Skip to content

fix: select secretstores in same ns as pushsecret#5109

Merged
moolen merged 5 commits intoexternal-secrets:mainfrom
gracedo:gracedo/fix_ps_ss_scope
Aug 12, 2025
Merged

fix: select secretstores in same ns as pushsecret#5109
moolen merged 5 commits intoexternal-secrets:mainfrom
gracedo:gracedo/fix_ps_ss_scope

Conversation

@gracedo
Copy link
Copy Markdown
Contributor

@gracedo gracedo commented Aug 7, 2025

Problem Statement

PushSecrets defining label selectors to select SecretStores are trying to select SecretStores from all namespaces, instead of the same namespace as the PushSecret. This causes errors reconciling the PushSecret as it attempts to get these SecretStores in the same namespace but they don't exist.

Related Issue

Proposed Changes

When listing SecretStores by label selector, the namespace option should be passed in to only get SecretStores in the same namespace as the PushSecret.

Checklist

  • I have read the contribution guidelines
  • All commits are signed with git commit --signoff
  • My changes have reasonable test coverage
  • All tests pass with make test
  • I ensured my PR is ready for review with make reviewable

@gracedo gracedo requested a review from a team as a code owner August 7, 2025 21:07
@gracedo gracedo requested a review from moolen August 7, 2025 21:07
@gracedo
fix: select secretstores in same ns as pushsecret
61e6ddf 
Signed-off-by: Grace Do <xgrace@gmail.com>
@gracedo gracedo force-pushed the gracedo/fix_ps_ss_scope branch from e07e526 to 61e6ddf Compare August 7, 2025 21:08
@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Aug 8, 2025

/ok-to-test sha=61e6ddf949c8f61b8f0ff5912fe2731a13380912

@eso-service-account-app
Copy link
Copy Markdown
Contributor

eso-service-account-app bot commented Aug 8, 2025

[Bot] - ✅ e2e for 61e6ddf949c8f61b8f0ff5912fe2731a13380912 passed

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Aug 8, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Aug 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@moolen
Copy link
Copy Markdown
Member

moolen commented Aug 12, 2025

/ok-to-test sha=5423347c7a480512433ca085af51f0e6a9f1cba2

@eso-service-account-app
Copy link
Copy Markdown
Contributor

eso-service-account-app bot commented Aug 12, 2025

[Bot] - ✅ e2e for 5423347c7a480512433ca085af51f0e6a9f1cba2 passed

moolen
moolen approved these changes Aug 12, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@moolen moolen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for fixing this issue 🙇, really appreciated!
There's another issue with r.List() in pushsecret_controller which should be scoped to a namespace, thanks for raising this.

@moolen moolen merged commit de40e8f into external-secrets:main Aug 12, 2025
20 checks passed
@moolen moolen mentioned this pull request Aug 12, 2025
Merged
@GoVulnBot GoVulnBot mentioned this pull request Aug 13, 2025
Closed
@claude claude bot mentioned this pull request Aug 16, 2025
Merged
1 task
alliseeisgold pushed a commit to alliseeisgold/external-secrets that referenced this pull request Aug 25, 2025
@gracedo @Skarlso @moolen
fix: select secretstores in same ns as pushsecret (external-secrets#5109
115361f 
)

Signed-off-by: Grace Do <xgrace@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moolen moolen moolen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gracedo @Skarlso @moolen