[Bug]: When deleting or changing Api Key name NGINX Breaks/refuses update.

[benshalev849]

Version

3.7.0

What Kubernetes platforms are you running on?

Openshift

Steps to reproduce

Creating the following secret:

apiVersion: v1
kind: Secret
metadata:
  name: apikey-secret
type: nginx.org/apikey
stringData:
  client1: "demo"
  client2: "showcase"

Then attaching it to a policy:

apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
  name: apikey-policy
spec:
  apiKey:
    clientSecret: apikey-secret
    suppliedIn:
      header:
        - x-api-key

When deleting an api key using oc apply the object does not update, when deleting via OCP UI it deletes.

In addition when changing the name of a client the configuration will break and remove the api key authentication from the config file.

Only way that i have managed to delete/change name of API Keys is to completely delete the secret and re-create it.

[github-actions]

Hi @benshalev849 thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

[jjngx]

@benshalev849 could you please check what HTTP request OCP UI sends to delete the API key? What is the output of oc apply run in verbose mode? Are the requests send via oc cli and oc UI the same?

[jjngx]

@benshalev849 we will verify the behaviour using kubectl and local K8s cluster

[benshalev849]

@jjngx Okay, ty!
IF you need anything else let me know :)

[jjngx]

@jjngx Okay, ty! IF you need anything else let me know :)

#7384 (comment)

[vepatel]

@benshalev849 can you please provide us with above info

[benshalev849]

@jjngx @vepatel

Hey, i am sorry for the late response, been a busy few weeks...

We are an on prem deployment in a closed envrionment, copying the command to github is not really possible, when running it though i have not seen anything that may suggest it is related or broken.

Have you been able to replicate it locally with k8s?

Especially the change of name of the api key which just removes the api key config.

[vepatel]

@benshalev849 we tried to repro this but unfortunately couldn't. Would you be able to give us an failing example and partial conf please, one from the api-key example in this repo should be okay as well.

[vepatel]

@benshalev849 I tried changing the keys in data field of api-key-client-secret using kubectl apply and nginx seems to have picked up the changes. Can you try changing stringData to Data since keys are expected to be base64 encoded