SecretsManager - can create cannot update #2205
Description
Describe the bug
I can create secretmanager's secret from kubernetes secret but I when I update k8s secret it is not updated :(
Steps to reproduce
apiVersion: v1
kind: Secret
metadata:
name: poc-secret
stringData:
data: |
{
"username": "exampleUser",
"password": "examplePass123",
"host": "examplehost.com",
"region": "eu-central-1",
"edited": "TRUE",
"manual": "true",
"changed": "after appply poc2"
}
---
apiVersion: secretsmanager.services.k8s.aws/v1alpha1
kind: Secret
metadata:
name: ack-test-secret-poc
annotations:
services.k8s.aws/deletion-policy: delete
spec:
name: ack-dev-secret-poc-2
forceOverwriteReplicaSecret: true
secretString:
key: data
name: poc-secretExpected outcome
secret to be updated when kubernetes secret is changed.
Environment
- Kubernetes version 1.29
- Using EKS (yes/no), if so version? yes, 1.29
- AWS service targeted (S3, RDS, etc.) SecretManager v0.0.11
BTW. Why we cannot set secretString directly into secretmanager's secret? for example it would be easier to:
apiVersion: secretsmanager.services.k8s.aws/v1alpha1
kind: Secret
metadata:
name: ack-test-secret-poc
annotations:
services.k8s.aws/deletion-policy: delete
spec:
name: ack-dev-secret-poc-2
forceOverwriteReplicaSecret: true
secretString: |
{
"username": "exampleUser",
"password": "examplePass123",
"host": "examplehost.com",
"region": "eu-central-1",
"edited": "TRUE",
"manual": "true",
"changed": "after appply poc2"
}This gives confusing error:
The Secret "ack-test-secret-poc" is invalid: spec.secretString: Invalid value: "string": spec.secretString in body must be of type object: "string"
In documentation
secretStringOptional | object. The text data to encrypt and store in this new version of the secret. Werecommend you use a JSON structure of key/value pairs for your secret value.
Must it be object or string?