AM0014 [DISABLED]

verify_secrets

NOTICE: This validator has been disabled and is only documented here for historical purposes.

Problematic configuration:

1. secrets in addon.yaml doesn't exist in app-interface's saas-mt-SelectorSyncSet.yaml

# addon.yaml
secrets:
- name: secret-one
  type: Opaque
  vaultPath: mtsre/quay/osd-addons/secrets/random-operator-1/secret-one
- name: secret-two
  type: kubernetes.io/dockerconfigjson
  vaultPath: mtsre/quay/osd-addons/secrets/random-operator-1/secret-two

# saas-mt-SelectorSyncSet.yaml

...

secretParametes:
- name: secret-four
  secret:
    path: mtsre/quay/osd-addons/secrets/random-operator-23/secret-four
    field: db.endpoint
- name: secret-seven
  secret:
    path: mtsre/quay/osd-addons/secrets/random-operator-7/secret-seven
    field: res.url

...

For the parameters in SSS (kind: Template) to be successfully populated, all secrets defined in addon.yaml should be present in the SaaS file.

2. secret[*].vaultPath in addon.yaml doesn't match secretParameters[*].secret.path

# addon.yaml
secrets:
- name: secret-two
  type: kubernetes.io/dockerconfigjson
  vaultPath: mtsre/quay/osd-addons/secrets/random-operator-1/secret-two

# saas-mt-SelectorSyncSet.yaml

...

secretParametes:
- name: secret-two
  secret:
    path: mtsre/quay/osd-addons/secrets/random-operator-3/random-path
    field: db.endpoint
- name: secret-seven
  secret:
    path: mtsre/quay/osd-addons/secrets/random-operator-7/secret-seven
    field: res.url

...

The vaultPath of secret-two in addon.yaml does not match the path provided in secretParameters of saas-mt-SelectorSyncSet.yaml.

Correct configuration:

1. All the secrets in addon.yaml should be present in secretParameters of app-interface's saas-mt-SelectorSyncSet.yaml and all the vaultPaths of each of the secrets in addon.yaml should match the corresponding paths of secrets in secretParameters.

# addon.yaml
secrets:
- name: secret-one
  type: Opaque
  vaultPath: mtsre/quay/osd-addons/secrets/random-operator-1/secret-one
- name: secret-two
  type: kubernetes.io/dockerconfigjson
  vaultPath: mtsre/quay/osd-addons/secrets/random-operator-1/secret-two

# saas-mt-SelectorSyncSet.yaml

...

secretParametes:
- name: secret-one
  secret:
    path: mtsre/quay/osd-addons/secrets/random-operator-1/secret-one
    field: db.endpoint
- name: secret-two
  secret:
    path: mtsre/quay/osd-addons/secrets/random-operator-1/secret-two
    field: res.url

...

All secrets of addon.yaml are present in secretParameters of saas-mt-SelectorSyncSet.yaml
vaultPaths of each of the secrets of addon.yaml match with corresponding secretParameters in saas-mt-SelectorSyncSet.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AM0014 [DISABLED]

verify_secrets

Problematic configuration:

Correct configuration:

Clone this wiki locally