Skip to content

CRDs need updating to support recent change in gcpsm auth provider #4616

New issue
New issue
Closed
#4622
Closed
CRDs need updating to support recent change in gcpsm auth provider#4616
#4622
Assignees
gusfcarvalho
Labels
good first issueGood for newcomerskind/bugCategorizes issue or PR as related to a bug.
@jbehrends

Description

@jbehrends
jbehrends
opened on Apr 4, 2025

Describe the bug
This PR brought an enhancement to the GCPSM auth provider so that Google Workload Identity values could automatically be looked up vs defining them.
#4575

However, the CRDs for a secretstore and clustersecretstore were not updated. Values which were required are no longer required. So currently you are not able to take advantage of this enhancement because you are blocked by the CRD still requiring the values to be set.

To Reproduce
Install version 0.15.1 using Helm.

Define a secretstore:

apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: test-secretstore
  namespace: testing
spec:
  provider:
    gcpsm:
      projectID: myproject-12345
      auth:
        workloadIdentity:
          serviceAccountRef:
            name: test

Then apply the secretstore:

$ kubectl apply -f ./secretstore.yaml
The SecretStore "test-secretstore" is invalid:
* spec.provider.gcpsm.auth.workloadIdentity.clusterLocation: Required value
* spec.provider.gcpsm.auth.workloadIdentity.clusterName: Required value
$

Expected behavior
The above secretstore should be able to be applied without defining clusterLocation or clusterName

I believe this needs to be fixed for both secretstore and clustersecretstore CRDs.

Metadata

Metadata

Assignees

Labels

good first issueGood for newcomerskind/bugCategorizes issue or PR as related to a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions