Unable to get all parameters under a path from AWS SSM Parameter Store

[carlosbustillordguez]

I am using the following manifest for the ExternalSecret to get all parameters(testing/t1 and /testing/t2) under /testing/:

apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
  name: externalsecret-parameter-store 
  namespace: dev
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: secretstore-parameter-store
    kind: SecretStore
  target:
    name: my-new-secret-from-aws # secret-to-be-created
    creationPolicy: Owner
  dataFrom: # retrieve all parameters under that key
  - key: /testing/ # doesn't work

From the ESO pod logs I can see:

{"level":"info","ts":1633702995.2443388,"logger":"provider.aws.parameterstore","msg":"fetching secret map","key":"/testing/"}
{"level":"info","ts":1633702995.2443714,"logger":"provider.aws.parameterstore","msg":"fetching secret value","key":"/testing/"}
{"level":"error","ts":1633702995.2656004,"logger":"controllers.ExternalSecret","msg":"could not reconcile ExternalSecret","ExternalSecret":"dev/externalsecret-parameter-store","SecretStore":"dev/secretstore-parameter-store","error":"could not get secret data from provider: key \"/testing/\" from ExternalSecret \"externalsecret-parameter-store\": ValidationException: Parameter name: can't be prefixed with \"ssm\" (case-insensitive). If formed as a path, it can consist of sub-paths divided by slash symbol; each sub-path can be formed as a mix of letters, numbers and the following 3 symbols .-_\n\tstatus code: 400, ","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.3/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.3/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.3/pkg/internal/controller/controller.go:214"}

I suspect the error is related to how the parameter path is parsed, the faced error is a generic error when the parameter name doesn't have the expected format.

Is there a way to fetch all parameters under a path? I am looking something like this: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ssm/get-parameters-by-path.html

[knelasevero]

We don't support that right now. The way where we get multiple key/values to store in a kubernetes secrets is by expecting the secret in the external provider to be a JSON string.

https://external-secrets.io/guides-all-keys-one-secret/