`Password` Custom secret projection fails

[mamachanko]

What steps did you take:

I went through the example for Password custom secret projection. In particular:

With custom secret projection:

apiVersion: secretgen.k14s.io/v1alpha1 kind: Password metadata: name: pg-password spec: secretTemplate: stringData: postgresql-pass: $(value)

would produce:

apiVersion: v1 kind: Secret metadata: name: pg-password data: postgresql-pass: xxx...

What happened:

However, reconciliation failed:

$ kubectl get passwords.secretgen.k14s.io pg-password -oyaml
apiVersion: secretgen.k14s.io/v1alpha1
kind: Password
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"secretgen.k14s.io/v1alpha1","kind":"Password","metadata":{"annotations":{},"name":"pg-password","namespace":"default"},"spec":{"secretTemplate":{"stringData":{"postgresql-pass":"$(value)"}}}}
  creationTimestamp: "2022-02-07T08:54:47Z"
  generation: 2
  name: pg-password
  namespace: default
  resourceVersion: "329229"
  selfLink: /apis/secretgen.k14s.io/v1alpha1/namespaces/default/passwords/pg-password
  uid: 74b90367-f00f-4115-a717-b759ab7f61ec
spec:
  secretTemplate:
    stringData:
      postgresql-pass: $(value)
status:
  conditions:
  - message: 'Secret "pg-password" is invalid: [data[%s][username]: Required value,
      data[%s][password]: Required value]'
    status: "True"
    type: ReconcileFailed
  friendlyDescription: 'Reconcile failed: Secret "pg-password" is invalid: [data[%s][username]:
    Required...'
  observedGeneration: 2

What did you expect:

I expected to see creation of a Secret like:

---
apiVersion: v1
kind: Secret
metadata:
  name: my-secret
stringData:
  maxmax: <crazy-generated-secret-value>

Anything else you would like to add: [Additional information that will assist in solving the issue.]

Environment:

• secretgen-controller version (execute kubectl get deployment -n secretgen-controller secretgen-controller -o yaml and the annotation is kbld.k14s.io/images):

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "2"
    kapp.k14s.io/identity: v1;secretgen-controller/apps/Deployment/secretgen-controller;apps/v1
    kapp.k14s.io/original: '{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"kbld.k14s.io/images":"-
      origins:\n  - local:\n      path: /Users/jkimmel/go/src/github.com/vmware-tanzu/carvel-secretgen-controller\n  -
      git:\n      dirty: false\n      remoteURL: git@github.com:vmware-tanzu/carvel-secretgen-controller.git\n      sha:
      459cddee3dea7b8cad5cc4d83f4bcf6d798c8963\n      tags:\n      - v0.7.1\n  url:
      ghcr.io/vmware-tanzu/carvel-secretgen-controller@sha256:883d6312b37597b6b65cf6ec7f2e70137a17f0c8e27211b60f3f3c3764ee7a3d\n","secretgen-controller.carvel.dev/version":"v0.7.1"},"labels":{"kapp.k14s.io/app":"1643973051553253000","kapp.k14s.io/association":"v1.1a0485fb29b825f0bdc2567860b4b9f4"},"name":"secretgen-controller","namespace":"secretgen-controller"},"spec":{"replicas":1,"revisionHistoryLimit":0,"selector":{"matchLabels":{"app":"secretgen-controller","kapp.k14s.io/app":"1643973051553253000"}},"template":{"metadata":{"labels":{"app":"secretgen-controller","kapp.k14s.io/app":"1643973051553253000","kapp.k14s.io/association":"v1.1a0485fb29b825f0bdc2567860b4b9f4"}},"spec":{"containers":[{"image":"ghcr.io/vmware-tanzu/carvel-secretgen-controller@sha256:883d6312b37597b6b65cf6ec7f2e70137a17f0c8e27211b60f3f3c3764ee7a3d","name":"secretgen-controller","resources":{"requests":{"cpu":"120m","memory":"100Mi"}},"securityContext":{"runAsGroup":2000,"runAsUser":1000}}],"securityContext":{"fsGroup":3000},"serviceAccount":"secretgen-controller-sa"}}}}'
    kapp.k14s.io/original-diff-md5: cbd70c8d709d48c3d44e2720253a1e05
    kbld.k14s.io/images: |
      - origins:
        - local:
            path: /Users/jkimmel/go/src/github.com/vmware-tanzu/carvel-secretgen-controller
        - git:
            dirty: false
            remoteURL: git@github.com:vmware-tanzu/carvel-secretgen-controller.git
            sha: 459cddee3dea7b8cad5cc4d83f4bcf6d798c8963
            tags:
            - v0.7.1
        url: ghcr.io/vmware-tanzu/carvel-secretgen-controller@sha256:883d6312b37597b6b65cf6ec7f2e70137a17f0c8e27211b60f3f3c3764ee7a3d
    secretgen-controller.carvel.dev/version: v0.7.1
  creationTimestamp: "2022-02-04T11:10:58Z"
  generation: 4
  labels:
    kapp.k14s.io/app: "1643973051553253000"
    kapp.k14s.io/association: v1.1a0485fb29b825f0bdc2567860b4b9f4
  name: secretgen-controller
  namespace: secretgen-controller

• Kubernetes version (use kubectl version):

  Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:33:37Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"darwin/amd64"}
  Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.11", GitCommit:"c6a2f08fc4378c5381dd948d9ad9d1080e3e6b33", GitTreeState:"clean", BuildDate:"2021-05-27T23:47:11Z", GoVersion:"go1.15.12", Compiler:"gc", Platform:"linux/amd64"}
  WARNING: version difference between client (1.23) and server (1.19) exceeds the supported minor version skew of +/-1

---

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible" 👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

[mamachanko]

Found the issue. type: Opaque is missing from the example YAML. Opened #51.

🙇🏻