WIP: Handle Secrets deletion

Signed-off-by: Gustavo <gusfcarvalho@gmail.com>

apis/externalsecrets/v1alpha1/pushsecret_types.go

@@ -110,7 +110,8 @@ type PushSecretStatus struct {
 
 	// SyncedResourceVersion keeps track of the last synced version.
 	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`
-
+	// Synced Push Secrets for later deletion. Matches Secret Stores to PushSecretData that was stored to that secretStore.
+	SyncedPushSecrets map[string]PushSecretData
 	// +optional
 	Conditions []PushSecretStatusCondition `json:"conditions,omitempty"`
 }

pkg/controllers/pushsecret/pushsecret_controller.go

@@ -93,6 +93,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		r.recorder.Event(&ps, v1.EventTypeWarning, esapi.ReasonErrored, err.Error())
 		return ctrl.Result{}, err
 	}
+
 	err = r.PushSecretToProviders(ctx, secretStores, ps, secret)
 	if err != nil {
 		msg := fmt.Sprintf(errFailedSetSecret, err)
@@ -108,8 +109,8 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 	r.recorder.Event(&ps, v1.EventTypeNormal, esapi.ReasonSynced, msg)
 	return ctrl.Result{RequeueAfter: refreshInt}, nil
 }
-
 func (r *Reconciler) PushSecretToProviders(ctx context.Context, stores []v1beta1.GenericStore, ps esapi.PushSecret, secret *v1.Secret) error {
+	// TODO - Delete Secrets from Stores if they no longer exist in spec but still exist in status
 	for _, store := range stores {
 		provider, err := v1beta1.GetProvider(store)
 		if err != nil {
@@ -135,6 +136,7 @@ func (r *Reconciler) PushSecretToProviders(ctx context.Context, stores []v1beta1
 				return fmt.Errorf(errSetSecretFailed, ref.Match.SecretKey, store.GetName(), err)
 			}
 		}
+		// TODO - for ref in Status.Synced[store], ref not belonging to ps.Spec.Data, remove ref from provider.
 	}
 	return nil
 }