Skip to content

feat(aws): add defining a resource policy via metadata for secretsmanager#5399

Merged
Skarlso merged 6 commits intoexternal-secrets:mainfrom
Skarlso:add-put-resource-policy-to-aws
Oct 17, 2025
Merged

feat(aws): add defining a resource policy via metadata for secretsmanager#5399
Skarlso merged 6 commits intoexternal-secrets:mainfrom
Skarlso:add-put-resource-policy-to-aws

Conversation

@Skarlso
Copy link
Copy Markdown
Contributor

@Skarlso Skarlso commented Oct 2, 2025
edited
Loading

Problem Statement

What is the problem you're trying to solve?

Related Issue

Fixes #5395

Proposed Changes

How do you like to solve the issue and why?

Format

Please ensure that your PR follows the following format for the title:

feat(scope): add new feature
fix(scope): fix bug
docs(scope): update documentation
chore(scope): update build tool or dependencies
ref(scope): refactor code
clean(scope): provider cleanup
test(scope): add tests
perf(scope): improve performance
desig(scope): improve design

Where scope is optionally one of:

  • charts
  • release
  • testing
  • security
  • templating

Checklist

  • I have read the contribution guidelines
  • All commits are signed with git commit --signoff
  • My changes have reasonable test coverage
  • All tests pass with make test
  • I ensured my PR is ready for review with make reviewable

@github-actions github-actions bot added area/aws Indicates an issue or PR related to AWS. kind/feature Categorizes issue or PR as related to a new feature. kind/documentation Categorizes issue or PR as related to documentation. size/m labels Oct 2, 2025
@Skarlso Skarlso moved this to In Review in External Secrets Oct 2, 2025
@Skarlso
feat(aws): add defining a resource policy via metadata for secretsman…
e339f60 
…ager

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@Skarlso Skarlso force-pushed the add-put-resource-policy-to-aws branch from 5692c09 to e339f60 Compare October 3, 2025 05:01
gusfcarvalho
gusfcarvalho reviewed Oct 17, 2025
View reviewed changes
pkg/provider/aws/secretsmanager/secretsmanager.go Outdated
Comment on lines +889 to +892
if currentPolicy == policyJSON {
// nothing to do
return nil
}
Copy link
Copy Markdown
Member

@gusfcarvalho gusfcarvalho Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a bytewise comparison for a json - isn't this going to sometimes diverge in order and we update when we don't need to? Do we / users care about this i.e. in terms of API rate limits?

Copy link
Copy Markdown
Contributor Author

@Skarlso Skarlso Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. I should encode and map compare this instead. Thanks for the comment!

Copy link
Copy Markdown
Contributor Author

@Skarlso Skarlso Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added

Skarlso and others added 2 commits October 17, 2025 20:30
@Skarlso
added stable comparison of the policies
d6849be 
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@Skarlso
Merge branch 'main' into add-put-resource-policy-to-aws
ba26525
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Oct 17, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Skarlso Skarlso merged commit c96b449 into external-secrets:main Oct 17, 2025
29 checks passed
@github-project-automation github-project-automation bot moved this from In Review to Done in External Secrets Oct 17, 2025
SamuelMolling pushed a commit to SamuelMolling/external-secrets that referenced this pull request Oct 24, 2025
@Skarlso @SamuelMolling
feat(aws): add defining a resource policy via metadata for secretsman…
778b2bb 
…ager (external-secrets#5399)

* feat(aws): add defining a resource policy via metadata for secretsmanager

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* added stable comparison of the policies

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Samuel Molling <samuelmolling@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gusfcarvalho gusfcarvalho gusfcarvalho approved these changes

@moolen moolen Awaiting requested review from moolen

@riccardomc riccardomc Awaiting requested review from riccardomc

@jakobmoellerdev jakobmoellerdev Awaiting requested review from jakobmoellerdev

Assignees

No one assigned

Labels

area/aws Indicates an issue or PR related to AWS. kind/documentation Categorizes issue or PR as related to documentation. kind/feature Categorizes issue or PR as related to a new feature. size/m

Projects

External Secrets
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PushSecret support for resource based policy (AWS SecretsManager)

2 participants

@Skarlso @gusfcarvalho