Merge branch 'beach-team' of https://github.com/external-secrets/external-secrets into beach-team

pkg/provider/aws/secretsmanager/fake/fake.go

@@ -17,6 +17,8 @@ package fake
 import (
 	"fmt"
 
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
 	awssm "github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/google/go-cmp/cmp"
 )
@@ -34,6 +36,14 @@ func NewClient() *Client {
 	}
 }
 
+func (sm *Client) CreateSecretWithContext(aws.Context, *awssm.CreateSecretInput, ...request.Option) (*awssm.CreateSecretOutput, error) {
+	value := "I'm a key"
+	output := awssm.CreateSecretOutput {
+		Name: &value,
+	}
+	return &output, nil
+}
+
 func (sm *Client) GetSecretValue(in *awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error) {
 	sm.ExecutionCounter++
 	if entry, found := sm.valFn[sm.cacheKeyForInput(in)]; found {

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -22,6 +22,7 @@ import (
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
 	awssm "github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/tidwall/gjson"
@@ -49,6 +50,7 @@ type SecretsManager struct {
 type SMInterface interface {
 	GetSecretValue(*awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error)
 	ListSecrets(*awssm.ListSecretsInput) (*awssm.ListSecretsOutput, error)
+	CreateSecretWithContext(aws.Context, *awssm.CreateSecretInput, ...request.Option) (*awssm.CreateSecretOutput, error)
 }
 
 const (
@@ -105,9 +107,19 @@ func (sm *SecretsManager) fetch(_ context.Context, ref esv1beta1.ExternalSecretD
 	return secretOut, nil
 }
 
-// Not Implemented SetSecret.
 func (sm *SecretsManager) SetSecret(ctx context.Context, value []byte, remoteRef esv1beta1.PushRemoteRef) error {
-	return fmt.Errorf("not implemented")
+	secretName := remoteRef.GetRemoteKey()
+	secretRequest := awssm.CreateSecretInput{
+		Name:         &secretName,
+		SecretBinary: value,
+	}
+
+	_, err := sm.client.CreateSecretWithContext(ctx, &secretRequest)
+
+	if err != nil {
+		return err
+	}
+	return nil
 }
 
 // GetAllSecrets syncs multiple secrets from aws provider into a single Kubernetes Secret.
@@ -311,3 +323,7 @@ func (sm *SecretsManager) Validate() (esv1beta1.ValidationResult, error) {
 	}
 	return esv1beta1.ValidationResultReady, nil
 }
+
+func (sm *SecretsManager) Capabilities() esv1beta1.SecretStoreCapabilities {
+	return esv1beta1.SecretStoreReadOnly
+}

pkg/provider/aws/secretsmanager/secretsmanager_test.go

@@ -23,6 +23,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	awssm "github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/google/go-cmp/cmp"
+	"gotest.tools/v3/assert"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/aws/secretsmanager/fake"
@@ -316,3 +317,21 @@ func ErrorContains(out error, want string) bool {
 	}
 	return strings.Contains(out.Error(), want)
 }
+
+type fakeRef struct {
+	key string
+}
+
+func (f fakeRef) GetRemoteKey() string {
+	return f.key
+}
+
+func TestSetSecret(t *testing.T) {
+	sm := SecretsManager{
+		client: &fakesm.Client{},
+	}
+	ref := fakeRef{key: "I'm a key"}
+	err := sm.SetSecret(context.Background(), []byte("HI"), ref)
+
+	assert.Equal(t, err, nil)
+}