1 year ago · f516892164
--- a/pkg/provider/gcp/secretmanager/client.go
+++ b/pkg/provider/gcp/secretmanager/client.go
@@ -136,11 +136,23 @@ func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef
 
				 
			
 
				 // PushSecret pushes a kubernetes secret key into gcp provider Secret.
			
 
				 func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecretData esv1beta1.PushSecretData) error {
			
 
				+	var (
			
 
				+		payload []byte
			
 
				+		err     error
			
 
				+	)
			
 
				 	if pushSecretData.GetSecretKey() == "" {
			
 
				-		return fmt.Errorf("pushing the whole secret is not yet implemented")
			
 
				+		// Must convert secret values to string, otherwise data will be sent as base64 to Vault
			
 
				+		secretStringVal := make(map[string]string)
			
 
				+		for k, v := range secret.Data {
			
 
				+			secretStringVal[k] = string(v)
			
 
				+		}
			
 
				+		payload, err = utils.JSONMarshal(secretStringVal)
			
 
				+		if err != nil {
			
 
				+			return fmt.Errorf("failed to serialize secret content as JSON: %w", err)
			
 
				+		}
			
 
				+	} else {
			
 
				+		payload = secret.Data[pushSecretData.GetSecretKey()]
			
 
				 	}
			
 
				-
			
 
				-	payload := secret.Data[pushSecretData.GetSecretKey()]
			
 
				 	secretName := fmt.Sprintf("projects/%s/secrets/%s", c.store.ProjectID, pushSecretData.GetRemoteKey())
			
 
				 	gcpSecret, err := c.smClient.GetSecret(ctx, &secretmanagerpb.GetSecretRequest{
			
 
				 		Name: secretName,
			
--- a/pkg/provider/gcp/secretmanager/client_test.go
+++ b/pkg/provider/gcp/secretmanager/client_test.go
@@ -591,9 +591,10 @@ func TestPushSecret(t *testing.T) {
 
				 		req func(*fakesm.MockSMClient) error
			
 
				 	}
			
 
				 	tests := []struct {
			
 
				-		desc string
			
 
				-		args args
			
 
				-		want want
			
 
				+		desc   string
			
 
				+		args   args
			
 
				+		want   want
			
 
				+		secret *corev1.Secret
			
 
				 	}{
			
 
				 		{
			
 
				 			desc: "SetSecret successfully pushes a secret",
			
@@ -801,6 +802,19 @@ func TestPushSecret(t *testing.T) {
 
				 				err: canceledError,
			
 
				 			},
			
 
				 		},
			
 
				+		{
			
 
				+			desc: "Whole secret is set with no existing GCPSM secret",
			
 
				+			args: args{
			
 
				+				store:                         &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID},
			
 
				+				mock:                          smtc.mockClient,
			
 
				+				GetSecretMockReturn:           fakesm.SecretMockReturn{Secret: &secret, Err: nil},
			
 
				+				AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: &res, Err: nil},
			
 
				+				AddSecretVersionMockReturn:    fakesm.AddSecretVersionMockReturn{SecretVersion: &secretVersion, Err: nil}},
			
 
				+			want: want{
			
 
				+				err: nil,
			
 
				+			},
			
 
				+			secret: &corev1.Secret{Data: map[string][]byte{"key1": []byte(`value1`), "key2": []byte(`value2`)}},
			
 
				+		},
			
 
				 	}
			
 
				 	for _, tc := range tests {
			
 
				 		t.Run(tc.desc, func(t *testing.T) {
			
@@ -814,7 +828,10 @@ func TestPushSecret(t *testing.T) {
 
				 				smClient: tc.args.mock,
			
 
				 				store:    tc.args.store,
			
 
				 			}
			
 
				-			s := &corev1.Secret{Data: map[string][]byte{secretKey: []byte("fake-value")}}
			
 
				+			s := tc.secret
			
 
				+			if s == nil {
			
 
				+				s = &corev1.Secret{Data: map[string][]byte{secretKey: []byte("fake-value")}}
			
 
				+			}
			
 
				 			data := testingfake.PushSecretData{
			
 
				 				SecretKey: secretKey,
			
 
				 				Metadata:  tc.args.Metadata,