search

argoproj-labs / argocd-vault-plugin

An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
https://argocd-vault-plugin.readthedocs.io
Apache License 2.0
784 stars 185 forks source link

AWS Secrets Manager Functionality Broken in v1.18.0 #643

Closed Timothy-Dement closed 1 month ago

Timothy-Dement commented 1 month ago

Describe the bug

The Argo CD Vault Plugin no longer seems to work properly with AWS Secrets Manager in the recently-released v1.18.0.

Secret interpolation that was previously working without issue in version v1.17.0 is now returning the following error:

Error: Replace: could not replace all placeholders in Template:
not found, ResolveEndpointV2

To Reproduce

  1. Create a sample secret in AWS Secrets Manager
  2. Reference this secret in a sample file
  3. Use argocd-vault-plugin v1.17.0 to interpolate the secret
  4. Use argocd-vault-plugin v1.18.0 to interpolate the secret

Expected behavior

The v1.18.0 version should not break existing AWS Secrets Manager functionality.

Screenshots/Verbose output

Sensitive information has been redacted in the following output (*****), but this is the sample I ran comparing plugin versions.

sample-secret.yaml:

---
apiVersion: v1
kind: Secret
metadata:
  name: sample-secret
  namespace: default
type: Opaque
data:
  secretByName: <path:2024-06-03-sample-secret#hello>
  secretByPath: <path:arn:aws:secretsmanager:*****:*****:secret:2024-06-03-sample-secret-I3pN6O#hello>

Running with v1.17.0 works fine:

./argocd-vault-plugin_1.17.0_darwin_arm64 version
argocd-vault-plugin v1.17.0 (b393c7afa63a43197c084a99959a78d0d26e5e74) BuildDate: 2023-11-12T02:03:06Z
./argocd-vault-plugin_1.17.0_darwin_arm64 generate sample-secret.yaml \
  --config-path avp.yaml \
  --verbose-sensitive-output
apiVersion: v1
data:
  secretByName: world
  secretByPath: world
kind: Secret
metadata:
  name: sample-secret
  namespace: default
type: Opaque

But running with v1.18.0 fails:

./argocd-vault-plugin_1.18.0_darwin_arm64 version
argocd-vault-plugin v1.18.0 (3986b0794cd5f217add8691a32f9276ba6b79767) BuildDate: 2024-05-28T12:57:52Z
./argocd-vault-plugin_1.18.0_darwin_arm64 generate sample-secret.yaml \
  --config-path avp.yaml \
  --verbose-sensitive-output
Error: Replace: could not replace all placeholders in Template:
not found, ResolveEndpointV2
not found, ResolveEndpointV2
Timothy-Dement commented 1 month ago

Possibly related: https://github.com/aws/aws-sdk-go-v2/issues/2370

sneaker-xc3 commented 1 month ago

I can also confirm this issue. Using it after a

go get -u github.com/aws/aws-sdk-go-v2/... && make

seems to solve the issue. But there should be a new release IMHO

werne2j commented 1 month ago

Published in https://github.com/argoproj-labs/argocd-vault-plugin/releases/tag/v1.18.1