argoproj · crenshaw-dev · Sep 25, 2023 · Jul 5, 2023 · Jul 6, 2023 · Jul 6, 2023
@@ -0,0 +1,4 @@
+actionTests:
+  - action: push
+    inputPath: testdata/push-secret.yaml
+    expectedOutputPath: testdata/push-secret-updated.yaml
@@ -0,0 +1,3 @@
+actions = {}
+actions["push"] = {["disabled"] = false}
+return actions
@@ -0,0 +1,6 @@
+local os = require("os")
+if obj.metadata.annotations == nil then
+    obj.metadata.annotations = {}
+end
+obj.metadata.annotations["force-sync"] = os.date("!%Y-%m-%dT%XZ")
+return obj
@@ -0,0 +1,41 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  annotations:
+    force-sync: '0001-01-01T00:00:00Z'
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-healthy
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: PushSecret synced successfully
+      reason: Synced
+      status: 'True'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store:
+      remote/path/test:
+        match:
+          remoteRef:
+            property: test
+            remoteKey: remote/path
+          secretKey: test
@@ -0,0 +1,39 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-healthy
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: PushSecret synced successfully
+      reason: Synced
+      status: 'True'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store:
+      remote/path/test:
+        match:
+          remoteRef:
+            property: test
+            remoteKey: remote/path
+          secretKey: test
@@ -0,0 +1,20 @@
+hs = {}
+if obj.status ~= nil then
+  if obj.status.conditions ~= nil then
+    for i, condition in ipairs(obj.status.conditions) do
+      if condition.type == "Ready" and condition.status == "False" then
+        hs.status = "Degraded"
+        hs.message = condition.message
+        return hs
+      end
+      if condition.type == "Ready" and condition.status == "True" then
+        hs.status = "Healthy"
+        hs.message = condition.message
+        return hs
+      end
+    end
+  end
+end
+hs.status = "Progressing"
+hs.message = "Waiting for PushSecret"
+return hs
@@ -0,0 +1,13 @@
+tests:
+  - healthStatus:
+      status: Progressing
+      message: Waiting for PushSecret
+    inputPath: testdata/progressing.yaml
+  - healthStatus:
+      status: Degraded
+      message: 'set secret failed: could not write remote ref test to target secretstore my-store: Error making API request.'
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Healthy
+      message: 'PushSecret synced successfully'
+    inputPath: testdata/healthy.yaml
@@ -0,0 +1,33 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-degraded
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: 'set secret failed: could not write remote ref test to target secretstore my-store: Error making API request.'
+      reason: Errored
+      status: 'False'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store: {}
@@ -0,0 +1,39 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-healthy
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: PushSecret synced successfully
+      reason: Synced
+      status: 'True'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store:
+      remote/path/test:
+        match:
+          remoteRef:
+            property: test
+            remoteKey: remote/path
+          secretKey: test
@@ -0,0 +1,24 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-progressing
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
@@ -58,7 +58,7 @@ func (t testNormalizer) Normalize(un *unstructured.Unstructured) error {
 		if err != nil {
 			return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err)
 		}
-	case "ExternalSecret":
+	case "ExternalSecret", "PushSecret":
 		err := unstructured.SetNestedStringMap(un.Object, map[string]string{"force-sync": "0001-01-01T00:00:00Z"}, "metadata", "annotations")
 		if err != nil {
 			return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err)