Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement SecretExists in AWS ParameterStore #4377

Merged
merged 3 commits into from
Feb 4, 2025
Merged

Implement SecretExists in AWS ParameterStore #4377

merged 3 commits into from
Feb 4, 2025

Conversation

amirahav
Copy link
Contributor

@amirahav amirahav commented Feb 3, 2025
edited
Loading

Problem Statement

PushSecret with AWS parameter store doesn't support updatePolicy: IfNotExists

Related Issue

Fixes #...

Proposed Changes

This PR implements the SecretExists function within ParameterStore to ensure that external secrets will only create the parameter if it doesn't exist in AWS.

Checklist

  • I have read the contribution guidelines
  • All commits are signed with git commit --signoff
  • My changes have reasonable test coverage
  • All tests pass with make test
  • I ensured my PR is ready for review with make reviewable

@amirahav amirahav requested a review from a team as a code owner February 3, 2025 15:00
@amirahav amirahav requested a review from Skarlso February 3, 2025 15:00
@amirahav
Implement SecretExists in AWS ParameterStore
8625084 
Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com>
@amirahav amirahav force-pushed the implement-parameter-store-secret-exists branch from 0907db8 to 8625084 Compare February 3, 2025 15:06
Skarlso
Skarlso reviewed Feb 4, 2025
View reviewed changes
pkg/provider/aws/parameterstore/parameterstore.go Outdated
func (pm *ParameterStore) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) {
return false, errors.New("not implemented")
func (pm *ParameterStore) SecretExists(ctx context.Context, pushSecretRef esv1beta1.PushSecretRemoteRef) (bool, error) {
secretName := pushSecretRef.GetRemoteKey()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be secretName := pm.prefix + data.GetRemoteKey() since that's what PushSecret is pushing as a secret name.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be fixed in the latest commit

@amirahav
Add missing prefix
1c1e1b0 
Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com>
@amirahav amirahav force-pushed the implement-parameter-store-secret-exists branch from 267f063 to 1c1e1b0 Compare February 4, 2025 15:27
@Skarlso
Copy link
Contributor

Skarlso commented Feb 4, 2025

/ok-to-test sha=1c1e1b09ccfc8be0ca646b997c06f4a2c29631d3 provider=aws

@eso-service-account-app eso-service-account-app
Copy link
Contributor

[Bot] - ✅ e2e for 1c1e1b09ccfc8be0ca646b997c06f4a2c29631d3 passed

@Skarlso Skarlso merged commit 61ddb59 into external-secrets:main Feb 4, 2025
1 of 2 checks passed
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 4, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Skarlso Skarlso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amirahav @Skarlso