feat: k8s provider can handle all types of secret, fix #2709 (#2792)

Signed-off-by: Minho Ryang <minho@comcom.ai>

apis/externalsecrets/v1beta1/provider.go

@@ -17,6 +17,7 @@ package v1beta1
 import (
 	"context"
 
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -69,7 +70,7 @@ type SecretsClient interface {
 	GetSecret(ctx context.Context, ref ExternalSecretDataRemoteRef) ([]byte, error)
 
 	// PushSecret will write a single secret into the provider
-	PushSecret(ctx context.Context, value []byte, metadata *apiextensionsv1.JSON, remoteRef PushRemoteRef) error
+	PushSecret(ctx context.Context, value []byte, typed corev1.SecretType, metadata *apiextensionsv1.JSON, remoteRef PushRemoteRef) error
 
 	// DeleteSecret will delete the secret from a provider
 	DeleteSecret(ctx context.Context, remoteRef PushRemoteRef) error

apis/externalsecrets/v1beta1/provider_schema_test.go

@@ -18,6 +18,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -36,7 +37,7 @@ func (p *PP) NewClient(_ context.Context, _ GenericStore, _ client.Client, _ str
 }
 
 // PushSecret writes a single secret into a provider.
-func (p *PP) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ PushRemoteRef) error {
+func (p *PP) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ PushRemoteRef) error {
 	return nil
 }
 

pkg/controllers/pushsecret/pushsecret_controller.go

@@ -267,7 +267,7 @@ func (r *Reconciler) PushSecretToProviders(ctx context.Context, stores map[esapi
 				return out, fmt.Errorf("secret key %v does not exist", data.Match.SecretKey)
 			}
 
-			err := client.PushSecret(ctx, secretValue, data.Metadata, data.Match.RemoteRef)
+			err := client.PushSecret(ctx, secretValue, secret.Type, data.Metadata, data.Match.RemoteRef)
 			if err != nil {
 				return out, fmt.Errorf(errSetSecretFailed, data.Match.SecretKey, store.GetName(), err)
 			}

pkg/controllers/secretstore/client_manager_test.go

@@ -340,7 +340,7 @@ type MockFakeClient struct {
 	closeCalled bool
 }
 
-func (c *MockFakeClient) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (c *MockFakeClient) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return nil
 }
 

pkg/provider/akeyless/akeyless.go

@@ -228,7 +228,7 @@ func (a *Akeyless) Validate() (esv1beta1.ValidationResult, error) {
 	return esv1beta1.ValidationResultReady, nil
 }
 
-func (a *Akeyless) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (a *Akeyless) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/alibaba/kms.go

@@ -59,7 +59,7 @@ type SMInterface interface {
 	Endpoint() string
 }
 
-func (kms *KeyManagementService) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (kms *KeyManagementService) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/aws/parameterstore/parameterstore.go

@@ -26,6 +26,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ssm"
 	"github.com/tidwall/gjson"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	utilpointer "k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -131,7 +132,7 @@ func (pm *ParameterStore) DeleteSecret(ctx context.Context, remoteRef esv1beta1.
 	return nil
 }
 
-func (pm *ParameterStore) PushSecret(ctx context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (pm *ParameterStore) PushSecret(ctx context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	parameterType := "String"
 	overwrite := true
 

pkg/provider/aws/parameterstore/parameterstore_test.go

@@ -435,7 +435,7 @@ func TestPushSecret(t *testing.T) {
 			ps := ParameterStore{
 				client: &tc.args.client,
 			}
-			err := ps.PushSecret(context.TODO(), []byte(fakeValue), nil, ref)
+			err := ps.PushSecret(context.TODO(), []byte(fakeValue), "", nil, ref)
 
 			// Error nil XOR tc.want.err nil
 			if ((err == nil) || (tc.want.err == nil)) && !((err == nil) && (tc.want.err == nil)) {

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -31,6 +31,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	utilpointer "k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -192,7 +193,7 @@ func (sm *SecretsManager) DeleteSecret(ctx context.Context, remoteRef esv1beta1.
 	return err
 }
 
-func (sm *SecretsManager) PushSecret(ctx context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (sm *SecretsManager) PushSecret(ctx context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	secretName := remoteRef.GetRemoteKey()
 	managedBy := managedBy
 	externalSecrets := externalSecrets

pkg/provider/aws/secretsmanager/secretsmanager_test.go

@@ -757,7 +757,7 @@ func TestSetSecret(t *testing.T) {
 			sm := SecretsManager{
 				client: &tc.args.client,
 			}
-			err := sm.PushSecret(context.Background(), []byte("fake-value"), nil, tc.args.remoteRef)
+			err := sm.PushSecret(context.Background(), []byte("fake-value"), "", nil, tc.args.remoteRef)
 
 			// Error nil XOR tc.want.err nil
 			if ((err == nil) || (tc.want.err == nil)) && !((err == nil) && (tc.want.err == nil)) {

pkg/provider/azure/keyvault/keyvault.go

@@ -497,7 +497,7 @@ func (a *Azure) setKeyVaultKey(ctx context.Context, secretName string, value []b
 }
 
 // PushSecret stores secrets into a Key vault instance.
-func (a *Azure) PushSecret(ctx context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (a *Azure) PushSecret(ctx context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	objectType, secretName := getObjType(esv1beta1.ExternalSecretDataRemoteRef{Key: remoteRef.GetRemoteKey()})
 	switch objectType {
 	case defaultObjType:

pkg/provider/azure/keyvault/keyvault_test.go

@@ -757,7 +757,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) {
 	}
 	for k, v := range successCases {
 		sm.baseClient = v.mockClient
-		err := sm.PushSecret(context.Background(), v.setValue, nil, v.pushRef)
+		err := sm.PushSecret(context.Background(), v.setValue, "", nil, v.pushRef)
 		if !utils.ErrorContains(err, v.expectError) {
 			if err == nil {
 				t.Errorf("[%d] unexpected error: <nil>, expected: '%s'", k, v.expectError)

pkg/provider/conjur/provider.go

@@ -172,7 +172,7 @@ func (p *Client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretData
 }
 
 // PushSecret will write a single secret into the provider.
-func (p *Client) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (p *Client) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	// NOT IMPLEMENTED
 	return nil
 }

pkg/provider/delinea/client.go

@@ -24,6 +24,7 @@ import (
 
 	"github.com/DelineaXPM/dsv-sdk-go/v2/vault"
 	"github.com/tidwall/gjson"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -71,7 +72,7 @@ func (c *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretData
 	return []byte(val.String()), nil
 }
 
-func (c *client) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (c *client) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return errors.New("pushing secrets is not supported by Delinea DevOps Secrets Vault")
 }
 

pkg/provider/doppler/client.go

@@ -120,7 +120,7 @@ func (c *Client) DeleteSecret(_ context.Context, _ esv1beta1.PushRemoteRef) erro
 	return fmt.Errorf("not implemented")
 }
 
-func (c *Client) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (c *Client) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/fake/fake.go

@@ -19,6 +19,7 @@ import (
 	"fmt"
 
 	"github.com/tidwall/gjson"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -107,7 +108,7 @@ func (p *Provider) DeleteSecret(_ context.Context, _ esv1beta1.PushRemoteRef) er
 	return nil
 }
 
-func (p *Provider) PushSecret(_ context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (p *Provider) PushSecret(_ context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	currentData, ok := p.config[remoteRef.GetRemoteKey()]
 	if !ok {
 		p.config[remoteRef.GetRemoteKey()] = &Data{

pkg/provider/fake/fake_test.go

@@ -216,7 +216,7 @@ func TestSetSecret(t *testing.T) {
 				},
 			}, nil, "")
 			gomega.Expect(err).ToNot(gomega.HaveOccurred())
-			err = cl.PushSecret(context.TODO(), []byte(row.expValue), nil, esv1alpha1.PushSecretRemoteRef{
+			err = cl.PushSecret(context.TODO(), []byte(row.expValue), "", nil, esv1alpha1.PushSecretRemoteRef{
 				RemoteKey: row.requestKey,
 			})
 			if row.expErr != "" {

pkg/provider/gcp/secretmanager/client.go

@@ -30,6 +30,7 @@ import (
 	"google.golang.org/genproto/protobuf/field_mask"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
@@ -130,7 +131,7 @@ func parseError(err error) error {
 }
 
 // PushSecret pushes a kubernetes secret key into gcp provider Secret.
-func (c *Client) PushSecret(ctx context.Context, payload []byte, metadata *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (c *Client) PushSecret(ctx context.Context, payload []byte, _ corev1.SecretType, metadata *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	secretName := fmt.Sprintf("projects/%s/secrets/%s", c.store.ProjectID, remoteRef.GetRemoteKey())
 	gcpSecret, err := c.smClient.GetSecret(ctx, &secretmanagerpb.GetSecretRequest{
 		Name: secretName,

pkg/provider/gcp/secretmanager/client_test.go

@@ -759,7 +759,7 @@ func TestPushSecret(t *testing.T) {
 					ProjectID: smtc.projectID,
 				},
 			}
-			err := c.PushSecret(context.Background(), []byte("fake-value"), tc.args.Metadata, ref)
+			err := c.PushSecret(context.Background(), []byte("fake-value"), "", tc.args.Metadata, ref)
 			if err != nil {
 				if tc.want.err == nil {
 					t.Errorf("received an unexpected error: %v", err)
@@ -954,7 +954,7 @@ func TestPushSecret_Property(t *testing.T) {
 				store:    &esv1beta1.GCPSMProvider{},
 			}
 
-			err := client.PushSecret(context.Background(), []byte(tc.payload), nil, tc.ref)
+			err := client.PushSecret(context.Background(), []byte(tc.payload), "", nil, tc.ref)
 			if err != nil {
 				if tc.expectedErr == "" {
 					t.Fatalf("PushSecret returns unexpected error: %v", err)

pkg/provider/gitlab/gitlab.go

@@ -113,7 +113,7 @@ func (g *gitlabBase) DeleteSecret(_ context.Context, _ esv1beta1.PushRemoteRef)
 	return fmt.Errorf("not implemented")
 }
 
-func (g *gitlabBase) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (g *gitlabBase) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/ibm/provider.go

@@ -129,7 +129,7 @@ func (ibm *providerIBM) DeleteSecret(_ context.Context, _ esv1beta1.PushRemoteRe
 }
 
 // Not Implemented PushSecret.
-func (ibm *providerIBM) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (ibm *providerIBM) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/keepersecurity/client.go

@@ -23,6 +23,7 @@ import (
 
 	ksm "github.com/keeper-security/secrets-manager-go/core"
 	"golang.org/x/exp/maps"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -161,7 +162,7 @@ func (c *Client) Close(_ context.Context) error {
 	return nil
 }
 
-func (c *Client) PushSecret(_ context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (c *Client) PushSecret(_ context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	parts, err := c.buildSecretNameAndKey(remoteRef)
 	if err != nil {
 		return err

pkg/provider/keepersecurity/client_test.go

@@ -619,7 +619,7 @@ func TestClientPushSecret(t *testing.T) {
 				ksmClient: tt.fields.ksmClient,
 				folderID:  tt.fields.folderID,
 			}
-			if err := c.PushSecret(tt.args.ctx, tt.args.value, nil, tt.args.remoteRef); (err != nil) != tt.wantErr {
+			if err := c.PushSecret(tt.args.ctx, tt.args.value, "", nil, tt.args.remoteRef); (err != nil) != tt.wantErr {
 				t.Errorf("PushSecret() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})

pkg/provider/kubernetes/client.go

@@ -107,7 +107,7 @@ func (c *Client) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushRemot
 	return c.fullDelete(ctx, remoteRef.GetRemoteKey())
 }
 
-func (c *Client) PushSecret(ctx context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (c *Client) PushSecret(ctx context.Context, value []byte, typed v1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	if remoteRef.GetProperty() == "" {
 		return fmt.Errorf("requires property in RemoteRef to push secret value")
 	}
@@ -116,7 +116,11 @@ func (c *Client) PushSecret(ctx context.Context, value []byte, _ *apiextensionsv
 	if getErr != nil {
 		// create if it not exists
 		if apierrors.IsNotFound(getErr) {
-			return c.createSecret(ctx, value, remoteRef)
+			newType := v1.SecretTypeOpaque
+			if typed != "" {
+				newType = typed
+			}
+			return c.createSecret(ctx, value, newType, remoteRef)
 		}
 		return getErr
 	}
@@ -296,14 +300,14 @@ func convertMap(in map[string][]byte) map[string]string {
 	return out
 }
 
-func (c *Client) createSecret(ctx context.Context, value []byte, remoteRef esv1beta1.PushRemoteRef) error {
+func (c *Client) createSecret(ctx context.Context, value []byte, typed v1.SecretType, remoteRef esv1beta1.PushRemoteRef) error {
 	s := v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      remoteRef.GetRemoteKey(),
 			Namespace: c.store.RemoteNamespace,
 		},
 		Data: map[string][]byte{remoteRef.GetProperty(): value},
-		Type: "Opaque",
+		Type: typed,
 	}
 	_, err := c.userSecretClient.Create(ctx, &s, metav1.CreateOptions{})
 	metrics.ObserveAPICall(constants.ProviderKubernetes, constants.CallKubernetesCreateSecret, err)

pkg/provider/kubernetes/client_test.go

@@ -85,6 +85,7 @@ func (fk *fakeClient) Delete(_ context.Context, name string, _ metav1.DeleteOpti
 func (fk *fakeClient) Create(_ context.Context, secret *v1.Secret, _ metav1.CreateOptions) (*v1.Secret, error) {
 	s := &v1.Secret{
 		Data: secret.Data,
+		Type: secret.Type,
 	}
 	fk.secretMap[secret.Name] = s
 	return s, nil
@@ -731,6 +732,7 @@ func TestDeleteSecret(t *testing.T) {
 func TestPushSecret(t *testing.T) {
 	type fields struct {
 		Client    KClient
+		PushType  v1.SecretType
 		PushValue string
 	}
 	tests := []struct {
@@ -855,17 +857,52 @@ func TestPushSecret(t *testing.T) {
 					Data: map[string][]byte{
 						"secret": []byte(`bar`),
 					},
+					Type: v1.SecretTypeOpaque,
 				},
 			},
 		},
-	}
+		{
+			name: "create new dockerconfigjson secret",
+			fields: fields{
+				Client: &fakeClient{
+					t: t,
+					secretMap: map[string]*v1.Secret{
+						"yoursec": {
+							Data: map[string][]byte{
+								"token": []byte(`foo`),
+							},
+						},
+					},
+				},
+				PushType:  v1.SecretTypeDockerConfigJson,
+				PushValue: `{"auths": {"myregistry.localhost": {"username": "{{ .username }}", "password": "{{ .password }}"}}}`,
+			},
+			ref: v1alpha1.PushSecretRemoteRef{
+				RemoteKey: "mysec",
+				Property:  "config.json",
+			},
+			wantErr: false,
+			wantSecretMap: map[string]*v1.Secret{
+				"yoursec": {
+					Data: map[string][]byte{
+						"token": []byte(`foo`),
+					},
+				},
+				"mysec": {
+					Data: map[string][]byte{
+						"config.json": []byte(`{"auths": {"myregistry.localhost": {"username": "{{ .username }}", "password": "{{ .password }}"}}}`),
+					},
+					Type: v1.SecretTypeDockerConfigJson,
+				},
+			},
+		}}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			p := &Client{
 				userSecretClient: tt.fields.Client,
 				store:            &esv1beta1.KubernetesProvider{},
 			}
-			err := p.PushSecret(context.Background(), []byte(tt.fields.PushValue), nil, tt.ref)
+			err := p.PushSecret(context.Background(), []byte(tt.fields.PushValue), tt.fields.PushType, nil, tt.ref)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("ProviderKubernetes.DeleteSecret() error = %v, wantErr %v", err, tt.wantErr)
 				return

pkg/provider/onepassword/onepassword.go

@@ -158,7 +158,7 @@ func (provider *ProviderOnePassword) DeleteSecret(_ context.Context, _ esv1beta1
 }
 
 // Not Implemented PushSecret.
-func (provider *ProviderOnePassword) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (provider *ProviderOnePassword) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/oracle/oracle.go

@@ -75,7 +75,7 @@ type KmsVCInterface interface {
 }
 
 // Not Implemented PushSecret.
-func (vms *VaultManagementService) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (vms *VaultManagementService) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/scaleway/client.go

@@ -26,6 +26,7 @@ import (
 	smapi "github.com/scaleway/scaleway-sdk-go/api/secret/v1alpha1"
 	"github.com/scaleway/scaleway-sdk-go/scw"
 	"github.com/tidwall/gjson"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -101,7 +102,7 @@ func (c *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretData
 	return value, nil
 }
 
-func (c *client) PushSecret(ctx context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (c *client) PushSecret(ctx context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	scwRef, err := decodeScwSecretRef(remoteRef.GetRemoteKey())
 	if err != nil {
 		return err

pkg/provider/scaleway/client_test.go

@@ -222,7 +222,7 @@ func TestPushSecret(t *testing.T) {
 		data := []byte("some secret data 6a8ff33b-c69a-4e42-b162-b7b595ee7f5f")
 		secretName := "secret-creation-test"
 
-		pushErr := c.PushSecret(ctx, data, nil, pushRemoteRef("name:"+secretName))
+		pushErr := c.PushSecret(ctx, data, "", nil, pushRemoteRef("name:"+secretName))
 
 		assert.NoError(t, pushErr)
 		assert.Len(t, db.secret(secretName).versions, 1)
@@ -234,9 +234,9 @@ func TestPushSecret(t *testing.T) {
 		c := newTestClient()
 		data := []byte("some secret data a11d416b-9169-4f4a-8c27-d2959b22e189")
 		secretName := "secret-update-test"
-		assert.NoError(t, c.PushSecret(ctx, []byte("original data"), nil, pushRemoteRef("name:"+secretName)))
+		assert.NoError(t, c.PushSecret(ctx, []byte("original data"), "", nil, pushRemoteRef("name:"+secretName)))
 
-		pushErr := c.PushSecret(ctx, data, nil, pushRemoteRef("name:"+secretName))
+		pushErr := c.PushSecret(ctx, data, "", nil, pushRemoteRef("name:"+secretName))
 
 		assert.NoError(t, pushErr)
 		assert.Len(t, db.secret(secretName).versions, 2)
@@ -249,7 +249,7 @@ func TestPushSecret(t *testing.T) {
 		data := []byte("some secret data a11d416b-9169-4f4a-8c27-d2959b22e189")
 		secretName := "push-me"
 
-		pushErr := c.PushSecret(ctx, data, nil, pushRemoteRef("name:"+secretName))
+		pushErr := c.PushSecret(ctx, data, "", nil, pushRemoteRef("name:"+secretName))
 
 		assert.NoError(t, pushErr)
 		assert.Len(t, db.secret(secretName).versions, 1)
@@ -263,7 +263,7 @@ func TestPushSecret(t *testing.T) {
 		secretPath := "/folder"
 		secretName := "secret-in-path"
 
-		pushErr := c.PushSecret(ctx, data, nil, pushRemoteRef("path:"+secretPath+"/"+secretName))
+		pushErr := c.PushSecret(ctx, data, "", nil, pushRemoteRef("path:"+secretPath+"/"+secretName))
 		assert.NoError(t, pushErr)
 		assert.Len(t, db.secret(secretName).versions, 1)
 		assert.Equal(t, data, db.secret(secretName).versions[0].data)
@@ -274,7 +274,7 @@ func TestPushSecret(t *testing.T) {
 		ctx := context.Background()
 		c := newTestClient()
 
-		pushErr := c.PushSecret(ctx, []byte("some data"), nil, pushRemoteRef("invalid:abcd"))
+		pushErr := c.PushSecret(ctx, []byte("some data"), "", nil, pushRemoteRef("invalid:abcd"))
 
 		assert.Error(t, pushErr)
 	})
@@ -283,7 +283,7 @@ func TestPushSecret(t *testing.T) {
 		ctx := context.Background()
 		c := newTestClient()
 
-		pushErr := c.PushSecret(ctx, []byte("some data"), nil, pushRemoteRef("id:"+db.secret("cant-push").id))
+		pushErr := c.PushSecret(ctx, []byte("some data"), "", nil, pushRemoteRef("id:"+db.secret("cant-push").id))
 
 		assert.Error(t, pushErr)
 	})
@@ -293,7 +293,7 @@ func TestPushSecret(t *testing.T) {
 		c := newTestClient()
 		secret := db.secret("not-changed")
 
-		pushErr := c.PushSecret(ctx, secret.versions[0].data, nil, pushRemoteRef("name:"+secret.name))
+		pushErr := c.PushSecret(ctx, secret.versions[0].data, "", nil, pushRemoteRef("name:"+secret.name))
 
 		assert.NoError(t, pushErr)
 		assert.Equal(t, 1, len(secret.versions))
@@ -304,7 +304,7 @@ func TestPushSecret(t *testing.T) {
 		c := newTestClient()
 		secret := db.secret("disabling-old-versions")
 
-		pushErr := c.PushSecret(ctx, []byte("some new data"), nil, pushRemoteRef("name:"+secret.name))
+		pushErr := c.PushSecret(ctx, []byte("some new data"), "", nil, pushRemoteRef("name:"+secret.name))
 
 		assert.NoError(t, pushErr)
 		assert.Equal(t, 2, len(secret.versions))

pkg/provider/senhasegura/dsm/dsm.go

@@ -24,6 +24,7 @@ import (
 	"net/http"
 	"net/url"
 
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -97,7 +98,7 @@ func (dsm *DSM) DeleteSecret(_ context.Context, _ esv1beta1.PushRemoteRef) error
 }
 
 // Not Implemented PushSecret.
-func (dsm *DSM) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (dsm *DSM) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/testing/fake/fake.go

@@ -17,6 +17,7 @@ package fake
 import (
 	"context"
 
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -80,7 +81,7 @@ func (v *Client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecret
 }
 
 // Not Implemented PushSecret.
-func (v *Client) PushSecret(_ context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (v *Client) PushSecret(_ context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	v.SetSecretArgs[remoteRef.GetRemoteKey()] = SetSecretCallArgs{
 		Value:     value,
 		RemoteRef: remoteRef,

pkg/provider/vault/vault.go

@@ -483,7 +483,7 @@ func (v *client) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushRemot
 	return nil
 }
 
-func (v *client) PushSecret(ctx context.Context, value []byte, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
+func (v *client) PushSecret(ctx context.Context, value []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, remoteRef esv1beta1.PushRemoteRef) error {
 	label := map[string]interface{}{
 		"custom_metadata": map[string]string{
 			"managed-by": "external-secrets",

pkg/provider/vault/vault_test.go

@@ -2040,7 +2040,7 @@ func TestSetSecret(t *testing.T) {
 			if val == nil {
 				val = []byte(`{"fake-key":"fake-value"}`)
 			}
-			err := client.PushSecret(context.Background(), val, nil, ref)
+			err := client.PushSecret(context.Background(), val, "", nil, ref)
 
 			// Error nil XOR tc.want.err nil
 			if ((err == nil) || (tc.want.err == nil)) && !((err == nil) && (tc.want.err == nil)) {

pkg/provider/webhook/webhook.go

@@ -123,7 +123,7 @@ func (w *WebHook) DeleteSecret(_ context.Context, _ esv1beta1.PushRemoteRef) err
 }
 
 // Not Implemented PushSecret.
-func (w *WebHook) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (w *WebHook) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }
 

pkg/provider/yandex/common/secretsclient.go

@@ -17,6 +17,7 @@ import (
 	"context"
 	"fmt"
 
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -40,7 +41,7 @@ func (c *yandexCloudSecretsClient) DeleteSecret(_ context.Context, _ esv1beta1.P
 	return fmt.Errorf("not implemented")
 }
 
-func (c *yandexCloudSecretsClient) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
+func (c *yandexCloudSecretsClient) PushSecret(_ context.Context, _ []byte, _ corev1.SecretType, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
 	return fmt.Errorf("not implemented")
 }