5 дней назад · c9debbd27b
--- a/providers/v2/adapter/store/go.mod
+++ b/providers/v2/adapter/store/go.mod
@@ -13,6 +13,7 @@ require (
 
				 	github.com/external-secrets/external-secrets/apis v0.0.0
			
 
				 	github.com/external-secrets/external-secrets/proto v0.0.0
			
 
				 	github.com/external-secrets/external-secrets/providers/v2/common v0.0.0
			
 
				+	google.golang.org/grpc v1.79.3
			
 
				 	k8s.io/api v0.35.2
			
 
				 	k8s.io/apiextensions-apiserver v0.35.2
			
 
				 	k8s.io/apimachinery v0.35.2
			
@@ -68,7 +69,6 @@ require (
 
				 	golang.org/x/time v0.15.0 // indirect
			
 
				 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
			
 
				 	google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5 // indirect
			
 
				-	google.golang.org/grpc v1.79.3 // indirect
			
 
				 	google.golang.org/protobuf v1.36.11 // indirect
			
 
				 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
			
 
				 	gopkg.in/inf.v0 v0.9.1 // indirect
			
--- a/providers/v2/adapter/store/server.go
+++ b/providers/v2/adapter/store/server.go
@@ -22,6 +22,8 @@ import (
 
				 	"fmt"
			
 
				 	"strings"
			
 
				 
			
 
				+	"google.golang.org/grpc/codes"
			
 
				+	"google.golang.org/grpc/status"
			
 
				 	corev1 "k8s.io/api/core/v1"
			
 
				 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
			
 
				 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
			
@@ -175,6 +177,9 @@ func (s *Server) GetSecret(ctx context.Context, req *pb.GetSecretRequest) (*pb.G
 
				 
			
 
				 	value, err := client.GetSecret(ctx, ref)
			
 
				 	if err != nil {
			
 
				+		if errors.Is(err, esv1.NoSecretErr) {
			
 
				+			return nil, status.Error(codes.NotFound, err.Error())
			
 
				+		}
			
 
				 		return nil, fmt.Errorf("failed to get secret: %w", err)
			
 
				 	}
			
 
				 
			
@@ -196,6 +201,9 @@ func (s *Server) GetSecretMap(ctx context.Context, req *pb.GetSecretMapRequest)
 
				 
			
 
				 	secrets, err := client.GetSecretMap(ctx, ref)
			
 
				 	if err != nil {
			
 
				+		if errors.Is(err, esv1.NoSecretErr) {
			
 
				+			return nil, status.Error(codes.NotFound, err.Error())
			
 
				+		}
			
 
				 		return nil, fmt.Errorf("failed to get secret map: %w", err)
			
 
				 	}
			
 
				 
			
--- a/providers/v2/common/grpc/client.go
+++ b/providers/v2/common/grpc/client.go
@@ -23,7 +23,9 @@ import (
 
				 
			
 
				 	"github.com/go-logr/logr"
			
 
				 	"google.golang.org/grpc"
			
 
				+	"google.golang.org/grpc/codes"
			
 
				 	"google.golang.org/grpc/connectivity"
			
 
				+	"google.golang.org/grpc/status"
			
 
				 	corev1 "k8s.io/api/core/v1"
			
 
				 
			
 
				 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
			
@@ -107,6 +109,10 @@ func (c *grpcProviderClient) GetSecret(
 
				 
			
 
				 	resp, err := c.client.GetSecret(ctx, req)
			
 
				 	if err != nil {
			
 
				+		if status.Code(err) == codes.NotFound {
			
 
				+			err = esv1.NoSecretErr
			
 
				+			return nil, err
			
 
				+		}
			
 
				 		c.log.Error(err, "GetSecret RPC failed",
			
 
				 			"key", ref.Key,
			
 
				 			"connectionState", c.conn.GetState().String(),
			
@@ -171,6 +177,10 @@ func (c *grpcProviderClient) GetSecretMap(
 
				 
			
 
				 	resp, err := c.client.GetSecretMap(ctx, req)
			
 
				 	if err != nil {
			
 
				+		if status.Code(err) == codes.NotFound {
			
 
				+			err = esv1.NoSecretErr
			
 
				+			return nil, err
			
 
				+		}
			
 
				 		c.log.Error(err, "GetSecretMap RPC failed",
			
 
				 			"connectionState", c.conn.GetState().String(),
			
 
				 			"target", c.conn.Target())
			
--- a/providers/v2/common/grpc/resilient.go
+++ b/providers/v2/common/grpc/resilient.go
@@ -18,6 +18,7 @@ package grpc
 
				 
			
 
				 import (
			
 
				 	"context"
			
 
				+	"errors"
			
 
				 	"fmt"
			
 
				 
			
 
				 	"github.com/go-logr/logr"
			
@@ -141,15 +142,23 @@ func (rc *ResilientClient) GetSecret(
 
				 	sourceNamespace string,
			
 
				 ) ([]byte, error) {
			
 
				 	var result []byte
			
 
				+	var notFound bool
			
 
				 
			
 
				 	err := rc.executeWithResilience(ctx, func(client v2.Provider) error {
			
 
				 		secretData, err := client.GetSecret(ctx, ref, providerRef, sourceNamespace)
			
 
				+		if errors.Is(err, esv1.NoSecretErr) {
			
 
				+			notFound = true
			
 
				+			return nil
			
 
				+		}
			
 
				 		if err != nil {
			
 
				 			return err
			
 
				 		}
			
 
				 		result = secretData
			
 
				 		return nil
			
 
				 	})
			
 
				+	if notFound {
			
 
				+		return nil, esv1.NoSecretErr
			
 
				+	}
			
 
				 
			
 
				 	return result, err
			
 
				 }
			
@@ -162,15 +171,23 @@ func (rc *ResilientClient) GetSecretMap(
 
				 	sourceNamespace string,
			
 
				 ) (map[string][]byte, error) {
			
 
				 	var result map[string][]byte
			
 
				+	var notFound bool
			
 
				 
			
 
				 	err := rc.executeWithResilience(ctx, func(client v2.Provider) error {
			
 
				 		secretMap, err := client.GetSecretMap(ctx, ref, providerRef, sourceNamespace)
			
 
				+		if errors.Is(err, esv1.NoSecretErr) {
			
 
				+			notFound = true
			
 
				+			return nil
			
 
				+		}
			
 
				 		if err != nil {
			
 
				 			return err
			
 
				 		}
			
 
				 		result = secretMap
			
 
				 		return nil
			
 
				 	})
			
 
				+	if notFound {
			
 
				+		return nil, esv1.NoSecretErr
			
 
				+	}
			
 
				 
			
 
				 	return result, err
			
 
				 }