Configured PushSecret synchronization interval

apis/externalsecrets/v1alpha1/pushsecret_types.go

@@ -37,6 +37,7 @@ type PushSecretStoreRef struct {
 
 // PushSecretSpec configures the behavior of the PushSecret.
 type PushSecretSpec struct {
+	RefreshInterval *metav1.Duration     `json:"refreshInterval,omitempty"`
 	SecretStoreRefs []PushSecretStoreRef `json:"secretStoreRefs"`
 	Selector        PushSecretSelector   `json:"selector"`
 	Data            []PushSecretData     `json:"data,omitempty"`

apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go

@@ -1114,6 +1114,11 @@ func (in *PushSecretSelector) DeepCopy() *PushSecretSelector {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PushSecretSpec) DeepCopyInto(out *PushSecretSpec) {
 	*out = *in
+	if in.RefreshInterval != nil {
+		in, out := &in.RefreshInterval, &out.RefreshInterval
+		*out = new(v1.Duration)
+		**out = **in
+	}
 	if in.SecretStoreRefs != nil {
 		in, out := &in.SecretStoreRefs, &out.SecretStoreRefs
 		*out = make([]PushSecretStoreRef, len(*in))

config/crds/bases/external-secrets.io_pushsecrets.yaml

@@ -68,6 +68,8 @@ spec:
                   - match
                   type: object
                 type: array
+              refreshInterval:
+                type: string
               secretStoreRefs:
                 items:
                   properties:

deploy/crds/bundle.yaml

@@ -3070,6 +3070,8 @@ spec:
                       - match
                     type: object
                   type: array
+                refreshInterval:
+                  type: string
                 secretStoreRefs:
                   items:
                     properties:

pkg/controllers/pushsecret/pushsecret_controller.go

@@ -67,6 +67,11 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		return ctrl.Result{}, fmt.Errorf("get resource: %w", err)
 	}
 
+	refreshInt := r.RequeueInterval
+	if ps.Spec.RefreshInterval != nil && ps.Spec.RefreshInterval.Duration != 0 {
+		refreshInt = ps.Spec.RefreshInterval.Duration
+	}
+
 	p := client.MergeFrom(ps.DeepCopy())
 	defer func() {
 		err := r.Client.Status().Patch(ctx, &ps, p)
@@ -101,7 +106,15 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 	ps = SetPushSecretCondition(ps, *cond)
 	// Set status for PushSecret
 	r.recorder.Event(&ps, v1.EventTypeNormal, esapi.ReasonSynced, msg)
-	return ctrl.Result{}, nil
+
+	if refreshInt == 0 {
+		return ctrl.Result{
+			RequeueAfter: 0,
+			Requeue:      false,
+		}, nil
+	}
+
+	return ctrl.Result{RequeueAfter: refreshInt}, nil
 }
 
 func (r *Reconciler) SetSecretToProviders(ctx context.Context, stores []v1beta1.GenericStore, ps esapi.PushSecret, secret *v1.Secret) error {

pkg/controllers/pushsecret/pushsecret_controller_test.go

@@ -18,6 +18,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"time"
 
 	"github.com/go-logr/logr"
 	. "github.com/onsi/ginkgo/v2"
@@ -46,6 +47,28 @@ var _ = Describe("pushsecret", func() {
 		recorder = &fakes.FakeEventRecorder{}
 		reconciler = &Reconciler{client, logr.Discard(), nil, recorder, 0, ""}
 	})
+
+	Describe("RefreshInterval", func() {
+		var (
+			statusWriter *fakes.StatusWriter
+		)
+
+		BeforeEach(func() {
+			statusWriter = new(fakes.StatusWriter)
+			client.StatusReturns(statusWriter)
+
+		})
+
+		It("Passes", func() {
+			namspacedName := types.NamespacedName{Namespace: "foo", Name: "Bar"}
+			refreshInt := time.Duration(5000)
+			reconciler.RequeueInterval = refreshInt
+			result, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namspacedName})
+			Expect(result).To(Equal(ctrl.Result{RequeueAfter: refreshInt}))
+			Expect(err).NotTo(HaveOccurred())
+		})
+	})
+
 	Describe("#Reconcile", func() {
 		var (
 			statusWriter *fakes.StatusWriter
@@ -58,7 +81,8 @@ var _ = Describe("pushsecret", func() {
 
 		It("succeeds", func() {
 			namspacedName := types.NamespacedName{Namespace: "foo", Name: "Bar"}
-			_, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namspacedName})
+			result, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namspacedName})
+			Expect(result).To(Equal(ctrl.Result{RequeueAfter: 0, Requeue: false}))
 			Expect(err).NotTo(HaveOccurred())
 			Expect(client.GetCallCount()).To(Equal(2))
 			Expect(client.StatusCallCount()).To(Equal(1))
@@ -397,6 +421,13 @@ var _ = Describe("pushsecret", func() {
 			Expect(err.Error()).To(Equal(fmt.Sprintf(errSetSecretFailed, "foo", "", "something went wrong")))
 		})
 	})
+
+	// Secrets should not be updated when refreshInterval is not equals to zero
+	// RequeueInterval shouldn't be updated if spec.refreshInterval is zero
+	// Checking if requeue interval is zero does an error occur
+	// requeue interval not zero
+	//
+	//Describe("#")
 })
 
 func init() {