Error in Rewriting Keys in DataFrom documentation #1488
Description
Describe the solution you'd like
The documentation on the page Rewriting Keys in DataFrom is incorrect about the order the conversion strategy is applied for AWS providers.
The question, is the documentation wrong, or is there a bug in the code? This may only be an issue with AWS providers.
Give us examples of the outcome
Update the docs or bug fix?
"Rewrite operations are all applied after ConversionStrategy is applied. This means if your path contains any invalid character that get replaced with underscore, your source regex must match the underscore not the original character."
Observations (Constraints, Context, etc):
External Secrets version = 0.5.9
Example:
If I have a multiple secrets in AWS SSM ParameterStore with the following paths
/path/to/my/secret/secret1
/path/to/my/secret/secret2
And I want to create a Kubernetes Secret with the following
data:
secret1: dGVzdA==
secret2: dGVzdA==I must use the following "dataFrom" filter
dataFrom:
- find:
path: "/path/to/my/secret/"
name:
regexp: "/path/to/my/secret/.*"
rewrite:
- regexp:
source: "_path_to_my_secret_(.*)"
target: "$1"I would expect the following to work according to the documentation
dataFrom:
- find:
path: "/path/to/my/secret/"
name:
regexp: "/path/to/my/secret/.*"
rewrite:
- regexp:
source: "/path/to/my/secret/(.*)"
target: "$1"Looks like the cause is here in the AWS providers
- Secrets Manager https://github.com/external-secrets/external-secrets/blob/v0.5.9/pkg/provider/aws/secretsmanager/secretsmanager.go#L162
- ParameterStore https://github.com/external-secrets/external-secrets/blob/v0.5.9/pkg/provider/aws/parameterstore/parameterstore.go#L112
Looks like Vault doesn't do this