Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix(onepassword): Reduce API usage (#5410)

* Omit call during validation

Users (including me) seem to run into the 1password SDK rate limit (1000 calls per day). Dropping the list-vault operation seems like it should help reduce our usage.

Signed-off-by: Sondre Lillebø Gundersen <sondrelg@live.no>

* Make validate a no-op

Signed-off-by: Sondre Lillebø Gundersen <sondrelg@live.no>

---------

Signed-off-by: Sondre Lillebø Gundersen <sondrelg@live.no>
Sondre Lillebø Gundersen 7 months ago
parent
f947d83899
commit
4d2c8fd13e
2 changed files with 2 additions and 44 deletions
Unified View Show Diff Stats
  1. 2 7
      providers/v1/onepasswordsdk/client.go
  2. 0 37
      providers/v1/onepasswordsdk/client_test.go

+ 2 - 7
providers/v1/onepasswordsdk/client.go
View File 

@@ -380,14 +380,9 @@ func (p *Provider) SecretExists(_ context.Context, _ esv1.PushSecretRemoteRef) (
 
 	return false, fmt.Errorf("not implemented")
 
 	return false, fmt.Errorf("not implemented")
 
 }
 
 }
 
 
 
-// Validate checks if the client is configured correctly
 
-// currently only checks if it is possible to list vaults.
 
+// Validate does nothing here. It would be possible to ping the SDK to prove we're healthy, but
 
+// since the 1password SDK rate-limit is pretty aggressive, we prefer to do nothing.
 
 func (p *Provider) Validate() (esv1.ValidationResult, error) {
 
 func (p *Provider) Validate() (esv1.ValidationResult, error) {
 
-	_, err := p.client.Vaults().List(context.Background())
 
-	if err != nil {
 
-		return esv1.ValidationResultError, fmt.Errorf("error listing vaults: %w", err)
 
-	}
 
-
 
 	return esv1.ValidationResultReady, nil
 
 	return esv1.ValidationResultReady, nil
 
 }
 
 }

+ 0 - 37
providers/v1/onepasswordsdk/client_test.go
View File 

@@ -310,43 +310,6 @@ func TestProviderValidate(t *testing.T) {
 
 			},
 
 			},
 
 			vaultPrefix: "op://vault/",
 
 			vaultPrefix: "op://vault/",
 
 		},
 
 		},
 
-		{
 
-			name: "validate error",
 
-			client: func() *onepassword.Client {
 
-				fc := &fakeClient{
 
-					listAllResult: []onepassword.VaultOverview{},
 
-					listAllError:  errors.New("no vaults found when listing"),
 
-				}
 
-
 
-				return &onepassword.Client{
 
-					SecretsAPI: fc,
 
-					VaultsAPI:  fc,
 
-				}
 
-			},
 
-			want: v1.ValidationResultError,
 
-			assertError: func(t *testing.T, err error) {
 
-				require.ErrorContains(t, err, "no vaults found when listing")
 
-			},
 
-			vaultPrefix: "op://vault/",
 
-		},
 
-		{
 
-			name: "validate error missing vault prefix",
 
-			client: func() *onepassword.Client {
 
-				fc := &fakeClient{
 
-					listAllResult: []onepassword.VaultOverview{},
 
-					listAllError:  errors.New("no vaults found when listing"),
 
-				}
 
-
 
-				return &onepassword.Client{
 
-					SecretsAPI: fc,
 
-					VaultsAPI:  fc,
 
-				}
 
-			},
 
-			want: v1.ValidationResultError,
 
-			assertError: func(t *testing.T, err error) {
 
-				require.ErrorContains(t, err, "no vaults found when listing")
 
-			},
 
-		},
 
 	}
 
 	}
 
 	for _, tt := range tests {
 
 	for _, tt := range tests {
 
 		t.Run(tt.name, func(t *testing.T) {
 
 		t.Run(tt.name, func(t *testing.T) {