search

aws / secrets-store-csi-driver-provider-aws

The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store, and mount them into Kubernetes pods.
Apache License 2.0
459 stars 130 forks source link

Cannot specify jmesPath with hyphens #251

Closed jfmeachum closed 1 year ago

jfmeachum commented 1 year ago

Describe the bug

A SecretProviderClass with a jmesPath that has a hyphen will fail to create a K8s Secret.

To Reproduce

Steps to reproduce the behavior:

Given an ASM Secret will-fail with the following structure:

{
    "hyphen-fail": 123
}

And a SecretProviderClass resource declaration:

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: does-not-work
  namespace: example
spec:
  parameters:
    objects: |-
      - objectName: will-fail
        objectType: secretsmanager
        jmesPath:
        - path: hyphen-fail
          objectAlias: fails
  provider: aws
  secretObjects:
  - data:
    - key: fails
      objectName: fails
    secretName: will-fail
    type: Opaque

Workloads that depend on the above will fail with the following error:

Failure getting secret values from provider type secretsmanager: Failed to fetch secret from all regions: will-fail

The provider will succeed if the explicit reference to the hyphenated key is removed.

Expected behavior

Workload containers start and are able to consume the K8s Secret as well as access the CSI driver-managed volume data.

jbct commented 1 year ago

Hi jfmeachum. We have updated the README to include instructions on how to handle jmesPath's with hyphens in them: https://github.com/aws/secrets-store-csi-driver-provider-aws/commit/84327a93e3fd28e59a4a41aa05c7c8172fef376d