[OnePasswordSDKProvider] Enable specifying the vault by UUID (#4906)

* [OnePasswordSDKProvider] Enable specifying the vault by UUID

Signed-off-by: pollenjp <polleninjp@gmail.com>

* run 'make reviewable'

Signed-off-by: pollenjp <polleninjp@gmail.com>

---------

Signed-off-by: pollenjp <polleninjp@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

apis/externalsecrets/v1/secretstore_onepassword_sdk_types.go

@@ -36,7 +36,7 @@ type IntegrationInfo struct {
 
 // OnePasswordSDKProvider configures a store to sync secrets using the 1Password sdk.
 type OnePasswordSDKProvider struct {
-	// Vault defines the vault's name to access. Do NOT add op:// prefix. This will be done automatically.
+	// Vault defines the vault's name or uuid to access. Do NOT add op:// prefix. This will be done automatically.
 	Vault string `json:"vault"`
 	// IntegrationInfo specifies the name and version of the integration built using the 1Password Go SDK.
 	// If you don't know which name and version to use, use `DefaultIntegrationName` and `DefaultIntegrationVersion`, respectively.

config/crds/bases/external-secrets.io_clustersecretstores.yaml

@@ -2702,8 +2702,8 @@ spec:
                             type: string
                         type: object
                       vault:
-                        description: Vault defines the vault's name to access. Do
-                          NOT add op:// prefix. This will be done automatically.
+                        description: Vault defines the vault's name or uuid to access.
+                          Do NOT add op:// prefix. This will be done automatically.
                         type: string
                     required:
                     - auth

config/crds/bases/external-secrets.io_secretstores.yaml

@@ -2702,8 +2702,8 @@ spec:
                             type: string
                         type: object
                       vault:
-                        description: Vault defines the vault's name to access. Do
-                          NOT add op:// prefix. This will be done automatically.
+                        description: Vault defines the vault's name or uuid to access.
+                          Do NOT add op:// prefix. This will be done automatically.
                         type: string
                     required:
                     - auth

deploy/crds/bundle.yaml

@@ -4474,7 +4474,7 @@ spec:
                               type: string
                           type: object
                         vault:
-                          description: Vault defines the vault's name to access. Do NOT add op:// prefix. This will be done automatically.
+                          description: Vault defines the vault's name or uuid to access. Do NOT add op:// prefix. This will be done automatically.
                           type: string
                       required:
                         - auth
@@ -14521,7 +14521,7 @@ spec:
                               type: string
                           type: object
                         vault:
-                          description: Vault defines the vault's name to access. Do NOT add op:// prefix. This will be done automatically.
+                          description: Vault defines the vault's name or uuid to access. Do NOT add op:// prefix. This will be done automatically.
                           type: string
                       required:
                         - auth

docs/api/spec.md

@@ -6096,7 +6096,7 @@ string
 </em>
 </td>
 <td>
-<p>Vault defines the vault&rsquo;s name to access. Do NOT add op:// prefix. This will be done automatically.</p>
+<p>Vault defines the vault&rsquo;s name or uuid to access. Do NOT add op:// prefix. This will be done automatically.</p>
 </td>
 </tr>
 <tr>

pkg/provider/onepasswordsdk/client.go

@@ -324,21 +324,21 @@ func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, ref es
 	return nil
 }
 
-func (p *Provider) GetVault(ctx context.Context, name string) (string, error) {
+func (p *Provider) GetVault(ctx context.Context, titleOrUuid string) (string, error) {
 	vaults, err := p.client.VaultsAPI.List(ctx)
 	if err != nil {
 		return "", fmt.Errorf("failed to list vaults: %w", err)
 	}
 
 	for _, v := range vaults {
-		if v.Title == name {
+		if v.Title == titleOrUuid || v.ID == titleOrUuid {
 			// cache the ID so we don't have to repeat this lookup.
 			p.vaultID = v.ID
 			return v.ID, nil
 		}
 	}
 
-	return "", fmt.Errorf("vault %s not found", name)
+	return "", fmt.Errorf("vault %s not found", titleOrUuid)
 }
 
 func (p *Provider) findItem(ctx context.Context, name string) (onepassword.Item, error) {

pkg/provider/onepasswordsdk/client_test.go

@@ -25,7 +25,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
+	v1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
 	"github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 )
 
@@ -592,6 +592,33 @@ func TestDeleteItemField(t *testing.T) {
 	}
 }
 
+func TestGetVault(t *testing.T) {
+	fc := &fakeClient{
+		listAllResult: []onepassword.VaultOverview{
+			{
+				ID:    "vault-id",
+				Title: "vault-title",
+			},
+		},
+	}
+
+	p := &Provider{
+		client: &onepassword.Client{
+			VaultsAPI: fc,
+		},
+	}
+
+	titleOrUuids := []string{"vault-title", "vault-id"}
+
+	for _, titleOrUuid := range titleOrUuids {
+		t.Run(titleOrUuid, func(t *testing.T) {
+			vaultID, err := p.GetVault(context.Background(), titleOrUuid)
+			require.NoError(t, err)
+			require.Equal(t, fc.listAllResult[0].ID, vaultID)
+		})
+	}
+}
+
 type fakeLister struct {
 	listAllResult []onepassword.ItemOverview
 	createCalled  bool