Keeper provider is failing with more than 1 secret found

[steinybot]

Describe the bug

I am trying to use the Keeper provider with an ExternalSecret and it fails with:

error processing spec.data[0] (key: g0lGOXdpGiudUUZaOpi0mA), err: more than 1 secret g0lGOXdpGiudUUZaOpi0mA found

To Reproduce

Steps to reproduce the behavior:

1. Create 2 shared folders in Keeper

2. Create a record in Keeper

3. Create a shortcut to that record in folder A

4. Create another shortcut to that record in folder B

5. Create a SecretStore for folder A:

    apiVersion: external-secrets.io/v1beta1
    kind: SecretStore
    metadata:
      name: keeper-store
      namespace: {{ .Release.Namespace }}
    spec:
      provider:
        keepersecurity:
          authRef:
            name: keeper-configuration
            key:  auth
          folderID: {{ .Values.keeperIds.folderAId | quote }}

6. Create an ExternalSecret that refers to that record in folder A:

    apiVersion: external-secrets.io/v1beta1
    kind: ExternalSecret
    metadata:
      name: argocd-notifications-secret
      namespace: {{ .Release.Namespace }}
    spec:
      refreshInterval: "0"
      secretStoreRef:
        kind: SecretStore
        name: keeper-store
      data:
        - secretKey: privateKey
          remoteRef:
            key: {{ .Values.keeperIds.recordId | quote }}
            property: private-key.pem
      target:
        template:
          engineVersion: v2
          data:
            privateKey: '{{ printf "{{ .privateKey }}" }}'

It will fail with the above error.

Removing the shortcut from folder B fixes the problem.

Expected behavior

It should get the record value.

Screenshots

Additional context

I know that the manifests are correct. I can get another ExternalSecret from the same SecretStore and simply
removing the additional shortcut from the unrelated folder in Keeper fixes it.

The id is unique by definition.

Using the Keeper Commander CLI works with no such issues.

[gusfcarvalho]

Hi @steinybot ! Keeper provider is a community maintained provider in alpha stability. I'm pinging here @ppodevlab (the original contributor and assigned maintainer on our support page), but beware it might be that this issue takes a long time to be really addressed.

thank you for the understanding 🙏

[pepordev]

this should be pretty simple to solve, by just picking the first secret found, i'll try to create PR today for it

[Skarlso]

@ppodevlabs Wouldn't this be a problem though if there happened to be not shortcuts but similar named ones? Can't you do a check that if there are multiple results are all the results shortcuts of th main secret?

[pepordev]

@ppodevlabs Wouldn't this be a problem though if there happened to be not shortcuts but similar named ones? Can't you do a check that if there are multiple results are all the results shortcuts of th main secret?

The provider is querying by RecordUID, not names. Only shortcuts can have the same ID as the main secrets. Other than that any other secret will get another RecordUID

[pepordev]

@Skarlso could you please reopen the issue as this was reverted?, i will create another PR

[Skarlso]

Done :)