From 69fe93ea49ca078b791ce8b00094fd9defa60da6 Mon Sep 17 00:00:00 2001
From: Moritz Johner <moolen@users.noreply.github.com>
Date: Thu, 6 Jul 2023 08:22:34 +0200
Subject: [PATCH] fix: make vault provider return NoSecretErr to respect
 deletionPolicy (#2455)

relates to #1512 #1502

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---
 pkg/provider/vault/vault.go      |  2 +-
 pkg/provider/vault/vault_test.go | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/pkg/provider/vault/vault.go b/pkg/provider/vault/vault.go
index ada0d9003..44de2ea5c 100644
--- a/pkg/provider/vault/vault.go
+++ b/pkg/provider/vault/vault.go
@@ -707,7 +707,7 @@ func (v *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretData
 
 	// Return nil if secret value is null
 	if data == nil {
-		return nil, nil
+		return nil, esv1beta1.NoSecretError{}
 	}
 	jsonStr, err := json.Marshal(data)
 	if err != nil {
diff --git a/pkg/provider/vault/vault_test.go b/pkg/provider/vault/vault_test.go
index 08277f170..005901895 100644
--- a/pkg/provider/vault/vault_test.go
+++ b/pkg/provider/vault/vault_test.go
@@ -632,6 +632,22 @@ func TestGetSecret(t *testing.T) {
 				val: []byte("something different"),
 			},
 		},
+		"ReadSecretWithMissingValueFromData": {
+			reason: "Should return a NoSecretErr",
+			args: args{
+				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1).Spec.Provider.Vault,
+				data: esv1beta1.ExternalSecretDataRemoteRef{
+					Property: "not-relevant",
+				},
+				vLogical: &fake.Logical{
+					ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, nil),
+				},
+			},
+			want: want{
+				err: esv1beta1.NoSecretErr,
+				val: nil,
+			},
+		},
 		"ReadSecretWithSliceValue": {
 			reason: "Should return property as a joined slice",
 			args: args{