Immutable secrets are still not supported

[tewfik-ghariani]

Which component:
controller/kubeseal - 0.24.5

Describe the bug
The immutable attribute is not considered by the controller, nor by kubeseal for that matter

To Reproduce

Perform the same steps described in the associated PR: #1395

 $ grep immutable -C1 sealed.json
  template:
    immutable: true
    metadata:

 $ k apply -f sealed.json
sealedsecret.bitnami.com/test configured
Updating playground/test
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"playground", Name:"test", UID:"c01-295", 
APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1783", FieldPath:""}): 
type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully

 $ k get secrets test -o yaml
apiVersion: v1
data:
  foo: deadbeef
kind: Secret
metadata:
  creationTimestamp: "2024-01-10T17:10:05Z"
  name: test
  namespace: playground
  ownerReferences:
  - apiVersion: bitnami.com/v1alpha1
    controller: true
    kind: SealedSecret
    name: test
    uid: c01c673c295
  resourceVersion: "17109"
  uid: 85-3a596805b
type: Opaque

Expected behavior
The generated secret is expected to have the immutable attribute

Version of Kubernetes:

Client Version: v1.29.0
Server Version: v1.27.7

Additional context
I am sure that the new CRD is installed in the cluster

[alvneiayu]

hi @tewfik-ghariani

I tested it with our last version 0.25.0.

$ grep immutable -C1 inmutable.json 
      },
      "immutable": true
    }

$ k apply -f inmutable.json
sealedsecret.bitnami.com/algo created
Updating default/algo
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"algo", UID:"b9a088db-51f4-4e62-894b-f11c68574878", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"81135", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/algo

apiVersion: v1
data:
  foo: test
immutable: true
kind: Secret
metadata:
  creationTimestamp: "2024-01-25T15:41:27Z"
  name: algo
  namespace: default
  ownerReferences:
  - apiVersion: bitnami.com/v1alpha1
    controller: true
    kind: SealedSecret
    name: algo
    uid: d4c320f0-0c29-4fa1-8062-95be006d4f59
  resourceVersion: "81344"
  uid: b2545f3b-938f-4901-90aa-2c2d78468984
type: Opaque

I can not reproduce the problem. Could you check with the latest version released, please?

Moreover, I tested it with in yaml format and it is working in my local too.

Thanks a lot

Álvaro

[tewfik-ghariani]

Hii alvneiayu

Thanks a lot for your feedback, I also tried the same steps again while using v0.25.0 and it worked successfully 👍

I think I understood what happened:
The commit f7196bb was included in the helm-chart release v2.14.0 but at that time the controller version was v0.24.5

The new controller version including the commit was then published as 0.25.0 which got updated in the helm-chart as part of the release v2.14.2 ( 2 releases after )

Thus my confusion 😅
Anyway, thanks for your efforts, I will close this issue