feat: allow permitted-key-name to be provided as list

[nbendafi-yseop]

While documentation says that permitted-key-name can be provided as regular expression

kind: Namespace
metadata:
  name: core-namespace
  annotations:
    # annotation key is configurable
    externalsecrets.kubernetes-client.io/permitted-key-name: "/dev/cluster1/core-namespace/.*"

it would be nice (clearer ?) if it can support list of regular expressions

kind: Namespace
metadata:
  name: core-namespace
  annotations:
    # annotation key is configurable
    externalsecrets.kubernetes-client.io/permitted-key-name:
      - "/dev/cluster1/core-namespace/.*"
      - "/common/.*"

[nbendafi-yseop]

This PR needs #411 for tests to pass

[Flydiverny]

Small refactor request

[Flydiverny]

Maybe we can move this out of the loop so its only done once eg moving it after const namingConvention = namespace.metadata.annotations[this._namingPermittedAnnotation], should be fine even if we there's no namingConvention set. Keeping the if checks the same

Then we also shouldn't need to repeat the logic for dataFrom below

[nbendafi-yseop]

Yes, totally. I was mislead by the const reNaming = new RegExp(namingConvention) in the forEach loop.

[ronlut]

@nbendafi-yseop Is it possible (k8s perspective) to have a list value for an annotation?
It looks like it supports only string values.

[nbendafi-yseop]

@ronlut From my understanding of those statements

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

and

The metadata in an annotation can be small or large, structured or unstructured,

yes they are strings but can represent anything that the application, that consumes them, can understand (ex. raw string, base64 encoded, csv,...).

[ronlut]

Thanks @nbendafi-yseop, the reason I am asking is I tried to create a namespace with your example, but it doesn't work:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
  name: core-namespace
  annotations:
    # annotation key is configurable
    externalsecrets.kubernetes-client.io/permitted-key-name:
      - "/dev/cluster1/core-namespace/.*"
      - "/common/.*"
EOF

error: error validating "STDIN": error validating data: ValidationError(Namespace.metadata.annotations.externalsecrets.kubernetes-client.io/permitted-key-name): invalid type for io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta.annotations: got "array", expected "string"...

[nbendafi-yseop]

@ronlut
The creation of this namespace will work if you replace

    externalsecrets.kubernetes-client.io/permitted-key-name:
...

by

    externalsecrets.kubernetes-client.io/permitted-key-name: |
...

(ie. add a pipe).
This will only avoid k8s validation error, but this might be not properly handled by external-secret, since we'll need to unmarshall this string to get the underlying structure (in our case a list represented as a multi-line string). May I suggest you to open another issue and link it with this one, please.