Merge pull request #1086 from hydeenoble/provider/akeyless

Implemented  function for Akeyless provider

pkg/provider/akeyless/akeyless.go

@@ -18,6 +18,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net/url"
 	"strconv"
 	"time"
 
@@ -71,6 +72,48 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore,
 }
 
 func (p *Provider) ValidateStore(store esv1beta1.GenericStore) error {
+	storeSpec := store.GetSpec()
+	akeylessSpec := storeSpec.Provider.Akeyless
+
+	akeylessGWApiURL := akeylessSpec.AkeylessGWApiURL
+
+	if akeylessGWApiURL != nil && *akeylessGWApiURL != "" {
+		url, err := url.Parse(*akeylessGWApiURL)
+		if err != nil {
+			return fmt.Errorf(errInvalidAkeylessURL)
+		}
+
+		if url.Host == "" {
+			return fmt.Errorf(errInvalidAkeylessURL)
+		}
+	}
+
+	accessID := akeylessSpec.Auth.SecretRef.AccessID
+	err := utils.ValidateSecretSelector(store, accessID)
+	if err != nil {
+		return err
+	}
+
+	if accessID.Name == "" {
+		return fmt.Errorf(errInvalidAkeylessAccessIDName)
+	}
+
+	if accessID.Key == "" {
+		return fmt.Errorf(errInvalidAkeylessAccessIDKey)
+	}
+
+	accessType := akeylessSpec.Auth.SecretRef.AccessType
+	err = utils.ValidateSecretSelector(store, accessType)
+	if err != nil {
+		return err
+	}
+
+	accessTypeParam := akeylessSpec.Auth.SecretRef.AccessTypeParam
+	err = utils.ValidateSecretSelector(store, accessTypeParam)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 

pkg/provider/akeyless/akeyless_test.go

@@ -21,6 +21,7 @@ import (
 	"testing"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
+	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
 	fakeakeyless "github.com/external-secrets/external-secrets/pkg/provider/akeyless/fake"
 )
 
@@ -124,6 +125,43 @@ func TestAkeylessGetSecret(t *testing.T) {
 	}
 }
 
+func TestValidateStore(t *testing.T) {
+	provider := Provider{}
+
+	akeylessGWApiURL := ""
+
+	store := &esv1beta1.SecretStore{
+		Spec: esv1beta1.SecretStoreSpec{
+			Provider: &esv1beta1.SecretStoreProvider{
+				Akeyless: &esv1beta1.AkeylessProvider{
+					AkeylessGWApiURL: &akeylessGWApiURL,
+					Auth: &esv1beta1.AkeylessAuth{
+						SecretRef: esv1beta1.AkeylessAuthSecretRef{
+							AccessID: esmeta.SecretKeySelector{
+								Name: "accessId",
+								Key:  "key-1",
+							},
+							AccessType: esmeta.SecretKeySelector{
+								Name: "accessId",
+								Key:  "key-1",
+							},
+							AccessTypeParam: esmeta.SecretKeySelector{
+								Name: "accessId",
+								Key:  "key-1",
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	err := provider.ValidateStore(store)
+	if err != nil {
+		t.Errorf(err.Error())
+	}
+}
+
 func TestGetSecretMap(t *testing.T) {
 	// good case: default version & deserialization
 	setDeserialization := func(smtc *akeylessTestCase) {

pkg/provider/akeyless/utils.go

@@ -31,6 +31,9 @@ const (
 	errInvalidProvider              = "invalid provider spec. Missing Akeyless field in store %s"
 	errJSONSecretUnmarshal          = "unable to unmarshal secret: %w"
 	errUninitalizedAkeylessProvider = "provider akeyless is not initialized"
+	errInvalidAkeylessURL           = "invalid akeyless GW API URL"
+	errInvalidAkeylessAccessIDName  = "missing akeyless accessID name"
+	errInvalidAkeylessAccessIDKey   = "missing akeyless accessID key"
 )
 
 // GetAKeylessProvider does the necessary nil checks and returns the akeyless provider or an error.