client.go
View File 

@@ -130,8 +130,20 @@ func parseError(err error) error {
 
 	return err
 
 	return err
 
 }
 
 }
 
 
 
-func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) {
 
-	return false, errors.New("not implemented")
 
+func (c *Client) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRemoteRef) (bool, error) {
 
+	secretName := fmt.Sprintf("projects/%s/secrets/%s", c.store.ProjectID, ref.GetRemoteKey())
 
+	gcpSecret, err := c.smClient.GetSecret(ctx, &secretmanagerpb.GetSecretRequest{
 
+		Name: secretName,
 
+	})
 
+	if err != nil {
 
+		if status.Code(err) == codes.NotFound {
 
+			return false, nil
 
+		}
 
+
 
+		return false, err
 
+	}
 
+
 
+	return gcpSecret != nil, nil
 
 }
 
 }
 
 
 
 // PushSecret pushes a kubernetes secret key into gcp provider Secret.
 
 // PushSecret pushes a kubernetes secret key into gcp provider Secret.

+ 79 - 0
pkg/provider/gcp/secretmanager/client_test.go
View File 

@@ -25,12 +25,15 @@ import (
 
 	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
 
 	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
 
 	"github.com/googleapis/gax-go/v2"
 
 	"github.com/googleapis/gax-go/v2"
 
 	"github.com/googleapis/gax-go/v2/apierror"
 
 	"github.com/googleapis/gax-go/v2/apierror"
 
+	"github.com/stretchr/testify/assert"
 
+	"github.com/stretchr/testify/require"
 
 	"google.golang.org/grpc/codes"
 
 	"google.golang.org/grpc/codes"
 
 	"google.golang.org/grpc/status"
 
 	"google.golang.org/grpc/status"
 
 	corev1 "k8s.io/api/core/v1"
 
 	corev1 "k8s.io/api/core/v1"
 
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	pointer "k8s.io/utils/ptr"
 
 	pointer "k8s.io/utils/ptr"
 
 
 
+	"github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 
 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
 
 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
 
 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager/fake"
 
 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager/fake"
 
@@ -913,6 +916,82 @@ func TestPushSecret(t *testing.T) {
 
 	}
 
 	}
 
 }
 
 }
 
 
 
+func TestSecretExists(t *testing.T) {
 
+	tests := []struct {
 
+		name                string
 
+		ref                 esv1beta1.PushSecretRemoteRef
 
+		getSecretMockReturn fakesm.SecretMockReturn
 
+		expectedSecret      bool
 
+		expectedErr         func(t *testing.T, err error)
 
+	}{
 
+		{
 
+			name: "secret exists",
 
+			ref: v1alpha1.PushSecretRemoteRef{
 
+				RemoteKey: "bar",
 
+			},
 
+			getSecretMockReturn: fakesm.SecretMockReturn{
 
+				Secret: &secretmanagerpb.Secret{
 
+					Name: "projects/foo/secret/bar",
 
+				},
 
+				Err: nil,
 
+			},
 
+			expectedSecret: true,
 
+			expectedErr: func(t *testing.T, err error) {
 
+				require.NoError(t, err)
 
+			},
 
+		},
 
+		{
 
+			name: "secret does not exists",
 
+			ref: v1alpha1.PushSecretRemoteRef{
 
+				RemoteKey: "bar",
 
+			},
 
+			getSecretMockReturn: fakesm.SecretMockReturn{
 
+				Err: nil,
 
+			},
 
+			expectedSecret: false,
 
+			expectedErr: func(t *testing.T, err error) {
 
+				require.NoError(t, err)
 
+			},
 
+		},
 
+		{
 
+			name: "unexpected error occurs",
 
+			ref: v1alpha1.PushSecretRemoteRef{
 
+				RemoteKey: "bar2",
 
+			},
 
+			getSecretMockReturn: fakesm.SecretMockReturn{
 
+				Secret: &secretmanagerpb.Secret{
 
+					Name: "projects/foo/secret/bar",
 
+				},
 
+				Err: errors.New("some error"),
 
+			},
 
+			expectedSecret: false,
 
+			expectedErr: func(t *testing.T, err error) {
 
+				assert.ErrorContains(t, err, "some error")
 
+			},
 
+		},
 
+	}
 
+
 
+	for _, tc := range tests {
 
+		t.Run(tc.name, func(t *testing.T) {
 
+			smClient := fakesm.MockSMClient{}
 
+			smClient.NewGetSecretFn(tc.getSecretMockReturn)
 
+
 
+			client := Client{
 
+				smClient: &smClient,
 
+				store: &esv1beta1.GCPSMProvider{
 
+					ProjectID: "foo",
 
+				},
 
+			}
 
+			got, err := client.SecretExists(context.TODO(), tc.ref)
 
+			tc.expectedErr(t, err)
 
+
 
+			if got != tc.expectedSecret {
 
+				t.Fatalf("unexpected secret: expected %t, got %t", tc.expectedSecret, got)
 
+			}
 
+		})
 
+	}
 
+}
 
+
 
 func TestPushSecret_Property(t *testing.T) {
 
 func TestPushSecret_Property(t *testing.T) {
 
 	secretKey := "secret-key"
 
 	secretKey := "secret-key"
 
 	defaultAddSecretVersionMockReturn := func(gotPayload, expectedPayload string) (*secretmanagerpb.SecretVersion, error) {
 
 	defaultAddSecretVersionMockReturn := func(gotPayload, expectedPayload string) (*secretmanagerpb.SecretVersion, error) {