Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecretsManager - can create cannot update #2205

Open
nicraMarcin opened this issue Nov 4, 2024 · 1 comment
Open

SecretsManager - can create cannot update #2205

nicraMarcin opened this issue Nov 4, 2024 · 1 comment
Labels
service/secretsmanager Indicates issues or PRs that are related to secretsmanager-controller.

Comments

@nicraMarcin
Copy link

nicraMarcin commented Nov 4, 2024
edited
Loading

Describe the bug
I can create secretmanager's secret from kubernetes secret but I when I update k8s secret it is not updated :(

Steps to reproduce

apiVersion: v1
kind: Secret
metadata:
  name: poc-secret
stringData:
  data: |
    {
      "username": "exampleUser",
      "password": "examplePass123",
      "host": "examplehost.com",
      "region": "eu-central-1",
      "edited": "TRUE",
      "manual": "true",
      "changed": "after appply poc2"
    }

---
apiVersion: secretsmanager.services.k8s.aws/v1alpha1
kind: Secret
metadata:
  name: ack-test-secret-poc
  annotations:
    services.k8s.aws/deletion-policy: delete
spec:
  name: ack-dev-secret-poc-2
  forceOverwriteReplicaSecret: true
  secretString:
    key: data
    name: poc-secret

Expected outcome
secret to be updated when kubernetes secret is changed.

Environment

  • Kubernetes version 1.29
  • Using EKS (yes/no), if so version? yes, 1.29
  • AWS service targeted (S3, RDS, etc.) SecretManager v0.0.11

BTW. Why we cannot set secretString directly into secretmanager's secret? for example it would be easier to:

apiVersion: secretsmanager.services.k8s.aws/v1alpha1
kind: Secret
metadata:
  name: ack-test-secret-poc
  annotations:
    services.k8s.aws/deletion-policy: delete
spec:
  name: ack-dev-secret-poc-2
  forceOverwriteReplicaSecret: true
  secretString: | 
    {
      "username": "exampleUser",
      "password": "examplePass123",
      "host": "examplehost.com",
      "region": "eu-central-1",
      "edited": "TRUE",
      "manual": "true",
      "changed": "after appply poc2"
    }

This gives confusing error:

The Secret "ack-test-secret-poc" is invalid: spec.secretString: Invalid value: "string": spec.secretString in body must be of type object: "string"

In documentation

secretStringOptional | object. The text data to encrypt and store in this new version of the secret. Werecommend you use a JSON structure of key/value pairs for your secret value.

Must it be object or string?
@nicraMarcin nicraMarcin changed the title SecretManager - can create cannot update SecretsManager - can create cannot update Nov 4, 2024
@a-hilaly a-hilaly added the service/secretsmanager Indicates issues or PRs that are related to secretsmanager-controller. label Nov 5, 2024
@omri-shilton
Copy link

omri-shilton commented Nov 28, 2024
edited
Loading

I would also like to know if its possible to enter the secret data directly from the ack secret manifest. we need to create mock data. because of this issue external-secrets/external-secrets#3478

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/secretsmanager Indicates issues or PRs that are related to secretsmanager-controller.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nicraMarcin @a-hilaly @omri-shilton