-
-
Notifications
You must be signed in to change notification settings - Fork 737
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: template issues #160
fix: template issues #160
Conversation
@@ -59,10 +60,13 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu | |||
var externalSecret esv1alpha1.ExternalSecret | |||
|
|||
err := r.Get(ctx, req.NamespacedName, &externalSecret) | |||
if err != nil { | |||
if apierrors.IsNotFound(err) { | |||
syncCallsTotal.With(syncCallsMetricLabels).Inc() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When a user deletes the secret it should not be counted as a syncCallsError
After reading the code, I believe this might fix an issue when only specifying a template type, but not providing data which crashes the external secrets controller. |
right! That's something i didn't discover, thanks for pointing that out! |
Good catch! What @Sadzeih reported also happened with someone else that pinged me on slack. Was going to open a issue for it 馃槄 |
/approve |
/merge |
This fixes #124 and #125.
What was the issue?
It did not work as documented.
Secret.Metadata
andSecret.Data
was not updated after the external-secret has been changed:CreateOrUpdate
does a.Get()
before.Update()
and modifies the object at the pointer.Data: []byte
. users would have to base64 encode the template string 馃槹. This is now a simplestring
like it should have been from the get-go.Example:
Given a
json-string={"mykey": "foobar"}
we get a Secret with:When we update the ExternalSecret's metadata or template then the secret will change aswell.
I will add proper template-tests later (i did the tests manually for now), i feel like we should refactor the controller_tests like the aws/secrets-manager.