Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Implemented `updatePolicy: IfNotExists` for AWS Secret Store (#3438)

* Implemented SecretExists for AWS Secret Store

Signed-off-by: Parth Patel <p.patel81@yahoo.com>

* Lint changes

Signed-off-by: Parth Patel <p.patel81@yahoo.com>

* Added some unit-tests

Signed-off-by: Parth Patel <p.patel81@yahoo.com>

* Small refactored unit-tests

Signed-off-by: Parth Patel <p.patel81@yahoo.com>

* Fixed lint issues

Signed-off-by: Parth Patel <p.patel81@yahoo.com>

---------

Signed-off-by: Parth Patel <p.patel81@yahoo.com>
Parth Patel 2 years ago
parent
c54974ba63
commit
6252ad9394
2 changed files with 109 additions and 2 deletions
Split View Show Diff Stats
  1. 21 2
      pkg/provider/aws/secretsmanager/secretsmanager.go
  2. 88 0
      pkg/provider/aws/secretsmanager/secretsmanager_test.go

+ 21 - 2
pkg/provider/aws/secretsmanager/secretsmanager.go
View File 

@@ -212,8 +212,27 @@ func (sm *SecretsManager) DeleteSecret(ctx context.Context, remoteRef esv1beta1.
 
 	return err
 
 }
 
 
-func (sm *SecretsManager) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) {
 
-	return false, fmt.Errorf("not implemented")
 
+func (sm *SecretsManager) SecretExists(ctx context.Context, pushSecretRef esv1beta1.PushSecretRemoteRef) (bool, error) {
 
+	secretName := pushSecretRef.GetRemoteKey()
 
+	secretValue := awssm.GetSecretValueInput{
 
+		SecretId: &secretName,
 
+	}
 
+	_, err := sm.client.GetSecretValueWithContext(ctx, &secretValue)
 
+	if err != nil {
 
+		return sm.handleSecretError(err)
 
+	}
 
+	return true, nil
 
+}
 
+
 
+func (sm *SecretsManager) handleSecretError(err error) (bool, error) {
 
+	var aerr awserr.Error
 
+	if ok := errors.As(err, &aerr); !ok {
 
+		return false, err
 
+	}
 
+	if aerr.Code() == awssm.ErrCodeResourceNotFoundException {
 
+		return true, nil
 
+	}
 
+	return false, err
 
 }
 
 
 func (sm *SecretsManager) PushSecret(ctx context.Context, secret *corev1.Secret, psd esv1beta1.PushSecretData) error {

+ 88 - 0
pkg/provider/aws/secretsmanager/secretsmanager_test.go
View File 

@@ -1316,6 +1316,94 @@ func TestSecretsManagerValidate(t *testing.T) {
 
 		})
 
 	}
 
 }
 
+func TestSecretExists(t *testing.T) {
 
+	arn := "arn:aws:secretsmanager:us-east-1:702902267788:secret:foo-bar5-Robbgh"
 
+	defaultVersion := "00000000-0000-0000-0000-000000000002"
 
+	secretValueOutput := &awssm.GetSecretValueOutput{
 
+		ARN:       &arn,
 
+		VersionId: &defaultVersion,
 
+	}
 
+
 
+	blankSecretValueOutput := &awssm.GetSecretValueOutput{}
 
+
 
+	getSecretCorrectErr := awssm.ResourceNotFoundException{}
 
+	getSecretWrongErr := awssm.InvalidRequestException{}
 
+
 
+	pushSecretDataWithoutProperty := fake.PushSecretData{SecretKey: "fake-secret-key", RemoteKey: "fake-key", Property: ""}
 
+
 
+	type args struct {
 
+		store          *esv1beta1.AWSProvider
 
+		client         fakesm.Client
 
+		pushSecretData fake.PushSecretData
 
+	}
 
+
 
+	type want struct {
 
+		err       error
 
+		wantError bool
 
+	}
 
+
 
+	tests := map[string]struct {
 
+		args args
 
+		want want
 
+	}{
 
+		"SecretExistsReturnsTrueForExistingSecret": {
 
+			args: args{
 
+				store: makeValidSecretStore().Spec.Provider.AWS,
 
+				client: fakesm.Client{
 
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(secretValueOutput, nil),
 
+				},
 
+				pushSecretData: pushSecretDataWithoutProperty,
 
+			},
 
+			want: want{
 
+				err:       nil,
 
+				wantError: true,
 
+			},
 
+		},
 
+		"SecretExistsReturnsTrueForNonExistingSecret": {
 
+			args: args{
 
+				store: makeValidSecretStore().Spec.Provider.AWS,
 
+				client: fakesm.Client{
 
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(blankSecretValueOutput, &getSecretCorrectErr),
 
+				},
 
+				pushSecretData: pushSecretDataWithoutProperty,
 
+			},
 
+			want: want{
 
+				err:       nil,
 
+				wantError: true,
 
+			},
 
+		},
 
+		"SecretExistsReturnsFalseForErroredSecret": {
 
+			args: args{
 
+				store: makeValidSecretStore().Spec.Provider.AWS,
 
+				client: fakesm.Client{
 
+					GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(blankSecretValueOutput, &getSecretWrongErr),
 
+				},
 
+				pushSecretData: pushSecretDataWithoutProperty,
 
+			},
 
+			want: want{
 
+				err:       &getSecretWrongErr,
 
+				wantError: false,
 
+			},
 
+		},
 
+	}
 
+
 
+	for name, tc := range tests {
 
+		t.Run(name, func(t *testing.T) {
 
+			sm := &SecretsManager{
 
+				client: &tc.args.client,
 
+			}
 
+			got, err := sm.SecretExists(context.Background(), tc.args.pushSecretData)
 
+
 
+			assert.Equal(
 
+				t,
 
+				tc.want,
 
+				want{
 
+					err:       err,
 
+					wantError: got,
 
+				})
 
+		})
 
+	}
 
+}
 
 
 // FakeCredProvider implements the AWS credentials.Provider interface
 
 // It is used to inject an error into the AWS session to cause a