Making changes based on feedback

apis/externalsecrets/v1alpha1/secretstore_oracle_types.go

@@ -16,10 +16,10 @@ import (
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
 )
 
-// Configures an store to sync secrets using a Oracle Cloud Secrets Manager
+// Configures an store to sync secrets using a Oracle Vault
 // backend.
 type OracleProvider struct {
-	// Auth configures how secret-manager authenticates with the Oracle secrets manager.
+	// Auth configures how secret-manager authenticates with the Oracle Vault.
 	Auth OracleAuth `json:"auth"`
 
 	// User is an access OCID specific to the account.

apis/externalsecrets/v1alpha1/secretstore_types.go

@@ -50,7 +50,7 @@ type SecretStoreProvider struct {
 	// +optional
 	GCPSM *GCPSMProvider `json:"gcpsm,omitempty"`
 
-	// Oracle configures this store to sync secrets using Oracle Cloud provider
+	// Oracle configures this store to sync secrets using Oracle Vault provider
 	// +optional
 	Oracle *OracleProvider `json:"oracle,omitempty"`
 

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -405,11 +405,11 @@ spec:
                     type: object
                   oracle:
                     description: Oracle configures this store to sync secrets using
-                      Oracle Cloud provider
+                      Oracle Vault provider
                     properties:
                       auth:
                         description: Auth configures how secret-manager authenticates
-                          with the Oracle secrets manager.
+                          with the Oracle Vault.
                         properties:
                           secretRef:
                             description: SecretRef to pass through sensitive information.

deploy/crds/external-secrets.io_secretstores.yaml

@@ -405,11 +405,11 @@ spec:
                     type: object
                   oracle:
                     description: Oracle configures this store to sync secrets using
-                      Oracle Cloud provider
+                      Oracle Vault provider
                     properties:
                       auth:
                         description: Auth configures how secret-manager authenticates
-                          with the Oracle secrets manager.
+                          with the Oracle Vault.
                         properties:
                           secretRef:
                             description: SecretRef to pass through sensitive information.

docs/provider-oracle-vault.md

@@ -1,6 +1,6 @@
 ## Oracle Vault
 
-External Secrets Operator integrates with [OCI API](https://github.com/oracle/oci-go-sdk) to sync secret on the Oracle cloud to secrets held on the Kubernetes cluster.
+External Secrets Operator integrates with [OCI API](https://github.com/oracle/oci-go-sdk) to sync secret on the Oracle Vault to secrets held on the Kubernetes cluster.
 
 ### Authentication
 

docs/snippets/oracle-credentials-secret.yaml

@@ -6,5 +6,5 @@ metadata:
     type: oracle
 type: Opaque
 stringData:
-  privateKey: "**Private key value**, use |- for multiline"
-  fingerprint: "**Fingerprint value**"
+  privateKey: 
+  fingerprint: 

docs/snippets/oracle-external-secret.yaml

@@ -11,6 +11,6 @@ spec:
     name: secret-to-be-created # Name for the secret on the cluster
     creationPolicy: Owner
   data:
-  - secretKey: "**Secret Name**"
+  - secretKey: 
     remoteRef:
-      key: "**Secret OCID**"
+      key: 

docs/snippets/oracle-secret-store.yaml

@@ -5,9 +5,9 @@ metadata:
 spec:
   provider:
     oracle: #Needs to match value in secretstore_types.go
-      user: "**User OCID**"
-      tenancy: "**Tenancy OCID**"
-      region: "**Region**"
+      user: 
+      tenancy: 
+      region: 
       auth:
         secretRef:
           privatekey:

pkg/provider/oracle/oracle.go

@@ -31,9 +31,9 @@ import (
 )
 
 const (
-	SecretsManagerEndpointEnv = "ORACLE_SECRETSMANAGER_ENDPOINT"
-	STSEndpointEnv            = "ORACLE_STS_ENDPOINT"
-	SSMEndpointEnv            = "ORACLE_SSM_ENDPOINT"
+	VaultEndpointEnv = "ORACLE_VAULT_ENDPOINT"
+	STSEndpointEnv   = "ORACLE_STS_ENDPOINT"
+	SSMEndpointEnv   = "ORACLE_SSM_ENDPOINT"
 
 	errOracleClient                          = "cannot setup new oracle client: %w"
 	errORACLECredSecretName                  = "invalid oracle SecretStore resource: missing oracle APIKey"
@@ -55,8 +55,6 @@ type client struct {
 	store       *esv1alpha1.OracleProvider
 	namespace   string
 	storeKind   string
-	credentials []byte
-
 	tenancy     string
 	user        string
 	region      string
@@ -97,27 +95,27 @@ func (c *client) setAuth(ctx context.Context) error {
 	}
 
 	c.privateKey = string(credentialsSecret.Data[c.store.Auth.SecretRef.PrivateKey.Key])
-	if (c.privateKey == "") || (len(c.privateKey) == 0) {
+	if c.privateKey == "" {
 		return fmt.Errorf(errMissingPK)
 	}
 
 	c.fingerprint = string(credentialsSecret.Data[c.store.Auth.SecretRef.Fingerprint.Key])
-	if (c.fingerprint == "") || (len(c.fingerprint) == 0) {
+	if c.fingerprint == "" {
 		return fmt.Errorf(errMissingFingerprint)
 	}
 
-	c.user = string(c.store.User)
-	if (c.user == "") || (len(c.user) == 0) {
+	c.user = c.store.User
+	if c.user == "" {
 		return fmt.Errorf(errMissingUser)
 	}
 
-	c.tenancy = string(c.store.Tenancy)
-	if (c.tenancy == "") || (len(c.tenancy) == 0) {
+	c.tenancy = c.store.Tenancy
+	if c.tenancy == "" {
 		return fmt.Errorf(errMissingTenancy)
 	}
 
-	c.region = string(c.store.Region)
-	if (c.region == "") || (len(c.region) == 0) {
+	c.region = c.store.Region
+	if c.region == "" {
 		return fmt.Errorf(errMissingRegion)
 	}
 
@@ -173,7 +171,7 @@ func (kms *KeyManagementService) GetSecretMap(ctx context.Context, ref esv1alpha
 	return secretData, nil
 }
 
-//NewClient constructs a new secrets client based on the provided store.
+// NewClient constructs a new secrets client based on the provided store.
 func (kms *KeyManagementService) NewClient(ctx context.Context, store esv1alpha1.GenericStore, kube kclient.Client, namespace string) (provider.SecretsClient, error) {
 	storeSpec := store.GetSpec()
 	oracleSpec := storeSpec.Provider.Oracle

pkg/provider/oracle/oracle_test.go

@@ -25,7 +25,7 @@ import (
 	fakeoracle "github.com/external-secrets/external-secrets/pkg/provider/oracle/fake"
 )
 
-type secretManagerTestCase struct {
+type vaultTestCase struct {
 	mockClient     *fakeoracle.OracleMockClient
 	apiInput       *vault.GetSecretRequest
 	apiOutput      *vault.GetSecretResponse
@@ -37,8 +37,8 @@ type secretManagerTestCase struct {
 	expectedData map[string][]byte
 }
 
-func makeValidSecretManagerTestCase() *secretManagerTestCase {
-	smtc := secretManagerTestCase{
+func makeValidVaultTestCase() *vaultTestCase {
+	smtc := vaultTestCase{
 		mockClient:     &fakeoracle.OracleMockClient{},
 		apiInput:       makeValidAPIInput(),
 		ref:            makeValidRef(),
@@ -72,8 +72,8 @@ func makeValidAPIOutput() *vault.GetSecretResponse {
 	}
 }
 
-func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTestCase)) *secretManagerTestCase {
-	smtc := makeValidSecretManagerTestCase()
+func makeValidVaultTestCaseCustom(tweaks ...func(smtc *vaultTestCase)) *vaultTestCase {
+	smtc := makeValidVaultTestCase()
 	for _, fn := range tweaks {
 		fn(smtc)
 	}
@@ -83,21 +83,21 @@ func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTest
 
 // This case can be shared by both GetSecret and GetSecretMap tests.
 // bad case: set apiErr.
-var setAPIErr = func(smtc *secretManagerTestCase) {
+var setAPIErr = func(smtc *vaultTestCase) {
 	smtc.apiErr = fmt.Errorf("oh no")
 	smtc.expectError = "oh no"
 }
 
-var setNilMockClient = func(smtc *secretManagerTestCase) {
+var setNilMockClient = func(smtc *vaultTestCase) {
 	smtc.mockClient = nil
 	smtc.expectError = errUninitalizedOracleProvider
 }
 
-func TestOracleSecretManagerGetSecret(t *testing.T) {
+func TestOracleVaultGetSecret(t *testing.T) {
 	secretValue := "changedvalue"
 	// good case: default version is set
 	// key is passed in, output is sent back
-	setSecretString := func(smtc *secretManagerTestCase) {
+	setSecretString := func(smtc *vaultTestCase) {
 		smtc.apiOutput = &vault.GetSecretResponse{
 			Etag: utilpointer.StringPtr("test-name"),
 			Secret: vault.Secret{
@@ -109,10 +109,10 @@ func TestOracleSecretManagerGetSecret(t *testing.T) {
 		smtc.expectedSecret = secretValue
 	}
 
-	successCases := []*secretManagerTestCase{
-		makeValidSecretManagerTestCaseCustom(setAPIErr),
-		makeValidSecretManagerTestCaseCustom(setNilMockClient),
-		makeValidSecretManagerTestCaseCustom(setSecretString),
+	successCases := []*vaultTestCase{
+		makeValidVaultTestCaseCustom(setAPIErr),
+		makeValidVaultTestCaseCustom(setNilMockClient),
+		makeValidVaultTestCaseCustom(setSecretString),
 	}
 
 	sm := KeyManagementService{}
@@ -131,22 +131,22 @@ func TestOracleSecretManagerGetSecret(t *testing.T) {
 
 func TestGetSecretMap(t *testing.T) {
 	// good case: default version & deserialization
-	setDeserialization := func(smtc *secretManagerTestCase) {
+	setDeserialization := func(smtc *vaultTestCase) {
 		smtc.apiOutput.SecretName = utilpointer.StringPtr(`{"foo":"bar"}`)
 		smtc.expectedData["foo"] = []byte("bar")
 	}
 
 	// bad case: invalid json
-	setInvalidJSON := func(smtc *secretManagerTestCase) {
+	setInvalidJSON := func(smtc *vaultTestCase) {
 		smtc.apiOutput.SecretName = utilpointer.StringPtr(`-----------------`)
 		smtc.expectError = "unable to unmarshal secret"
 	}
 
-	successCases := []*secretManagerTestCase{
-		makeValidSecretManagerTestCaseCustom(setDeserialization),
-		makeValidSecretManagerTestCaseCustom(setInvalidJSON),
-		makeValidSecretManagerTestCaseCustom(setNilMockClient),
-		makeValidSecretManagerTestCaseCustom(setAPIErr),
+	successCases := []*vaultTestCase{
+		makeValidVaultTestCaseCustom(setDeserialization),
+		makeValidVaultTestCaseCustom(setInvalidJSON),
+		makeValidVaultTestCaseCustom(setNilMockClient),
+		makeValidVaultTestCaseCustom(setAPIErr),
 	}
 
 	sm := KeyManagementService{}