Recovering from an invalid key in Vault by vault-secrets-operator in VaultSecret object #192
Description
Vault-Secerts-Operator helm chart version: 1.19.1
AWS EKS Version: v1.24
What is happening:
After inserting an invalid value in Vault, for example with additional space (like: "TEST_OBJECT ") VaultSecret object shows an error state (which at this moment is demanded) like:
Secret "NAME_OF_SECRET" is invalid: data[TEST_OBJECT ]: Invalid
value: "TEST_OBJECT ": a valid config key must consist of
alphanumeric characters, '-', '_' or '.' (e.g. 'key.name', or
'KEY_NAME', or 'key-name', regex used for validation is
'[-._a-zA-Z0-9]+')
After fixing the key value in Vault (in that case, remove hidden space) - it doesn't cause the VaultSecret object to be updated/recreated and thus Secret. IMO it should retry, for example, every 1 minute to query the Vault if the value has been fixed.
In that case, only deleting/recreating either VaultSecret or vault-secrets-operator pod solves the problem.
Expected behaviour:
After fixing the invalid syntax value in Vault - the vault-secrets-operator should update VaultSecret and Secret object. It should query periodically if the wrong object is fixed to propagate new values, instead of beginning stuck.