fix: remove sourceRef.generatorRef from .data[] (#2735)

fix: deprecate sourceRef.generatorRef from .data[]

A generator is supposed to be used via .dataFrom[]. Usage in .data[]
is not implemented and doesn't make sense, see #2720.

This commit splits the SourceRef into two types:
- one that only defines a secretStoreRef
- one that allows to define either secretStoreRef or generatorRef

The former is used in .data[] and the latter is used in .dataFrom[].

The Deprecated field is going to be removed with v1.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

apis/externalsecrets/v1beta1/externalsecret_types.go

@@ -197,7 +197,7 @@ type ExternalSecretData struct {
 
 	// SourceRef allows you to override the source
 	// from which the value will pulled from.
-	SourceRef *SourceRef `json:"sourceRef,omitempty"`
+	SourceRef *StoreSourceRef `json:"sourceRef,omitempty"`
 }
 
 // ExternalSecretDataRemoteRef defines Provider data location.
@@ -276,7 +276,7 @@ type ExternalSecretDataFromRemoteRef struct {
 	// a specific SecretStore.
 	// When sourceRef points to a generator Extract or Find is not supported.
 	// The generator returns a static map of values
-	SourceRef *SourceRef `json:"sourceRef,omitempty"`
+	SourceRef *StoreGeneratorSourceRef `json:"sourceRef,omitempty"`
 }
 
 type ExternalSecretRewrite struct {
@@ -357,15 +357,30 @@ type ExternalSecretSpec struct {
 	DataFrom []ExternalSecretDataFromRemoteRef `json:"dataFrom,omitempty"`
 }
 
-// SourceRef allows you to override the source
+// StoreSourceRef allows you to override the SecretStore source
 // from which the secret will be pulled from.
 // You can define at maximum one property.
 // +kubebuilder:validation:MaxProperties=1
-type SourceRef struct {
+type StoreSourceRef struct {
+	// +optional
+	SecretStoreRef SecretStoreRef `json:"storeRef"`
+
+	// GeneratorRef points to a generator custom resource.
+	//
+	// Deprecated: The generatorRef is not implemented in .data[].
+	// this will be removed with v1.
+	GeneratorRef *GeneratorRef `json:"generatorRef,omitempty"`
+}
+
+// StoreGeneratorSourceRef allows you to override the source
+// from which the secret will be pulled from.
+// You can define at maximum one property.
+// +kubebuilder:validation:MaxProperties=1
+type StoreGeneratorSourceRef struct {
 	// +optional
 	SecretStoreRef *SecretStoreRef `json:"storeRef,omitempty"`
 
-	// GeneratorRef points to a generator custom resource in
+	// GeneratorRef points to a generator custom resource.
 	// +optional
 	GeneratorRef *GeneratorRef `json:"generatorRef,omitempty"`
 }

apis/externalsecrets/v1beta1/externalsecret_validator_test.go

@@ -61,7 +61,7 @@ func TestValidateExternalSecret(t *testing.T) {
 					DataFrom: []ExternalSecretDataFromRemoteRef{
 						{
 							Find: &ExternalSecretFind{},
-							SourceRef: &SourceRef{
+							SourceRef: &StoreGeneratorSourceRef{
 								GeneratorRef: &GeneratorRef{},
 							},
 						},
@@ -77,7 +77,7 @@ func TestValidateExternalSecret(t *testing.T) {
 					DataFrom: []ExternalSecretDataFromRemoteRef{
 						{
 							Extract: &ExternalSecretDataRemoteRef{},
-							SourceRef: &SourceRef{
+							SourceRef: &StoreGeneratorSourceRef{
 								GeneratorRef: &GeneratorRef{},
 							},
 						},

apis/externalsecrets/v1beta1/zz_generated.deepcopy.go

@@ -889,7 +889,7 @@ func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData) {
 	out.RemoteRef = in.RemoteRef
 	if in.SourceRef != nil {
 		in, out := &in.SourceRef, &out.SourceRef
-		*out = new(SourceRef)
+		*out = new(StoreSourceRef)
 		(*in).DeepCopyInto(*out)
 	}
 }
@@ -926,7 +926,7 @@ func (in *ExternalSecretDataFromRemoteRef) DeepCopyInto(out *ExternalSecretDataF
 	}
 	if in.SourceRef != nil {
 		in, out := &in.SourceRef, &out.SourceRef
-		*out = new(SourceRef)
+		*out = new(StoreGeneratorSourceRef)
 		(*in).DeepCopyInto(*out)
 	}
 }
@@ -2142,7 +2142,7 @@ func (in *SenhaseguraProvider) DeepCopy() *SenhaseguraProvider {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SourceRef) DeepCopyInto(out *SourceRef) {
+func (in *StoreGeneratorSourceRef) DeepCopyInto(out *StoreGeneratorSourceRef) {
 	*out = *in
 	if in.SecretStoreRef != nil {
 		in, out := &in.SecretStoreRef, &out.SecretStoreRef
@@ -2156,12 +2156,33 @@ func (in *SourceRef) DeepCopyInto(out *SourceRef) {
 	}
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceRef.
-func (in *SourceRef) DeepCopy() *SourceRef {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StoreGeneratorSourceRef.
+func (in *StoreGeneratorSourceRef) DeepCopy() *StoreGeneratorSourceRef {
 	if in == nil {
 		return nil
 	}
-	out := new(SourceRef)
+	out := new(StoreGeneratorSourceRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StoreSourceRef) DeepCopyInto(out *StoreSourceRef) {
+	*out = *in
+	out.SecretStoreRef = in.SecretStoreRef
+	if in.GeneratorRef != nil {
+		in, out := &in.GeneratorRef, &out.GeneratorRef
+		*out = new(GeneratorRef)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StoreSourceRef.
+func (in *StoreSourceRef) DeepCopy() *StoreSourceRef {
+	if in == nil {
+		return nil
+	}
+	out := new(StoreSourceRef)
 	in.DeepCopyInto(out)
 	return out
 }

config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml

@@ -128,8 +128,9 @@ spec:
                           maxProperties: 1
                           properties:
                             generatorRef:
-                              description: GeneratorRef points to a generator custom
-                                resource in
+                              description: "GeneratorRef points to a generator custom
+                                resource. \n Deprecated: The generatorRef is not implemented
+                                in .data[]. this will be removed with v1."
                               properties:
                                 apiVersion:
                                   default: generators.external-secrets.io/v1alpha1
@@ -303,7 +304,7 @@ spec:
                           properties:
                             generatorRef:
                               description: GeneratorRef points to a generator custom
-                                resource in
+                                resource.
                               properties:
                                 apiVersion:
                                   default: generators.external-secrets.io/v1alpha1

config/crds/bases/external-secrets.io_externalsecrets.yaml

@@ -377,8 +377,9 @@ spec:
                       maxProperties: 1
                       properties:
                         generatorRef:
-                          description: GeneratorRef points to a generator custom resource
-                            in
+                          description: "GeneratorRef points to a generator custom
+                            resource. \n Deprecated: The generatorRef is not implemented
+                            in .data[]. this will be removed with v1."
                           properties:
                             apiVersion:
                               default: generators.external-secrets.io/v1alpha1
@@ -550,8 +551,7 @@ spec:
                       maxProperties: 1
                       properties:
                         generatorRef:
-                          description: GeneratorRef points to a generator custom resource
-                            in
+                          description: GeneratorRef points to a generator custom resource.
                           properties:
                             apiVersion:
                               default: generators.external-secrets.io/v1alpha1

deploy/crds/bundle.yaml

@@ -112,7 +112,7 @@ spec:
                             maxProperties: 1
                             properties:
                               generatorRef:
-                                description: GeneratorRef points to a generator custom resource in
+                                description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
                                 properties:
                                   apiVersion:
                                     default: generators.external-secrets.io/v1alpha1
@@ -256,7 +256,7 @@ spec:
                             maxProperties: 1
                             properties:
                               generatorRef:
-                                description: GeneratorRef points to a generator custom resource in
+                                description: GeneratorRef points to a generator custom resource.
                                 properties:
                                   apiVersion:
                                     default: generators.external-secrets.io/v1alpha1
@@ -3840,7 +3840,7 @@ spec:
                         maxProperties: 1
                         properties:
                           generatorRef:
-                            description: GeneratorRef points to a generator custom resource in
+                            description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1."
                             properties:
                               apiVersion:
                                 default: generators.external-secrets.io/v1alpha1
@@ -3984,7 +3984,7 @@ spec:
                         maxProperties: 1
                         properties:
                           generatorRef:
-                            description: GeneratorRef points to a generator custom resource in
+                            description: GeneratorRef points to a generator custom resource.
                             properties:
                               apiVersion:
                                 default: generators.external-secrets.io/v1alpha1

docs/api/spec.md

@@ -2454,8 +2454,8 @@ which secret (version/property/..) to fetch.</p>
 <td>
 <code>sourceRef</code></br>
 <em>
-<a href="#external-secrets.io/v1beta1.SourceRef">
-SourceRef
+<a href="#external-secrets.io/v1beta1.StoreSourceRef">
+StoreSourceRef
 </a>
 </em>
 </td>
@@ -2531,8 +2531,8 @@ Multiple Rewrite operations can be provided. They are applied in a layered order
 <td>
 <code>sourceRef</code></br>
 <em>
-<a href="#external-secrets.io/v1beta1.SourceRef">
-SourceRef
+<a href="#external-secrets.io/v1beta1.StoreGeneratorSourceRef">
+StoreGeneratorSourceRef
 </a>
 </em>
 </td>
@@ -3710,7 +3710,8 @@ string
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
+<a href="#external-secrets.io/v1beta1.StoreGeneratorSourceRef">StoreGeneratorSourceRef</a>, 
+<a href="#external-secrets.io/v1beta1.StoreSourceRef">StoreSourceRef</a>)
 </p>
 <p>
 <p>GeneratorRef points to a generator custom resource.</p>
@@ -5249,7 +5250,8 @@ DelineaProvider
 <p>
 (<em>Appears on:</em>
 <a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>, 
-<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
+<a href="#external-secrets.io/v1beta1.StoreGeneratorSourceRef">StoreGeneratorSourceRef</a>, 
+<a href="#external-secrets.io/v1beta1.StoreSourceRef">StoreSourceRef</a>)
 </p>
 <p>
 <p>SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.</p>
@@ -5671,15 +5673,14 @@ bool
 </tr>
 </tbody>
 </table>
-<h3 id="external-secrets.io/v1beta1.SourceRef">SourceRef
+<h3 id="external-secrets.io/v1beta1.StoreGeneratorSourceRef">StoreGeneratorSourceRef
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData</a>, 
 <a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
 </p>
 <p>
-<p>SourceRef allows you to override the source
+<p>StoreGeneratorSourceRef allows you to override the source
 from which the secret will be pulled from.
 You can define at maximum one property.</p>
 </p>
@@ -5715,7 +5716,56 @@ GeneratorRef
 </td>
 <td>
 <em>(Optional)</em>
-<p>GeneratorRef points to a generator custom resource in</p>
+<p>GeneratorRef points to a generator custom resource.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="external-secrets.io/v1beta1.StoreSourceRef">StoreSourceRef
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData</a>)
+</p>
+<p>
+<p>StoreSourceRef allows you to override the SecretStore source
+from which the secret will be pulled from.
+You can define at maximum one property.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>storeRef</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SecretStoreRef">
+SecretStoreRef
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>generatorRef</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.GeneratorRef">
+GeneratorRef
+</a>
+</em>
+</td>
+<td>
+<p>GeneratorRef points to a generator custom resource.</p>
+<p>Deprecated: The generatorRef is not implemented in .data[].
+this will be removed with v1.</p>
 </td>
 </tr>
 </tbody>

docs/snippets/full-external-secret.yaml

@@ -84,12 +84,6 @@ spec:
           name: aws-secretstore
           kind: ClusterSecretStore
 
-        # point to a generator resource that provides the secret value
-        generatorRef:
-          apiVersion: generators.external-secrets.io/v1alpha1
-          kind: Password
-          name: db-password
-
   # Used to fetch all properties from the Provider key
   # If multiple dataFrom are specified, secrets are merged in the specified order
   dataFrom:

e2e/suites/generator/ecr.go

@@ -85,7 +85,7 @@ var _ = Describe("ecr generator", Label("ecr"), func() {
 	customResourceGenerator := func(tc *testCase) {
 		tc.ExternalSecret.Spec.DataFrom = []esv1beta1.ExternalSecretDataFromRemoteRef{
 			{
-				SourceRef: &esv1beta1.SourceRef{
+				SourceRef: &esv1beta1.StoreGeneratorSourceRef{
 					GeneratorRef: &esv1beta1.GeneratorRef{
 						// we don't need to specify the apiVersion,
 						// this should be inferred by the controller.

e2e/suites/generator/fake.go

@@ -58,7 +58,7 @@ var _ = Describe("fake generator", Label("fake"), func() {
 	customResourceGenerator := func(tc *testCase) {
 		tc.ExternalSecret.Spec.DataFrom = []esv1beta1.ExternalSecretDataFromRemoteRef{
 			{
-				SourceRef: &esv1beta1.SourceRef{
+				SourceRef: &esv1beta1.StoreGeneratorSourceRef{
 					GeneratorRef: &esv1beta1.GeneratorRef{
 						// we don't need to specify the apiVersion,
 						// this should be inferred by the controller.

e2e/suites/generator/password.go

@@ -51,7 +51,7 @@ var _ = Describe("password generator", Label("password"), func() {
 	customResourceGenerator := func(tc *testCase) {
 		tc.ExternalSecret.Spec.DataFrom = []esv1beta1.ExternalSecretDataFromRemoteRef{
 			{
-				SourceRef: &esv1beta1.SourceRef{
+				SourceRef: &esv1beta1.StoreGeneratorSourceRef{
 					GeneratorRef: &esv1beta1.GeneratorRef{
 						// we don't need to specify the apiVersion,
 						// this should be inferred by the controller.

e2e/suites/provider/cases/scaleway/provider.go

@@ -88,19 +88,25 @@ func (p *secretStoreProvider) DeleteSecret(key string) {
 	gomega.Expect(key).To(gomega.HavePrefix(remoteRefPrefix))
 	secretName := key[len(remoteRefPrefix):]
 
-	secret, err := p.api.GetSecretByName(&smapi.GetSecretByNameRequest{
-		SecretName: secretName,
+	p.api.GetSecret(&smapi.GetSecretRequest{
+		Region:   "",
+		SecretID: "",
+	})
+	res, err := p.api.ListSecrets(&smapi.ListSecretsRequest{
+		Name: &secretName,
 	})
 	if _, isErrNotFound := err.(*scw.ResourceNotFoundError); isErrNotFound {
 		return
 	}
 	gomega.Expect(err).ToNot(gomega.HaveOccurred())
 
-	err = p.api.DeleteSecret(&smapi.DeleteSecretRequest{
-		SecretID: secret.ID,
-	})
-	if _, isErrNotFound := err.(*scw.ResourceNotFoundError); isErrNotFound {
-		return
+	for _, secret := range res.Secrets {
+		err = p.api.DeleteSecret(&smapi.DeleteSecretRequest{
+			SecretID: secret.ID,
+		})
+		if _, isErrNotFound := err.(*scw.ResourceNotFoundError); isErrNotFound {
+			return
+		}
+		gomega.Expect(err).ToNot(gomega.HaveOccurred())
 	}
-	gomega.Expect(err).ToNot(gomega.HaveOccurred())
 }

pkg/controllers/externalsecret/externalsecret_controller.go

@@ -507,8 +507,8 @@ func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconcil
 	}
 
 	for _, ref := range es.Spec.Data {
-		if ref.SourceRef != nil && ref.SourceRef.SecretStoreRef != nil {
-			storeList = append(storeList, *ref.SourceRef.SecretStoreRef)
+		if ref.SourceRef != nil {
+			storeList = append(storeList, ref.SourceRef.SecretStoreRef)
 		}
 	}
 
@@ -519,7 +519,7 @@ func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconcil
 
 		// verify that generator's controllerClass matches
 		if ref.SourceRef != nil && ref.SourceRef.GeneratorRef != nil {
-			genDef, err := r.getGeneratorDefinition(ctx, namespace, ref.SourceRef)
+			genDef, err := r.getGeneratorDefinition(ctx, namespace, ref.SourceRef.GeneratorRef)
 			if err != nil {
 				return false, err
 			}

pkg/controllers/externalsecret/externalsecret_controller_secret.go

@@ -89,7 +89,7 @@ func (r *Reconciler) getProviderSecretData(ctx context.Context, externalSecret *
 }
 
 func (r *Reconciler) handleSecretData(ctx context.Context, i int, externalSecret esv1beta1.ExternalSecret, secretRef esv1beta1.ExternalSecretData, providerData map[string][]byte, cmgr *secretstore.Manager) error {
-	client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, secretRef.SourceRef)
+	client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, toStoreGenSourceRef(secretRef.SourceRef))
 	if err != nil {
 		return err
 	}
@@ -105,8 +105,17 @@ func (r *Reconciler) handleSecretData(ctx context.Context, i int, externalSecret
 	return nil
 }
 
+func toStoreGenSourceRef(ref *esv1beta1.StoreSourceRef) *esv1beta1.StoreGeneratorSourceRef {
+	if ref == nil {
+		return nil
+	}
+	return &esv1beta1.StoreGeneratorSourceRef{
+		SecretStoreRef: &ref.SecretStoreRef,
+	}
+}
+
 func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, i int) (map[string][]byte, error) {
-	genDef, err := r.getGeneratorDefinition(ctx, namespace, remoteRef.SourceRef)
+	genDef, err := r.getGeneratorDefinition(ctx, namespace, remoteRef.SourceRef.GeneratorRef)
 	if err != nil {
 		return nil, err
 	}
@@ -130,7 +139,7 @@ func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string
 
 // getGeneratorDefinition returns the generator JSON for a given sourceRef
 // when it uses a generatorRef it fetches the resource and returns the JSON.
-func (r *Reconciler) getGeneratorDefinition(ctx context.Context, namespace string, sourceRef *esv1beta1.SourceRef) (*apiextensions.JSON, error) {
+func (r *Reconciler) getGeneratorDefinition(ctx context.Context, namespace string, generatorRef *esv1beta1.GeneratorRef) (*apiextensions.JSON, error) {
 	// client-go dynamic client needs a GVR to fetch the resource
 	// But we only have the GVK in our generatorRef.
 	//
@@ -142,14 +151,14 @@ func (r *Reconciler) getGeneratorDefinition(ctx context.Context, namespace strin
 		return nil, err
 	}
 
-	gv, err := schema.ParseGroupVersion(sourceRef.GeneratorRef.APIVersion)
+	gv, err := schema.ParseGroupVersion(generatorRef.APIVersion)
 	if err != nil {
 		return nil, err
 	}
 	mapper := restmapper.NewDiscoveryRESTMapper(groupResources)
 	mapping, err := mapper.RESTMapping(schema.GroupKind{
 		Group: gv.Group,
-		Kind:  sourceRef.GeneratorRef.Kind,
+		Kind:  generatorRef.Kind,
 	})
 	if err != nil {
 		return nil, err
@@ -160,7 +169,7 @@ func (r *Reconciler) getGeneratorDefinition(ctx context.Context, namespace strin
 	}
 	res, err := d.Resource(mapping.Resource).
 		Namespace(namespace).
-		Get(ctx, sourceRef.GeneratorRef.Name, metav1.GetOptions{})
+		Get(ctx, generatorRef.Name, metav1.GetOptions{})
 	if err != nil {
 		return nil, err
 	}

pkg/controllers/externalsecret/externalsecret_controller_test.go

@@ -527,7 +527,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() {
 		tc.externalSecret.Spec.Data = nil
 		tc.externalSecret.Spec.DataFrom = []esv1beta1.ExternalSecretDataFromRemoteRef{
 			{
-				SourceRef: &esv1beta1.SourceRef{
+				SourceRef: &esv1beta1.StoreGeneratorSourceRef{
 					GeneratorRef: &esv1beta1.GeneratorRef{
 						APIVersion: genv1alpha1.Group + "/" + genv1alpha1.Version,
 						Kind:       "Fake",
@@ -652,7 +652,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() {
 				Extract: &esv1beta1.ExternalSecretDataRemoteRef{
 					Key: "foo",
 				},
-				SourceRef: &esv1beta1.SourceRef{
+				SourceRef: &esv1beta1.StoreGeneratorSourceRef{
 					SecretStoreRef: &esv1beta1.SecretStoreRef{
 						Name: "foo",
 						Kind: esv1beta1.SecretStoreKind,
@@ -663,7 +663,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() {
 				Extract: &esv1beta1.ExternalSecretDataRemoteRef{
 					Key: "baz",
 				},
-				SourceRef: &esv1beta1.SourceRef{
+				SourceRef: &esv1beta1.StoreGeneratorSourceRef{
 					SecretStoreRef: &esv1beta1.SecretStoreRef{
 						Name: "baz",
 						Kind: esv1beta1.SecretStoreKind,

pkg/controllers/secretstore/client_manager.go

@@ -103,7 +103,7 @@ func (m *Manager) GetFromStore(ctx context.Context, store esv1beta1.GenericStore
 // while sourceRef.SecretStoreRef takes precedence over storeRef.
 // Do not close the client returned from this func, instead close
 // the manager once you're done with recinciling the external secret.
-func (m *Manager) Get(ctx context.Context, storeRef esv1beta1.SecretStoreRef, namespace string, sourceRef *esv1beta1.SourceRef) (esv1beta1.SecretsClient, error) {
+func (m *Manager) Get(ctx context.Context, storeRef esv1beta1.SecretStoreRef, namespace string, sourceRef *esv1beta1.StoreGeneratorSourceRef) (esv1beta1.SecretsClient, error) {
 	if sourceRef != nil && sourceRef.SecretStoreRef != nil {
 		storeRef = *sourceRef.SecretStoreRef
 	}

pkg/controllers/secretstore/client_manager_test.go

@@ -100,7 +100,7 @@ func TestManagerGet(t *testing.T) {
 	type args struct {
 		storeRef  esv1beta1.SecretStoreRef
 		namespace string
-		sourceRef *esv1beta1.SourceRef
+		sourceRef *esv1beta1.StoreGeneratorSourceRef
 	}
 	tests := []struct {
 		name              string
@@ -168,7 +168,7 @@ func TestManagerGet(t *testing.T) {
 					Kind: esv1beta1.SecretStoreKind,
 				},
 				// this should take precedence
-				sourceRef: &esv1beta1.SourceRef{
+				sourceRef: &esv1beta1.StoreGeneratorSourceRef{
 					SecretStoreRef: &esv1beta1.SecretStoreRef{
 						Name: otherStore.Name,
 						Kind: esv1beta1.SecretStoreKind,