WIP: Updated SetSecret signature & implementation

Signed-off-by: William Young <will.young@engineerbetter.com>
Co-authored-by: Dominic Meddick <dom.meddick@engineerbetter.com>
Co-authored-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>

apis/externalsecrets/v1beta1/provider.go

@@ -61,7 +61,7 @@ type SecretsClient interface {
 	GetSecret(ctx context.Context, ref ExternalSecretDataRemoteRef) ([]byte, error)
 
 	// SetSecret will write a single secret into the provider
-	SetSecret() error
+	SetSecret(secretKey, remoteKey string) error
 
 	// Validate checks if the client is configured correctly
 	// and is able to retrieve secrets from the provider.

apis/externalsecrets/v1beta1/provider_schema_test.go

@@ -35,7 +35,7 @@ func (p *PP) NewClient(ctx context.Context, store GenericStore, kube client.Clie
 }
 
 // SetSecret writes a single secret into a provider.
-func (p *PP) SetSecret() error {
+func (p *PP) SetSecret(secretKey, remoteKey string) error {
 	return nil
 }
 

pkg/controllers/secretsink/secretsink_controller.go

@@ -73,7 +73,6 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		}
 	}()
 
-	_, err = r.GetSecret(ctx, ss)
 	if err != nil {
 		cond := NewSecretSinkCondition(esapi.SecretSinkReady, v1.ConditionFalse, "SecretSyncFailed", errFailedGetSecret)
 		ss = SetSecretSinkCondition(ss, *cond)
@@ -113,9 +112,15 @@ func (r *Reconciler) SetSecretToProviders(ctx context.Context, stores []v1beta1.
 				r.Log.Error(err, errCloseStoreClient)
 			}
 		}()
+		var secretKey string
+		var remoteKey string
 		for _, ref := range ss.Spec.Data {
 			for _, match := range ref.Match {
-				err := client.SetSecret()
+				secretKey = match.SecretKey
+				for _, rK := range match.RemoteRefs {
+					remoteKey = rK.RemoteKey
+				}
+				err := client.SetSecret(remoteKey, secretKey)
 				if err != nil {
 					return fmt.Errorf(errSetSecretFailed, match.SecretKey, store.GetName(), err)
 				}

pkg/provider/akeyless/akeyless.go

@@ -170,7 +170,7 @@ func (a *Akeyless) Validate() (esv1beta1.ValidationResult, error) {
 	return esv1beta1.ValidationResultReady, nil
 }
 
-func (a *Akeyless) SetSecret() error {
+func (a *Akeyless) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/alibaba/kms.go

@@ -114,7 +114,7 @@ func (c *Client) setAuth(ctx context.Context) error {
 	return nil
 }
 
-func (kms *KeyManagementService) SetSecret() error {
+func (kms *KeyManagementService) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/aws/parameterstore/parameterstore.go

@@ -61,7 +61,7 @@ func New(sess *session.Session) (*ParameterStore, error) {
 }
 
 // Not Implemented SetSecret.
-func (pm *ParameterStore) SetSecret() error {
+func (pm *ParameterStore) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -105,7 +105,7 @@ func (sm *SecretsManager) fetch(_ context.Context, ref esv1beta1.ExternalSecretD
 }
 
 // Not Implemented SetSecret.
-func (sm *SecretsManager) SetSecret() error {
+func (sm *SecretsManager) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/azure/keyvault/keyvault.go

@@ -202,7 +202,7 @@ func (a *Azure) ValidateStore(store esv1beta1.GenericStore) error {
 }
 
 // Not Implemented SetSecret.
-func (a *Azure) SetSecret() error {
+func (a *Azure) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/fake/fake.go

@@ -61,8 +61,19 @@ func getProvider(store esv1beta1.GenericStore) (*esv1beta1.FakeProvider, error)
 }
 
 // Not Implemented SetSecret.
-func (p *Provider) SetSecret() error {
-	return fmt.Errorf("not implemented")
+func (p *Provider) SetSecret(key, value string) error {
+	for _, data := range p.config.Data {
+		if data.Key == key {
+			return fmt.Errorf("key already exists")
+		}
+	}
+
+	data := esv1beta1.FakeProviderData{
+		Key:   key,
+		Value: value,
+	}
+	p.config.Data = append(p.config.Data, data)
+	return nil
 }
 
 // Empty GetAllSecrets.

pkg/provider/gcp/secretmanager/secretsmanager.go

@@ -220,7 +220,7 @@ func (sm *ProviderGCP) NewClient(ctx context.Context, store esv1beta1.GenericSto
 }
 
 // Not Implemented SetSecret.
-func (sm *ProviderGCP) SetSecret() error {
+func (sm *ProviderGCP) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/gitlab/gitlab.go

@@ -162,7 +162,7 @@ func (g *Gitlab) NewClient(ctx context.Context, store esv1beta1.GenericStore, ku
 }
 
 // Not Implemented SetSecret.
-func (g *Gitlab) SetSecret() error {
+func (g *Gitlab) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/ibm/provider.go

@@ -101,7 +101,7 @@ func (c *client) setAuth(ctx context.Context) error {
 }
 
 // Not Implemented SetSecret.
-func (ibm *providerIBM) SetSecret() error {
+func (ibm *providerIBM) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/kubernetes/kubernetes.go

@@ -131,7 +131,7 @@ func (k *ProviderKubernetes) Close(ctx context.Context) error {
 }
 
 // Not Implemented SetSecret.
-func (k *ProviderKubernetes) SetSecret() error {
+func (k *ProviderKubernetes) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/onepassword/onepassword.go

@@ -154,7 +154,7 @@ func validateStore(store esv1beta1.GenericStore) error {
 }
 
 // Not Implemented SetSecret.
-func (provider *ProviderOnePassword) SetSecret() error {
+func (provider *ProviderOnePassword) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/oracle/oracle.go

@@ -66,7 +66,7 @@ type VMInterface interface {
 }
 
 // Not Implemented SetSecret.
-func (vms *VaultManagementService) SetSecret() error {
+func (vms *VaultManagementService) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/senhasegura/dsm/dsm.go

@@ -91,7 +91,7 @@ func New(isoSession *senhaseguraAuth.SenhaseguraIsoSession) (*DSM, error) {
 }
 
 // Not Implemented SetSecret.
-func (dsm *DSM) SetSecret() error {
+func (dsm *DSM) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/testing/fake/fake.go

@@ -68,7 +68,7 @@ func (v *Client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecret
 }
 
 // Not Implemented SetSecret.
-func (v *Client) SetSecret() error {
+func (v *Client) SetSecret(secretKey, remoteKey string) error {
 	return v.SetSecretFn()
 }
 

pkg/provider/vault/vault.go

@@ -356,7 +356,7 @@ func (c *connector) ValidateStore(store esv1beta1.GenericStore) error {
 }
 
 // Not Implemented SetSecret.
-func (v *client) SetSecret() error {
+func (v *client) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/webhook/webhook.go

@@ -117,7 +117,7 @@ func (w *WebHook) getStoreSecret(ctx context.Context, ref esmeta.SecretKeySelect
 }
 
 // Not Implemented SetSecret.
-func (w *WebHook) SetSecret() error {
+func (w *WebHook) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/yandex/common/secretsclient.go

@@ -34,7 +34,7 @@ func (c *yandexCloudSecretsClient) GetSecret(ctx context.Context, ref esv1beta1.
 	return c.secretGetter.GetSecret(ctx, c.iamToken, ref.Key, ref.Version, ref.Property)
 }
 
-func (c *yandexCloudSecretsClient) SetSecret() error {
+func (c *yandexCloudSecretsClient) SetSecret(secretKey, remoteKey string) error {
 	return fmt.Errorf("not implemented")
 }