Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1074 from jasonhancock/vault_not_found

vault provider: avoid a panic if secret not found in vault
paul-the-alien[bot] 4 years ago
parent
c78dec109f 3f9d6b07fc
commit
9c9bd537df
2 changed files with 44 additions and 0 deletions
Split View Show Diff Stats
  1. 7 0
      pkg/provider/vault/vault.go
  2. 37 0
      pkg/provider/vault/vault_test.go

+ 7 - 0
pkg/provider/vault/vault.go
View File 

@@ -72,6 +72,7 @@ const (
 
 	errServiceAccount       = "cannot read Kubernetes service account token from file system: %w"
 
 	errJwtNoTokenSource     = "neither `secretRef` nor `kubernetesServiceAccountToken` was supplied as token source for jwt authentication"
 
 	errUnsupportedKvVersion = "cannot perform find operations with kv version v1"
 
+	errNotFound             = "secret not found"
 
 
 	errGetKubeSA             = "cannot get Kubernetes service account %q: %w"
 
 	errGetKubeSASecrets      = "cannot find secrets bound to service account: %q"
 
@@ -461,6 +462,9 @@ func (v *client) readSecretMetadata(ctx context.Context, path string) (map[strin
 
 	if err != nil {
 
 		return nil, fmt.Errorf(errReadSecret, err)
 
 	}
 
+	if secret == nil {
 
+		return nil, errors.New(errNotFound)
 
+	}
 
 	t, ok := secret.Data["custom_metadata"]
 
 	if !ok {
 
 		return nil, nil
 
@@ -639,6 +643,9 @@ func (v *client) readSecret(ctx context.Context, path, version string) (map[stri
 
 	if err != nil {
 
 		return nil, fmt.Errorf(errReadSecret, err)
 
 	}
 
+	if vaultSecret == nil {
 
+		return nil, errors.New(errNotFound)
 
+	}
 
 	secretData := vaultSecret.Data
 
 	if v.store.Version == esv1beta1.VaultKVStoreV2 {
 
 		// Vault KV2 has data embedded within sub-field

+ 37 - 0
pkg/provider/vault/vault_test.go
View File 

@@ -656,6 +656,23 @@ func TestGetSecret(t *testing.T) {
 
 				err: fmt.Errorf(errReadSecret, errBoom),
 
 			},
 
 		},
 
+		"ReadSecretNotFound": {
 
+			reason: "Secret doesn't exist",
 
+			args: args{
 
+				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1).Spec.Provider.Vault,
 
+				data: esv1beta1.ExternalSecretDataRemoteRef{
 
+					Property: "access_key",
 
+				},
 
+				vLogical: &fake.Logical{
 
+					ReadWithDataWithContextFn: func(ctx context.Context, path string, data map[string][]string) (*vault.Secret, error) {
 
+						return nil, nil
 
+					},
 
+				},
 
+			},
 
+			want: want{
 
+				err: errors.New(errNotFound),
 
+			},
 
+		},
 
 	}
 
 
 	for name, tc := range cases {
 
@@ -1114,6 +1131,26 @@ func TestGetAllSecrets(t *testing.T) {
 
 				err: errors.New(errUnsupportedKvVersion),
 
 			},
 
 		},
 
+		"MetadataNotFound": {
 
+			reason: "metadata secret not found",
 
+			args: args{
 
+				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault,
 
+				vLogical: &fake.Logical{
 
+					ListWithContextFn: newListWithContextFn(secret),
 
+					ReadWithDataWithContextFn: func(ctx context.Context, path string, d map[string][]string) (*vault.Secret, error) {
 
+						return nil, nil
 
+					},
 
+				},
 
+				data: esv1beta1.ExternalSecretFind{
 
+					Tags: map[string]string{
 
+						"foo": "baz",
 
+					},
 
+				},
 
+			},
 
+			want: want{
 
+				err: errors.New(errNotFound),
 
+			},
 
+		},
 
 	}
 
 
 	for name, tc := range cases {