strict decoding error: unknown field "spec.destination.transformation.templateSpecs"

Question

strict decoding error: unknown field "spec.destination.transformation.templateSpecs"

MaximV93 opened this issue 3 months ago · comments

Describe the bug

Yesterdag we removed VSO operator v4.0.0 from Openshift (4.13.34) and reinstalled VSO operator v5.0.2 using the operatorhub. Installation went fine. But when I try to apply a VaultStaticSecret with transformation I get the following error:

k apply -f testVaultStaticSecretTransformation.yml       
                                                                                                   
Error from server (BadRequest): error when creating "testVaultStaticSecretTransformation.yml ": VaultStaticSecret in version "v1beta1" cannot be handled as a VaultStaticSecret: strict decoding error: unknown field "spec.destination.transformation.templateSpecs

testVaultStaticSecretTransformation.yml

apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: vault-kv-test-b64secrets
spec:
  destination:
    create: true
    name: test-secret
    transformation:
      templateSpecs:
        test1:
          text: '{{- get .Secrets "keystore.jceks" | b64dec -}}'
  hmacSecretData: true
  mount: test-secrets/
  path: test/keystore
  refreshAfter: 30s
  type: kv-v2
  vaultAuthRef: vault-auth-test

Expected behavior
I expect the VaultStaticSecret to be created.

Environment

Kubernetes version:
Openshift 4.13.34
vault-secrets-operator version:
V0.5.2
Additional context

[(https://github.com//pull/437)] Someone else commented the same issue in this pull request. They had an issue with the CRD's but I expect those to be taken care of when installing the operator from the operatorhub?

nbragin4 · Answer 1 · Mon Apr 01 2024 23:11:45 GMT+0800 (China Standard Time)

try "templates:" instead of "templateSpecs:"

MaximV93 · Answer 2 · Wed Apr 03 2024 17:21:22 GMT+0800 (China Standard Time)

@nbragin4 I get the same "unknown field" error:

Error from server (BadRequest): error when creating "/path/to/vault-kv-test-b64secrets.yaml": VaultStaticSecret in version "v1beta1" cannot be handled as a VaultStaticSecret: strict decoding error: unknown field "spec.destination.transformation.template"

kind: VaultStaticSecret
metadata:
  name: vault-kv-test-b64secrets
spec:
  destination:
    create: true
    name: test-secret
    transformation:
      template:
        test1:
          text: '{{- get .Secrets "keystore.jceks" | b64dec -}}'
  hmacSecretData: true
  mount: test-secrets/
  path: test/keystore
  refreshAfter: 30s
  type: kv-v2
  vaultAuthRef: vault-auth-test

EDIT: I used "template" instead of templates ... Now it does work! Thank you @nbragin4

nbragin4 · Answer 3 · Wed Apr 03 2024 17:30:36 GMT+0800 (China Standard Time)

replace transformation.template: with transformation.templates:

MaximV93 · Answer 4 · Wed Apr 03 2024 17:42:49 GMT+0800 (China Standard Time)

@nbragin4 Thank you that works!

If anyone else in the future is unsure of which properties are accepted. I've just discovered the following command:
k describe crd vaultstaticsecrets.secrets.hashicorp.com

This lists all accepted properties for VaultStaticSecrets, which I knew this earlier :)