When patching the spec.vault.object.name with a different name, the target secret should contain the values of the newly targetted keyvault secret.
Additional context
It looks like the md5 doesn't take spec.vault.object.name into account, making it seem the AzureKeyVautSecret is not changed and nothing needs to be done.
Hi @joyrex2001 good observation. Yes the hashing logic only takes the secrets related to one akvs resource. Need to look into how to handle, multiple akvs resources can also write to the same k8s secret
Components and versions
[X] Controller, version:
1.5.0
(docker image tag) [ ] Env-Injector (webhook), version:x.x.x
(docker image tag) [ ] OtherDescribe the bug Updating the AzureKeyVaultSecret by changing
spec.vault.object.name
doesn't result in updating an existing target secret.To Reproduce Steps to reproduce the behavior:
Consider following AzureKeyValutSecret:
After applying the secret, a k8s secret
my-secret
will appear.When patching the spec.vault.object.name with a different name, the target secret is not updated with the new values.
Patch command:
kubectl patch akvs my-secret --type merge -p '{"spec":{"vault":{"object":{"name":"version-de-secret"}}}}'
.Expected behavior
When patching the spec.vault.object.name with a different name, the target secret should contain the values of the newly targetted keyvault secret.
Additional context It looks like the md5 doesn't take
spec.vault.object.name
into account, making it seem the AzureKeyVautSecret is not changed and nothing needs to be done.