Skip to content

[OnePasswordSDKProvider] Enable specifying the vault by UUID#4906

Merged
Skarlso merged 3 commits intoexternal-secrets:mainfrom
pollenjp:feature/onepassword-allow-vault-uuid
Jun 16, 2025
Merged

[OnePasswordSDKProvider] Enable specifying the vault by UUID#4906
Skarlso merged 3 commits intoexternal-secrets:mainfrom
pollenjp:feature/onepassword-allow-vault-uuid

Conversation

@pollenjp
Copy link
Copy Markdown
Contributor

@pollenjp pollenjp commented Jun 15, 2025
edited
Loading

Problem Statement

SecretStore in onepasswordsdk only allows specifying a vault by its Title, and does not support specifying it by UUID.

For example, the following manifest will result in an error:

external-secrets/pkg/provider/onepasswordsdk/provider.go

Line 83 in cb0d91e

return nil, fmt.Errorf("failed to get store ID: %w", err) 

apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata: ...
spec:
  provider:
    onepasswordSDK:
      # vault: "vault-title"  # <- title is OK
      vault: "aaaaaaaaaaaaa1111111111111" # <- uuid is NG
      auth:
        serviceAccountSecretRef: ...

Related Issue

N/A (No issue created)

Proposed Changes

  • Modified the GetVault function to check for a match against both the Title and UUID of the vault. This allows users to specify the vault using either identifier.
  • Added a TestGetVault function to verify that the vault is retrieved correctly whether the Title or UUID is provided.

Checklist

  • I have read the contribution guidelines
  • All commits are signed with git commit --signoff
  • My changes have reasonable test coverage
  • All tests pass with make test
  • I ensured my PR is ready for review with make reviewable

This is my first contribution to this project. I hope it's helpful. 🙇‍♂️

@pollenjp
[OnePasswordSDKProvider] Enable specifying the vault by UUID
e9733a9 
Signed-off-by: pollenjp <polleninjp@gmail.com>
@pollenjp pollenjp requested a review from a team as a code owner June 15, 2025 06:53
@pollenjp pollenjp requested a review from moolen June 15, 2025 06:53
Skarlso
Skarlso approved these changes Jun 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Skarlso Skarlso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be okay after tests. Thanks for the addition. :)

Skarlso
Skarlso requested changes Jun 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Skarlso Skarlso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes. Please run make check-diff and commit the diff that comes out. :) 🙇

@pollenjp
run 'make reviewable'
8d9d4d2 
Signed-off-by: pollenjp <polleninjp@gmail.com>
@pollenjp pollenjp requested a review from Skarlso June 16, 2025 00:23
@pollenjp
Copy link
Copy Markdown
Contributor Author

pollenjp commented Jun 16, 2025
edited
Loading

Thank you Skarlso!
The following go vulnerability CI (running at the previous commit) seems to be failing, should I fix it in this PR?
https://github.com/external-secrets/external-secrets/actions/runs/15660544654/job/44127108131?pr=4906#logs

@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Jun 16, 2025

@pollenjp No, thank you! :) We have a separate PR that I'll merge in a sec. :)

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Jun 16, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Skarlso Skarlso merged commit 5f714fa into external-secrets:main Jun 16, 2025
23 checks passed
@pollenjp
Copy link
Copy Markdown
Contributor Author

pollenjp commented Jun 16, 2025

Thank you!!

alliseeisgold pushed a commit to alliseeisgold/external-secrets that referenced this pull request Jul 10, 2025
@pollenjp @Skarlso
[OnePasswordSDKProvider] Enable specifying the vault by UUID (externa…
bbdd3c1 
…l-secrets#4906)

* [OnePasswordSDKProvider] Enable specifying the vault by UUID

Signed-off-by: pollenjp <polleninjp@gmail.com>

* run 'make reviewable'

Signed-off-by: pollenjp <polleninjp@gmail.com>

---------

Signed-off-by: pollenjp <polleninjp@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: asrormirzoev <asrormirzoev@yandex-team.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Skarlso Skarlso Skarlso approved these changes

@moolen moolen Awaiting requested review from moolen moolen was automatically assigned from external-secrets/maintainers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pollenjp @Skarlso