diff --git a/pkg/provider/vault/client_get_all_secrets.go b/pkg/provider/vault/client_get_all_secrets.go index 7540348d2..b85754141 100644 --- a/pkg/provider/vault/client_get_all_secrets.go +++ b/pkg/provider/vault/client_get_all_secrets.go @@ -118,7 +118,7 @@ func (c *client) listSecrets(ctx context.Context, path string) ([]string, error) return nil, fmt.Errorf(errReadSecret, err) } if secret == nil { - return nil, fmt.Errorf("provided path %v does not contain any secrets", url) + return nil, esv1beta1.NoSecretError{} } t, ok := secret.Data["keys"] if !ok { diff --git a/pkg/provider/vault/client_get_all_secrets_test.go b/pkg/provider/vault/client_get_all_secrets_test.go index 34ccf3ba6..1ae4ad854 100644 --- a/pkg/provider/vault/client_get_all_secrets_test.go +++ b/pkg/provider/vault/client_get_all_secrets_test.go @@ -283,6 +283,24 @@ func TestGetAllSecrets(t *testing.T) { }, }, }, + "FilterByPathReturnsNotFound": { + reason: "should return a not found error if there are no more secrets on the path", + args: args{ + store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, + vLogical: &fake.Logical{ + ListWithContextFn: func(ctx context.Context, path string) (*vault.Secret, error) { + return nil, nil + }, + ReadWithDataWithContextFn: newReadtWithContextFn(map[string]any{}), + }, + data: esv1beta1.ExternalSecretFind{ + Path: &path, + }, + }, + want: want{ + err: esv1beta1.NoSecretError{}, + }, + }, "FilterByPathKv1": { reason: "should filter secrets based on path for kv1", args: args{