search

Azure / AppConfiguration-KubernetesProvider

Bring your data in Azure App Configuration down to your Kubernetes cluster, available as ConfigMap and Secrets and ready to be consumed by any workload.
MIT License
6 stars 2 forks source link

Cannot update existing secrets from the 1.3.0 version #32

Closed antoineozenne-at-leocare closed 2 months ago

antoineozenne-at-leocare commented 2 months ago

I updated from version 1.2.0 to 1.3.0, but I have the following error for all my secrets (with a verbosity to 5):

I0422 13:02:14.590953       1 appconfigurationprovider_controller.go:396] No secret settings are fetched from Azure AppConfiguration
W0422 13:02:14.672973       1 appconfigurationprovider_controller.go:316] Fail to update the target ConfigMap or Secret of AzureAppConfigurationProvider 'foo' in 'bar' namespace: secrets "foo" is forbidden: User "system:serviceaccount:azappconfig-system:az-appconfig-k8s-provider" cannot delete resource "secrets" in API group "" in the namespace "bar": Azure does not have opinion for this user.

I noticed that the existingSecrets variable is no longer a pointer in the version 1.3.0 in https://github.com/Azure/AppConfiguration-KubernetesProvider/blob/26d01225215c793585ccfcfaaa0708bddfb5eb08/internal/controller/appconfigurationprovider_controller.go#L239

I think this could be the cause of my problem. I did not change anything in my AzureAppConfigurationProvider resources which use secret.auth.workloadIdentity.managedIdentityClientIdReference.

RichardChen820 commented 2 months ago

Regression in v1.3.0, while no secret is selected by the selectors, it fails to create an empty target Secret.

RichardChen820 commented 2 months ago

@antoineozenne-at-leocare The regression should be fixed in v1.3.1, could you give it another try?

antoineozenne-at-leocare commented 2 months ago

@antoineozenne-at-leocare The regression should be fixed in v1.3.1, could you give it another try?

Now it works, thank you @RichardChen820!