From 9c1a24f7800b41095e2b725304424728a546926f Mon Sep 17 00:00:00 2001
From: Koen Punt <koen@koenpunt.nl>
Date: Mon, 5 Sep 2022 16:46:26 +0200
Subject: [PATCH] add "optional" option to gcpsecrets provider

---
 pkg/providers/gcpsecrets/gcpsecrets.go      | 22 +++++++++++++++++----
 pkg/providers/gcpsecrets/gcpsecrets_test.go |  3 ++-
 vals_gcpsecrets_test.go                     | 17 ++++++++++++++++
 3 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/pkg/providers/gcpsecrets/gcpsecrets.go b/pkg/providers/gcpsecrets/gcpsecrets.go
index 9b08b252..f323fe29 100644
--- a/pkg/providers/gcpsecrets/gcpsecrets.go
+++ b/pkg/providers/gcpsecrets/gcpsecrets.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"strconv"
 	"strings"
 
 	"gopkg.in/yaml.v3"
@@ -16,16 +17,18 @@ import (
 
 // Format: ref+gcpsecrets://project/mykey[?version=VERSION]#/yaml_or_json_key/in/secret
 type provider struct {
-	client  *sm.Client
-	ctx     context.Context
-	version string
+	client   *sm.Client
+	ctx      context.Context
+	version  string
+	optional bool
 }
 
 func New(cfg api.StaticConfig) *provider {
 	ctx := context.Background()
 
 	p := &provider{
-		ctx: ctx,
+		ctx:      ctx,
+		optional: false,
 	}
 
 	version := cfg.String("version")
@@ -35,6 +38,14 @@ func New(cfg api.StaticConfig) *provider {
 		p.version = version
 	}
 
+	optional := cfg.String("optional")
+	if optional != "" {
+		val, err := strconv.ParseBool(optional)
+		if err == nil {
+			p.optional = val
+		}
+	}
+
 	return p
 }
 
@@ -80,6 +91,9 @@ func (p *provider) getSecretBytes(key string) ([]byte, error) {
 		},
 	)
 	if err != nil {
+		if p.optional {
+			return []byte(""), nil
+		}
 		return nil, fmt.Errorf("failed to get secret: %w", err)
 	}
 
diff --git a/pkg/providers/gcpsecrets/gcpsecrets_test.go b/pkg/providers/gcpsecrets/gcpsecrets_test.go
index 7e92a292..5336736b 100644
--- a/pkg/providers/gcpsecrets/gcpsecrets_test.go
+++ b/pkg/providers/gcpsecrets/gcpsecrets_test.go
@@ -11,7 +11,8 @@ func Test_New(t *testing.T) {
 		options map[string]interface{}
 		want    provider
 	}{
-		{"latest", map[string]interface{}{"version": "latest"}, provider{version: "latest"}},
+		{"latest", map[string]interface{}{"version": "latest"}, provider{version: "latest", optional: false}},
+		{"optional", map[string]interface{}{"version": "latest", "optional": true}, provider{version: "latest", optional: true}},
 	}
 
 	for _, tt := range tests {
diff --git a/vals_gcpsecrets_test.go b/vals_gcpsecrets_test.go
index 2996d694..ee75b6c3 100644
--- a/vals_gcpsecrets_test.go
+++ b/vals_gcpsecrets_test.go
@@ -53,6 +53,23 @@ func TestValues_GCPSecretsManager(t *testing.T) {
 			},
 			map[string]interface{}{"valstestvar": "foo: bar"},
 		},
+		{
+			"optional string",
+			map[string]string{},
+			map[string]interface{}{
+				"provider": map[string]interface{}{
+					"name":     "gcpsecrets",
+					"version":  "1",
+					"type":     "string",
+					"path":     projectId,
+					"optional": true,
+				},
+				"inline": map[string]interface{}{
+					"missingvar": "",
+				},
+			},
+			map[string]interface{}{"missingvar": ""},
+		},
 		{
 			"v1 map",
 			map[string]string{"valstestvar": "foo: bar"},