strict decoding error: unknown field "spec.destination.transformation.templateSpecs"
MaximV93 opened this issue · comments
Describe the bug
Yesterdag we removed VSO operator v4.0.0 from Openshift (4.13.34) and reinstalled VSO operator v5.0.2 using the operatorhub. Installation went fine. But when I try to apply a VaultStaticSecret with transformation I get the following error:
k apply -f testVaultStaticSecretTransformation.yml
Error from server (BadRequest): error when creating "testVaultStaticSecretTransformation.yml ": VaultStaticSecret in version "v1beta1" cannot be handled as a VaultStaticSecret: strict decoding error: unknown field "spec.destination.transformation.templateSpecs
testVaultStaticSecretTransformation.yml
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: vault-kv-test-b64secrets
spec:
destination:
create: true
name: test-secret
transformation:
templateSpecs:
test1:
text: '{{- get .Secrets "keystore.jceks" | b64dec -}}'
hmacSecretData: true
mount: test-secrets/
path: test/keystore
refreshAfter: 30s
type: kv-v2
vaultAuthRef: vault-auth-test
Expected behavior
I expect the VaultStaticSecret to be created.
Environment
- Kubernetes version:
Openshift 4.13.34 - vault-secrets-operator version:
V0.5.2
Additional context
[(https://github.com//pull/437)] Someone else commented the same issue in this pull request. They had an issue with the CRD's but I expect those to be taken care of when installing the operator from the operatorhub?
try "templates:" instead of "templateSpecs:"
@nbragin4 I get the same "unknown field" error:
Error from server (BadRequest): error when creating "/path/to/vault-kv-test-b64secrets.yaml": VaultStaticSecret in version "v1beta1" cannot be handled as a VaultStaticSecret: strict decoding error: unknown field "spec.destination.transformation.template"
kind: VaultStaticSecret
metadata:
name: vault-kv-test-b64secrets
spec:
destination:
create: true
name: test-secret
transformation:
template:
test1:
text: '{{- get .Secrets "keystore.jceks" | b64dec -}}'
hmacSecretData: true
mount: test-secrets/
path: test/keystore
refreshAfter: 30s
type: kv-v2
vaultAuthRef: vault-auth-test
EDIT: I used "template" instead of templates ... Now it does work! Thank you @nbragin4
replace transformation.template: with transformation.templates:
@nbragin4 Thank you that works!
If anyone else in the future is unsure of which properties are accepted. I've just discovered the following command:
k describe crd vaultstaticsecrets.secrets.hashicorp.com
This lists all accepted properties for VaultStaticSecrets, which I knew this earlier :)