add immutable field on ExternalSecretTarget and on v1.Secret creation

Co-authored-by: mouhsen-ibrahim <mouhsen.ibrahim@gmail.com>

apis/externalsecrets/v1alpha1/externalsecret_types.go

@@ -103,6 +103,10 @@ type ExternalSecretTarget struct {
 	// Template defines a blueprint for the created Secret resource.
 	// +optional
 	Template *ExternalSecretTemplate `json:"template,omitempty"`
+
+	// Immutable defines if the final secret will be immutable
+	// +optional
+	Immutable bool `json:"immutable,omitempty"`
 }
 
 // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.

deploy/crds/external-secrets.io_externalsecrets.yaml

@@ -132,6 +132,9 @@ spec:
                     description: CreationPolicy defines rules on how to create the
                       resulting Secret Defaults to 'Owner'
                     type: string
+                  immutable:
+                    description: Immutable defines if the final secret will be immutable
+                    type: boolean
                   name:
                     description: Name defines the name of the Secret resource to be
                       managed This field is immutable Defaults to the .metadata.name

pkg/controllers/externalsecret/externalsecret_controller.go

@@ -172,7 +172,8 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 			Name:      externalSecret.Spec.Target.Name,
 			Namespace: externalSecret.Namespace,
 		},
-		Data: make(map[string][]byte),
+		Immutable: &externalSecret.Spec.Target.Immutable,
+		Data:      make(map[string][]byte),
 	}
 
 	mutationFunc := func() error {