Add user-provided secret example

Also fix two log messages.

[#174356415](https://www.pivotaltracker.com/story/show/174356415)

docs/examples/user-provided-secret.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gen-secret1
+type: Opaque
+stringData:
+  password: userdefinedpassword

e2e/kube/examples_count_test.go

@@ -19,6 +19,6 @@ var _ = Describe("Examples Directory Files", func() {
 		})
 		Expect(err).NotTo(HaveOccurred())
 		// If this testcase fails that means a test case is missing for an example in the docs folder
-		Expect(countFile).To(Equal(13))
+		Expect(countFile).To(Equal(14))
 	})
 })

e2e/kube/examples_test.go

@@ -31,19 +31,19 @@ var _ = Describe("Examples Directory", func() {
 		Expect(err).ToNot(HaveOccurred())
 	})
 
-	Context("quarks-secret example", func() {
+	Context("rotation example", func() {
 		var (
 			passwordv1 []byte
 			passwordv2 []byte
 		)
 
-		Context("rotates the password secret", func() {
+		When("rotation config lists one quarks secret", func() {
 			BeforeEach(func() {
 				example = filepath.Join(examplesDir, "password.yaml")
 			})
 
 			It("should change the password data", func() {
-				By("Creating the password secret")
+				By("Wating for the password secret")
 				err := kubectl.WaitForSecret(namespace, "gen-secret1")
 				Expect(err).ToNot(HaveOccurred())
 				passwordv1, err = cmdHelper.GetData(namespace, "secret", "gen-secret1", "go-template={{.data.password}}")
@@ -64,6 +64,44 @@ var _ = Describe("Examples Directory", func() {
 		})
 	})
 
+	Context("user-provided example", func() {
+		var (
+			passwordv1 []byte
+			passwordv2 []byte
+		)
+
+		When("creating an owning qsec", func() {
+			BeforeEach(func() {
+				example = filepath.Join(examplesDir, "user-provided-secret.yaml")
+			})
+
+			It("does not modify the user-provided secret", func() {
+				By("Waiting for the password secret")
+				err := kubectl.WaitForSecret(namespace, "gen-secret1")
+				Expect(err).ToNot(HaveOccurred())
+				passwordv1, err = cmdHelper.GetData(namespace, "secret", "gen-secret1", "go-template={{.data.password}}")
+				Expect(err).ToNot(HaveOccurred())
+				Expect(passwordv1).NotTo(BeNil())
+
+				By("Creating the owning QuarksSecrets")
+				err = cmdHelper.Create(namespace, filepath.Join(examplesDir, "password.yaml"))
+				Expect(err).ToNot(HaveOccurred())
+				Eventually(func() bool {
+					generated, err := cmdHelper.GetData(namespace, "secret", "gen-secret1", "go-template={{.status.generated}}")
+					if err != nil {
+						return false
+					}
+					return string(generated) == "true"
+				})
+
+				By("Checking the rotated password data")
+				passwordv2, err = cmdHelper.GetData(namespace, "secret", "gen-secret1", "go-template={{.data.password}}")
+				Expect(err).ToNot(HaveOccurred())
+				Expect(passwordv1).To(Equal(passwordv2))
+			})
+		})
+	})
+
 	Context("quarks-secret copies", func() {
 		var copyNamespace string
 		var tempQSecretFileName string

pkg/kube/controllers/quarkssecret/secret_rotation_reconciler.go

@@ -72,9 +72,10 @@ func (r *ReconcileSecretRotation) Reconcile(request reconcile.Request) (reconcil
 
 	for _, name := range names {
 		qsec := &qsv1a1.QuarksSecret{}
-		err := r.client.Get(ctx, types.NamespacedName{Name: name, Namespace: instance.Namespace}, qsec)
+		qsecname := types.NamespacedName{Name: name, Namespace: instance.Namespace}
+		err := r.client.Get(ctx, qsecname, qsec)
 		if err != nil {
-			ctxlog.Errorf(ctx, "Error getting QuarksSecret the object '%s', skipping secret rotation", qsec.GetNamespacedName())
+			ctxlog.Errorf(ctx, "Error getting QuarksSecret '%s', skipping secret rotation: %s", qsecname.String(), err)
 			continue
 		}
 
@@ -85,7 +86,7 @@ func (r *ReconcileSecretRotation) Reconcile(request reconcile.Request) (reconcil
 		}
 
 		qsec.Status.Generated = pointers.Bool(false)
-		ctxlog.Debugf(ctx, "QuarksSecret '%s' cannot be rotated, it was not yet generated", qsec.GetNamespacedName())
+		ctxlog.Debugf(ctx, "QuarksSecret '%s' status.generated will be reset to false to trigger regeneration", qsec.GetNamespacedName())
 
 		err = r.client.Status().Update(ctx, qsec)
 		if err != nil {