From fa8941a52633108511fac562021262aff564f729 Mon Sep 17 00:00:00 2001
From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Date: Thu, 12 Dec 2024 13:56:44 +0100
Subject: [PATCH] fix: return not found error when there is no secret for vault
 provider (#4183)

* feat: add option to ignore not found secrets on a path

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* return not found instead of ignoring it

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---
 pkg/provider/vault/client_get_all_secrets.go   |  2 +-
 .../vault/client_get_all_secrets_test.go       | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/pkg/provider/vault/client_get_all_secrets.go b/pkg/provider/vault/client_get_all_secrets.go
index 7540348d2..b85754141 100644
--- a/pkg/provider/vault/client_get_all_secrets.go
+++ b/pkg/provider/vault/client_get_all_secrets.go
@@ -118,7 +118,7 @@ func (c *client) listSecrets(ctx context.Context, path string) ([]string, error)
 		return nil, fmt.Errorf(errReadSecret, err)
 	}
 	if secret == nil {
-		return nil, fmt.Errorf("provided path %v does not contain any secrets", url)
+		return nil, esv1beta1.NoSecretError{}
 	}
 	t, ok := secret.Data["keys"]
 	if !ok {
diff --git a/pkg/provider/vault/client_get_all_secrets_test.go b/pkg/provider/vault/client_get_all_secrets_test.go
index 34ccf3ba6..1ae4ad854 100644
--- a/pkg/provider/vault/client_get_all_secrets_test.go
+++ b/pkg/provider/vault/client_get_all_secrets_test.go
@@ -283,6 +283,24 @@ func TestGetAllSecrets(t *testing.T) {
 				},
 			},
 		},
+		"FilterByPathReturnsNotFound": {
+			reason: "should return a not found error if there are no more secrets on the path",
+			args: args{
+				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault,
+				vLogical: &fake.Logical{
+					ListWithContextFn: func(ctx context.Context, path string) (*vault.Secret, error) {
+						return nil, nil
+					},
+					ReadWithDataWithContextFn: newReadtWithContextFn(map[string]any{}),
+				},
+				data: esv1beta1.ExternalSecretFind{
+					Path: &path,
+				},
+			},
+			want: want{
+				err: esv1beta1.NoSecretError{},
+			},
+		},
 		"FilterByPathKv1": {
 			reason: "should filter secrets based on path for kv1",
 			args: args{