PushSecret: GCPSM Provider reconcile checks for secret existence but not also a secret version existence

[tosih]

Describe the bug
We have run into this bug occasionally when provisioning a number of GCP secret manager secrets using external-secrets within a short time frame. There is an instance on PushSecret creation where we timeout when waiting for the client rate limit to add a secret version after a gcp secret has already been created. The issue is that even though creation fails, the Push Secret is immediately reconciled (Synced) because the push secret controller triggers a SecretExists for the offending PushSecret, but that only checks for the Secret existence and not also the SecretVersion.

To Reproduce
Reproduction of this issue can be difficult because it's essentially a race-condition where the PushSecret function will cancel when waiting for the client rate limit to resolve after creating a Secret but before creating a SecretVersion.

Expected behavior
The PushSecret reconciler should confirm that both the Secret exists and the SecretVersion exists

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

[bpalko]

Hey all, happy to take a look at this!

[gusfcarvalho]

What a fun bug :)

[bpalko]

Hey all, I've opened #5593 to address these issues. Let me know if you need anything else from me!