Getting secret contents to pass to remote Provider

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Co-authored-by: William Young <will.young@engineerbetter.com>
Co-authored-by: Dominic Meddick <dom.meddick@engineerbetter.com>

pkg/controllers/secretsink/secretsink_controller.go

@@ -72,7 +72,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 			log.Error(err, errPatchStatus)
 		}
 	}()
-
+	secret, err := r.GetSecret(ctx, ss)
 	if err != nil {
 		cond := NewSecretSinkCondition(esapi.SecretSinkReady, v1.ConditionFalse, "SecretSyncFailed", errFailedGetSecret)
 		ss = SetSecretSinkCondition(ss, *cond)
@@ -83,7 +83,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		cond := NewSecretSinkCondition(esapi.SecretSinkReady, v1.ConditionFalse, "SecretSyncFailed", err.Error())
 		ss = SetSecretSinkCondition(ss, *cond)
 	}
-	err = r.SetSecretToProviders(ctx, secretStores, ss)
+	err = r.SetSecretToProviders(ctx, secretStores, ss, secret)
 	if err != nil {
 		msg := fmt.Sprintf(errFailedSetSecret, err)
 		cond := NewSecretSinkCondition(esapi.SecretSinkReady, v1.ConditionFalse, "SecretSyncFailed", msg)
@@ -96,7 +96,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 	return ctrl.Result{}, nil
 }
 
-func (r *Reconciler) SetSecretToProviders(ctx context.Context, stores []v1beta1.GenericStore, ss esapi.SecretSink) error {
+func (r *Reconciler) SetSecretToProviders(ctx context.Context, stores []v1beta1.GenericStore, ss esapi.SecretSink, secret *v1.Secret) error {
 	for _, store := range stores {
 		provider, err := v1beta1.GetProvider(store)
 		if err != nil {
@@ -117,10 +117,14 @@ func (r *Reconciler) SetSecretToProviders(ctx context.Context, stores []v1beta1.
 		for _, ref := range ss.Spec.Data {
 			for _, match := range ref.Match {
 				secretKey = match.SecretKey
+				secretValue, ok := secret.Data[secretKey]
+				if !ok {
+					return fmt.Errorf("secret key %v does not exist", secretKey)
+				}
 				for _, rK := range match.RemoteRefs {
 					remoteKey = rK.RemoteKey
 				}
-				err := client.SetSecret(remoteKey, secretKey)
+				err := client.SetSecret(remoteKey, string(secretValue))
 				if err != nil {
 					return fmt.Errorf(errSetSecretFailed, match.SecretKey, store.GetName(), err)
 				}

pkg/controllers/secretsink/secretsink_controller_test.go

@@ -58,7 +58,7 @@ var _ = Describe("secretsink", func() {
 			namspacedName := types.NamespacedName{Namespace: "foo", Name: "Bar"}
 			_, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namspacedName})
 			Expect(err).NotTo(HaveOccurred())
-			Expect(client.GetCallCount()).To(Equal(1))
+			Expect(client.GetCallCount()).To(Equal(2))
 			Expect(client.StatusCallCount()).To(Equal(1))
 
 			_, gotNamespacedName, _ := client.GetArgsForCall(0)
@@ -220,6 +220,12 @@ var _ = Describe("secretsink", func() {
 		})
 	})
 	Describe("#SetSecretToProviders", func() {
+		val := "bar"
+		secret := &v1.Secret{
+			Data: map[string][]byte{
+				"foo": []byte(val),
+			},
+		}
 		sink := esapi.SecretSink{
 			Spec: esapi.SecretSinkSpec{
 				SecretStoreRefs: []esapi.SecretSinkStoreRef{
@@ -251,11 +257,11 @@ var _ = Describe("secretsink", func() {
 
 		It("gets the provider and client and then sets the secret", func() {
 
-			Expect(reconciler.SetSecretToProviders(context.TODO(), []v1beta1.GenericStore{}, sink)).To(BeNil())
+			Expect(reconciler.SetSecretToProviders(context.TODO(), []v1beta1.GenericStore{}, sink, secret)).To(BeNil())
 		})
 
 		It("returns an error if it can't get a provider", func() {
-			err := reconciler.SetSecretToProviders(context.TODO(), stores, sink)
+			err := reconciler.SetSecretToProviders(context.TODO(), stores, sink, secret)
 
 			Expect(err).To(HaveOccurred())
 			Expect(err.Error()).To(Equal(errGetProviderFailed))
@@ -276,7 +282,7 @@ var _ = Describe("secretsink", func() {
 			}
 
 			stores[0] = &secretStore
-			err := reconciler.SetSecretToProviders(context.TODO(), stores, sink)
+			err := reconciler.SetSecretToProviders(context.TODO(), stores, sink, secret)
 
 			Expect(err).To(HaveOccurred())
 			Expect(err.Error()).To(Equal(errGetSecretsClientFailed))
@@ -294,7 +300,7 @@ var _ = Describe("secretsink", func() {
 			}
 
 			stores[0] = &secretStore
-			err := reconciler.SetSecretToProviders(context.TODO(), stores, sink)
+			err := reconciler.SetSecretToProviders(context.TODO(), stores, sink, secret)
 
 			Expect(err).To(HaveOccurred())
 			Expect(err.Error()).To(Equal(fmt.Sprintf(errSetSecretFailed, "foo", "", "something went wrong")))

pkg/provider/fake/fake.go

@@ -73,17 +73,17 @@ func getProvider(store esv1beta1.GenericStore) (*esv1beta1.FakeProvider, error)
 
 // Not Implemented SetSecret.
 func (p *Provider) SetSecret(key, value string) error {
-	for _, data := range p.config.Data {
-		if data.Key == key {
-			return fmt.Errorf("key already exists")
-		}
-	}
-
-	data := esv1beta1.FakeProviderData{
+	new := esv1beta1.FakeProviderData{
 		Key:   key,
 		Value: value,
 	}
-	p.config.Data = append(p.config.Data, data)
+	for i, data := range p.config.Data {
+		if data.Key == key {
+			p.config.Data[i] = new
+			return nil
+		}
+	}
+	p.config.Data = append(p.config.Data, new)
 	return nil
 }