Skip to content

feat(aws): parametersstore support for aws tags#4967

Merged
Skarlso merged 8 commits intoexternal-secrets:mainfrom
gofogo:feat-pushsecrets-4701
Jul 2, 2025
Merged

feat(aws): parametersstore support for aws tags#4967
Skarlso merged 8 commits intoexternal-secrets:mainfrom
gofogo:feat-pushsecrets-4701

Conversation

@ivankatliarchuk
Copy link
Copy Markdown
Contributor

@ivankatliarchuk ivankatliarchuk commented Jun 30, 2025
edited
Loading

Problem Statement

What is the problem you're trying to solve?

  • AWS Parameter store to support tags for create/modify/delete

Related Issue

Fixes #4701

Follow-up #1821 as currently tags added only on new secret creation.

Proposed Changes

How do you like to solve the issue and why?

Added support

  • created AWS parameter with tags
  • update tags
  • remove tags

Checklist

  • I have read the contribution guidelines
  • All commits are signed with git commit --signoff
  • My changes have reasonable test coverage
  • All tests pass with make test
  • I ensured my PR is ready for review with make reviewable

Smoke testing

---
apiVersion: v1
kind: Namespace
metadata:
  name: external-secrets
---
# https://external-secrets.io/latest/api/secretstore/
apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
  name: aws-parameterstore
  namespace: external-secrets
spec:
  provider:
    aws:
      service: ParameterStore
      region: eu-west-1
---
# https://external-secrets.io/latest/api/generator/password/
apiVersion: generators.external-secrets.io/v1alpha1
kind: Password
metadata:
  name: my-password
  namespace: external-secrets
spec:
  length: 12
  digits: 5
  symbols: 5
  symbolCharacters: "-_"
  noUpper: false
  allowRepeat: true
---
# https://external-secrets.io/latest/api/pushsecret/
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: pushsecret-example
  namespace: external-secrets
  labels:
    issue-number: "issue-4701"
spec:
  deletionPolicy: Delete
  refreshInterval: 1m
  secretStoreRefs:
    - name: aws-parameterstore
      kind: SecretStore
  selector:
    generatorRef:
      apiVersion: generators.external-secrets.io/v1alpha1
      kind: Password
      name: my-password
  data:
    - match:
        remoteRef:
          remoteKey: my-parameter-01
      metadata:
        apiVersion: kubernetes.external-secrets.io/v1alpha1
        kind: PushSecretMetadata
        spec:
          tags:
            secret-store: aws-parameterstore
            refresh-interval: 2m
            description: "This is a test parameter pushed from Kubernetes"

Created (with tags)

Screenshot 2025-06-30 at 07 26 33

Added extra tag(s) and modified tag

Screenshot 2025-06-30 at 07 30 24

Deleted few tags

Screenshot 2025-06-30 at 07 32 03

Deleted all tags (only required managed tags left)

Screenshot 2025-06-30 at 07 33 31

Added tags back in
Screenshot 2025-06-30 at 07 34 34

@ivankatliarchuk ivankatliarchuk requested a review from a team as a code owner June 30, 2025 05:59
@ivankatliarchuk ivankatliarchuk requested a review from moolen June 30, 2025 05:59
@ivankatliarchuk ivankatliarchuk marked this pull request as draft June 30, 2025 06:00
@ivankatliarchuk ivankatliarchuk force-pushed the feat-pushsecrets-4701 branch from d9bcfc9 to 6a8b4ee Compare June 30, 2025 06:15
@ivankatliarchuk
feat(aws): parametersstore support for aws tags
6ba122e 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@ivankatliarchuk ivankatliarchuk force-pushed the feat-pushsecrets-4701 branch from 6a8b4ee to 6ba122e Compare June 30, 2025 07:17
@ivankatliarchuk ivankatliarchuk marked this pull request as ready for review June 30, 2025 07:19
@ivankatliarchuk
Copy link
Copy Markdown
Contributor Author

ivankatliarchuk commented Jun 30, 2025

Hi @Skarlso, have a look when you have time

@ivankatliarchuk
feat(aws): parametersstore support for aws tags
b8d1921 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@ivankatliarchuk
feat(aws): parametersstore support for aws tags
973fb1a 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@ivankatliarchuk
feat(aws): parametersstore support for aws tags
fac7720 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@ivankatliarchuk
feat(aws): parametersstore support for aws tags
09b04d9 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Jul 1, 2025

will take a look at this tomorrow

Skarlso
Skarlso reviewed Jul 2, 2025
View reviewed changes
Skarlso
Skarlso reviewed Jul 2, 2025
View reviewed changes
Skarlso
Skarlso reviewed Jul 2, 2025
View reviewed changes
@ivankatliarchuk @Skarlso
feat(aws): parametersstore support for aws tags
0d0a785 
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ivan Ka <5395690+ivankatliarchuk@users.noreply.github.com>
@ivankatliarchuk ivankatliarchuk requested a review from Skarlso July 2, 2025 10:13
@ivankatliarchuk
feat(aws): parametersstore support for aws tags
2aff78e 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Jul 2, 2025

@ivankatliarchuk You need to update the branch then it's good to go.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Jul 2, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ivankatliarchuk
Copy link
Copy Markdown
Contributor Author

ivankatliarchuk commented Jul 2, 2025

Sure. Done

@Skarlso Skarlso merged commit 9130d1c into external-secrets:main Jul 2, 2025
19 checks passed
@ivankatliarchuk ivankatliarchuk deleted the feat-pushsecrets-4701 branch July 2, 2025 15:41
alliseeisgold pushed a commit to alliseeisgold/external-secrets that referenced this pull request Jul 10, 2025
@ivankatliarchuk @Skarlso
feat(aws): parametersstore support for aws tags (external-secrets#4967)
c4b8071 
* feat(aws): parametersstore support for aws tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

* feat(aws): parametersstore support for aws tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

* feat(aws): parametersstore support for aws tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

* feat(aws): parametersstore support for aws tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

* feat(aws): parametersstore support for aws tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

* feat(aws): parametersstore support for aws tags

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ivan Ka <5395690+ivankatliarchuk@users.noreply.github.com>

* feat(aws): parametersstore support for aws tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

---------

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
Signed-off-by: Ivan Ka <5395690+ivankatliarchuk@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: asrormirzoev <asrormirzoev@yandex-team.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Skarlso Skarlso Skarlso approved these changes

@moolen moolen Awaiting requested review from moolen moolen was automatically assigned from external-secrets/maintainers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support for setting AWS tags in PushSecrets using AWS Parameterstore

2 participants

@ivankatliarchuk @Skarlso