Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] secret output transform does not work #151

Closed
mpmatti opened this issue Jan 20, 2021 · 1 comment
Closed

[BUG] secret output transform does not work #151

mpmatti opened this issue Jan 20, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@mpmatti
Copy link

mpmatti commented Jan 20, 2021
edited
Loading

Components and versions
Select which component(s) the bug relates to with [X].

[X] Controller, version: 1.1.0 (docker image tag)
[X] Other: chart version 1.1.26 and latest available CRD:
https://raw.githubusercontent.com/sparebankenvest/azure-key-vault-to-kubernetes/master/crds/AzureKeyVaultSecret.yaml

Describe the bug
secret output transfrom using base64decode seems not working anymore, after we upgraded the CRDs. Earlier, it used to work with a setup like this:

Azure Key Vault secret named 'dummy' created, content 'dummy', as base64-encoded.
In AKS kubernetes version 1.17.11 cluster, 'kubectl apply' the following:

dummy.yaml:

apiVersion: spv.no/v1
kind: AzureKeyVaultSecret
metadata:
  name: helm-example-dummy
  namespace: default
spec:
  vault:
    name: keyvault-for-testing
    object:
      name: dummy
      type: secret
  output:
    transforms:
      - base64decode
    secret:
      name: helm-example-dummy
      type: Opaque
      dataKey: dummy

Now, after installing it to a new kubernetes kluster running version 1.19.3 and latest CRD, seems 'transforms' has changed to 'transform':

kubectl apply -f dummy.yaml
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(AzureKeyVaultSecret.spec.output): unknown field "transforms" in no.spv.v1.AzureKeyVaultSecret.spec.output

Changed 'transforms' to 'transform' in dummy.yaml':

apiVersion: spv.no/v1
kind: AzureKeyVaultSecret
metadata:
  name: helm-example-dummy
  namespace: default
spec:
  vault:
    name: keyvault-for-testing
    object:
      name: dummy
      type: secret
  output:
    transform:
      - base64decode
    secret:
      name: helm-example-dummy
      type: Opaque
      dataKey: dummy

Now, running 'kubectl apply -f dummy.yaml', which creates akvs-object and synchronizes the secret successfully from key vault. However, it does not base64 decode the secret:

$> kubectl get secret helm-example-dummy -o yaml |egrep ' dummy:' |awk '{print $2}' |base64 --decode
ZHVtbXkK

Only after another decoding, the content is revealed:

$> kubectl get secret helm-example-dummy -o yaml |egrep ' dummy:' |awk '{print $2}' |base64 --decode |base64 --decode
dummy

To Reproduce
As described above.

Expected behavior
The azure keyvault secret is base64-decoded once synced as kubernetes secret.
@mpmatti mpmatti added the bug Something isn't working label Jan 20, 2021
@torresdal
Copy link
Collaborator

Fixed in upcoming v1.2 to be released shortly. Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@torresdal @mpmatti