Support for Oracle PushSecret.property #2911 (#3577)

* feat: push entire secret (oracle)

Signed-off-by: Malik Kennedy <mksybr@gmail.com>

* feat: push entire secret (oracle)

Signed-off-by: Malik Kennedy <mksybr@gmail.com>

---------

Signed-off-by: Malik Kennedy <mksybr@gmail.com>

pkg/provider/oracle/oracle.go

@@ -96,11 +96,22 @@ const (
 )
 
 func (vms *VaultManagementService) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error {
+	if vms.encryptionKey == "" {
+		return fmt.Errorf("SecretStore must reference encryption key")
+	}
+	value := secret.Data[data.GetSecretKey()]
 	if data.GetSecretKey() == "" {
-		return fmt.Errorf("pushing the whole secret is not yet implemented")
+		secretData := map[string]string{}
+		for k, v := range secret.Data {
+			secretData[k] = string(v)
+		}
+		jsonSecret, err := json.Marshal(secretData)
+		if err != nil {
+			return fmt.Errorf("unable to create json %v from value: %v", value, secretData)
+		}
+		value = jsonSecret
 	}
 
-	value := secret.Data[data.GetSecretKey()]
 	secretName := data.GetRemoteKey()
 	encodedValue := base64.StdEncoding.EncodeToString(value)
 	sec, action, err := vms.getSecretBundleWithCode(ctx, secretName)

pkg/provider/oracle/oracle_test.go

@@ -581,6 +581,7 @@ func TestOracleVaultGetAllSecrets(t *testing.T) {
 
 func TestOracleVaultPushSecret(t *testing.T) {
 	testSecretKey := "test-secret-key"
+	encryptionKey := "must-not-be-blank-for-push"
 	var testCases = map[string]struct {
 		vms       *VaultManagementService
 		data      testingfake.PushSecretData
@@ -589,6 +590,7 @@ func TestOracleVaultPushSecret(t *testing.T) {
 	}{
 		"create a secret if not exists": {
 			&VaultManagementService{
+				encryptionKey: encryptionKey,
 				Client: &fakeoracle.OracleMockClient{
 					SecretBundles: map[string]secrets.SecretBundle{
 						s2id: s2bundle,
@@ -605,8 +607,28 @@ func TestOracleVaultPushSecret(t *testing.T) {
 			},
 			"created",
 		},
+		"create a json secret if not exists": {
+			&VaultManagementService{
+				encryptionKey: encryptionKey,
+				Client: &fakeoracle.OracleMockClient{
+					SecretBundles: map[string]secrets.SecretBundle{
+						s2id: s2bundle,
+					},
+				},
+				VaultClient: &fakeoracle.OracleMockVaultClient{},
+			},
+			testingfake.PushSecretData{
+				SecretKey: testSecretKey,
+				RemoteKey: s1id,
+			},
+			func(vms *VaultManagementService) bool {
+				return vms.VaultClient.(*fakeoracle.OracleMockVaultClient).CreatedCount == 1
+			},
+			"{'key-a':'secret-a', 'key-b': 'secret-b'}",
+		},
 		"update a secret if exists": {
 			&VaultManagementService{
+				encryptionKey: encryptionKey,
 				Client: &fakeoracle.OracleMockClient{
 					SecretBundles: map[string]secrets.SecretBundle{
 						s1id: s1bundle,
@@ -626,6 +648,7 @@ func TestOracleVaultPushSecret(t *testing.T) {
 		},
 		"neither create nor update if secret content is unchanged": {
 			&VaultManagementService{
+				encryptionKey: encryptionKey,
 				Client: &fakeoracle.OracleMockClient{
 					SecretBundles: map[string]secrets.SecretBundle{
 						s1id: s1bundle,