Adding ValidateStore for IBM provider. Improving util check

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>

pkg/provider/ibm/provider.go

@@ -322,6 +322,16 @@ func (ibm *providerIBM) Validate() error {
 }
 
 func (ibm *providerIBM) ValidateStore(store esv1beta1.GenericStore) error {
+	storeSpec := store.GetSpec()
+	ibmSpec := storeSpec.Provider.IBM
+	if ibmSpec.ServiceURL == nil {
+		return fmt.Errorf("serviceURL is required")
+	}
+	secretRef := ibmSpec.Auth.SecretRef.SecretAPIKey
+	err := utils.ValidateSecretSelector(store, secretRef)
+	if err != nil {
+		return err
+	}
 	return nil
 }
 

pkg/provider/ibm/provider_test.go

@@ -32,6 +32,10 @@ import (
 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/ibm/fake"
 )
 
+const (
+	errExpectedErr = "wanted error got nil"
+)
+
 type secretManagerTestCase struct {
 	mockClient     *fakesm.IBMMockClient
 	apiInput       *sm.GetSecretOptions
@@ -111,6 +115,42 @@ var setNilMockClient = func(smtc *secretManagerTestCase) {
 	smtc.expectError = errUninitalizedIBMProvider
 }
 
+// simple tests for Validate Store.
+func TestValidateStore(t *testing.T) {
+	p := providerIBM{}
+	store := &esv1beta1.SecretStore{
+		Spec: esv1beta1.SecretStoreSpec{
+			Provider: &esv1beta1.SecretStoreProvider{
+				IBM: &esv1beta1.IBMProvider{},
+			},
+		},
+	}
+	err := p.ValidateStore(store)
+	if err == nil {
+		t.Errorf(errExpectedErr)
+	} else if err.Error() != "serviceURL is required" {
+		t.Errorf("service URL test failed")
+	}
+	url := "my-url"
+	store.Spec.Provider.IBM.ServiceURL = &url
+	err = p.ValidateStore(store)
+	if err == nil {
+		t.Errorf(errExpectedErr)
+	} else if err.Error() != "secret name is required" {
+		t.Errorf("KeySelector test failed: expected secret name is required, got %v", err)
+	}
+	store.Spec.Provider.IBM.Auth.SecretRef.SecretAPIKey.Name = "foo"
+	store.Spec.Provider.IBM.Auth.SecretRef.SecretAPIKey.Key = "bar"
+	ns := "ns-one"
+	store.Spec.Provider.IBM.Auth.SecretRef.SecretAPIKey.Namespace = &ns
+	err = p.ValidateStore(store)
+	if err == nil {
+		t.Errorf(errExpectedErr)
+	} else if err.Error() != "namespace not allowed with namespaced SecretStore" {
+		t.Errorf("KeySelector test failed: expected namespace not allowed, got %v", err)
+	}
+}
+
 // test the sm<->gcp interface
 // make sure correct values are passed and errors are handled accordingly.
 func TestIBMSecretManagerGetSecret(t *testing.T) {

pkg/utils/utils.go

@@ -110,6 +110,12 @@ func ErrorContains(out error, want string) bool {
 // We MUST NOT check the name or key property here. It MAY be defaulted by the provider.
 func ValidateSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySelector) error {
 	clusterScope := store.GetObjectKind().GroupVersionKind().Kind == esv1beta1.ClusterSecretStoreKind
+	if ref.Name == "" {
+		return fmt.Errorf("secret name is required")
+	}
+	if ref.Key == "" {
+		return fmt.Errorf("secret key is required")
+	}
 	if clusterScope && ref.Namespace == nil {
 		return fmt.Errorf("cluster scope requires namespace")
 	}