Unable to marshal JSON into var when pulling from AWS secret manager

[rupert648]

Summary

When pulling a JSON value stored as a secret in an AWS secrets manager the following error is output

ERRO[0000] invalid payload: json: cannot unmarshal object into Go struct field Source.source.password of type string 

Steps to reproduce

We are pulling in variables from an AWS secrets manager. In this example our secret look something like follows

{
  "type": "some type",
  "project_id": "some private id",
  "private_key_id": "some private key",
}

We were passing this in as a variable for a field in a registry-image resource which needed the whole JSON object as its value in order to authenticate us to a remote repository (the password field)

# Where we will push the image
  - name: simple-image
    type: registry-image
    icon: docker
    source:
      repository: repo.io
      username:  username
      password: ((secret-name))
      tag: latest

Expected results

For the JSON password to remain as a String, be passed into the password field, to be used as normal for authentication

Actual results

After running fly set-pipeline we received the following error message in the simple-image resource which uses this password field.

ERRO[0000] invalid payload: json: cannot unmarshal object into Go struct field Source.source.password of type string 

It seems as though concourse tried to de-serialise the JSON object prior to inserting it, resulting in the above error.

Additional context

We tried completely stringifying the JSON object but received the same results.
We eventually found a fix, by doing the following.

Wrap the Json object in an accessor.

{
  "secret-name": {
    "type": "some type",
    "project_id": "some private id",
    "private_key_id": "some private key",
  }
}

Then changing our accessor to access it as follows

password: ((secret-name.secret-name))

But we still feel like this should be addressed.

Triaging info

• Concourse version: v7.8.2