feat: add 1Password SDK based provider

[Skarlso]

Problem Statement

1Password using the SDK

TODOs

• Unit testing
• Documentation
• Update support table

Related Issue

Fixes #3655

Proposed Changes

How do you like to solve the issue and why?

Checklist

• I have read the contribution guidelines
• All commits are signed with git commit --signoff
• My changes have reasonable test coverage
• All tests pass with make test
• I ensured my PR is ready for review with make reviewable

[Skarlso]

@gusfcarvalho should this wait for v1 promotion? 🤔

[gusfcarvalho]

I mean, I think so! v1 promotion is literally ready to go (aside from reviews of course)

[Skarlso]

Okay, I'll review that one today.

[Skarlso]

Since this is in v1, it will have all available features when done. I already added pushsecret. Now, only DeleteSecret and GetAllSecrets is left. All those is supported by the SDK. In terms of HOW, it will mirror whatever people had to do with the connector one, with a slight modification that Getting a secret uses the Secret Reference method instead which is a lot simpler.

[Skarlso]

Following worked for fetching:

apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
  name: onepassword
spec:
  provider:
    onepasswordSDK:
      vault: TestVault
      auth:
        serviceAccountSecretRef:
          name: onepassword-token
          key: token

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: fetch-from-onepassword
spec:
  secretStoreRef:
    kind: SecretStore
    name: onepassword
  target:
    creationPolicy: Owner
  data:
  - secretKey: test-login-1
    remoteRef:
      key: test-login-1/username

Looking good so far. :)

PushSecret is also working now:

Normal   Synced   9s                  pushsecret  PushSecret synced successfully

apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: pushsecret-example # Customisable
spec:
  deletionPolicy: Delete
  refreshInterval: 1h
  secretStoreRefs:
    - name: onepassword
      kind: SecretStore
  selector:
    secret:
      name: source-secret # Source Kubernetes secret
  data:
    - match:
        secretKey: source-key # Source Kubernetes secret key to be pushed
        remoteRef:
          remoteKey: 1pw-secret-name # 1Password item/secret name
          property: password         # (Optional) 1Password field type, default password
      metadata:
        apiVersion: kubernetes.external-secrets.io/v1alpha1
        kind: PushSecretMetadata
        spec:
          tags: ["tag1", "tag2"]    # Optional metadata to be pushed with the secret

After push secret was deleted and the only remaining field was the password field the entire secret got deleted correctly:

Update is also working and find secret. With that, this is feature complete. All that's left are tests.

[buroa]

@gusfcarvalho Looking forward to this being reviewed :)

[Skarlso]

This will likely come with the 0.17.0 release that we are planning. :)

[gusfcarvalho]

Did a first batch of comments 😄 looking good thus far 💪

[Skarlso]

Thanks Gustavo!!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud