Changing the Secret Type does not work with Operator v1.5.0

[john-yacuta-submittable]

Your environment

Chart Version: 1.8.0

Helm Version: 3

Kubernetes Version: v1.22.6

What happened?

I upgraded 1Password Helm chart revision since this recently released: https://github.com/1Password/connect-helm-charts/pull/103

Docker images: 1password/connect-api:1.5.4 1password/connect-sync:1.5.4 1password/onepassword-operator:1.5.0

I managed to upgrade 1Password Helm chart from revision 1.7.1 to 1.8.0. So, I upgraded to Connect Server 1.5.4 and Operator 1.5.0 that recently released. I am using ArgoCD App template + Helm source like below.

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: onepassword
  namespace: argocd
spec:
  destination:
    namespace: onepassword
    server: <SERVER>
  source:
    repoURL: 'https://1password.github.io/connect-helm-charts/'
    targetRevision: 1.8.0
    chart: connect
    helm:
      releaseName: connect
      values: |
        operator:
          create: true
  project: operations
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

However, I am getting the error from the operator when trying to take advantage of the new type feature and doing type: kubernetes.io/dockerconfigjson in order to deploy a GHCR token like the example below. I already tried redeploying 1Password and the same issue occurs.

apiVersion: onepassword.com/v1
kind: OnePasswordItem
type: kubernetes.io/dockerconfigjson
metadata:
  name: test-ghcr
  namespace: test
  annotations:
    operator.1password.io/auto-restart: "true"
spec:
  itemPath: "vaults/Test/items/test-ghcr"

Error when trying to create a OnePasswordItem with a new Secret type:

"error":"Failed to retrieve item: need at least version 1.3.0 of Connect for this function, detected version 1.2.0 (or earlier). Please update your Connect server"

What did you expect to happen?

1Password Operator creates the secret containing the GHCR token. As mentioned above, I upgraded to 1Password Connect Server to 1.5.4 and Operator to 1.5.0 using the latest chart revision 1.8.0.

Steps to reproduce

1. Deployed 1Password helm chart revision 1.7.1
2. Enabled Connect Server and Operator with credentials and token
3. Upgrade revision to 1.8.0
4. Create OnePasswordItem with type: kubernetes.io/dockerconfigjson
5. Error and does not create GHCR token secret

Notes & Logs

[john-yacuta-submittable]

I am also seeing in the Connect server logs errors like below. I also found the GitHub issue which appears to also be seeing similar issues to what I am experiencing with the error mentioned here and above ("Please update your Connect server"): https://github.com/1Password/connect/issues/40

{"log_message":"(E) 400: Invalid Item UUID","timestamp":"2022-07-05T15:50:25.318091099Z","level":1,"scope":{"request_id":"1c243101-a08b-4ef8-bbf3-15868248a8c3","jti":"eroab6n5ejgih5g4snqot5zjni"}}

[remidebette]

Hi, according to https://github.com/1Password/connect/issues/40 this issue should be solved with connect v1.5.5 But even with the chart v1.8.1, which contain the connect version of v1.5.6, we still get the error:

need at least version 1.3.0 of Connect for this function, detected version 1.2.0 (or earlier). Please update your Connect server

in the operator logs

In our case, we are using no type:

apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: ichor-177-logs-ux-imp
spec:
  itemPath: "vaults/<edited>/items/<edited>"

Prexisting secrets are still fine (even though they also have the warning) but new ones do not get created.

[remidebette]

Nevermind, it seems the above genuinely solved the issue

[edif2008]

Heey @remidebette,

Glad to hear that the latest version of Helm Charts solved your problem. I will close this issue for now, but feel free to re-open if the problem persists.