history reports duplicate version numbers for Parameter Store key #491
Description
The output of history reports duplicate version numbers for the same Parameter Store key.
Initially, I created 3 versions of the same key.
$ AWS_REGION=us-east-1 CHAMBER_KMS_KEY_ALIAS=xx/foo/kms-key ./chamber-v2.14.1-linux-amd64 \
write --verbose foo/foo88 my-key-82 -- my-value-82
$ AWS_REGION=us-east-1 CHAMBER_KMS_KEY_ALIAS=xx/foo/kms-key ./chamber-v2.14.1-linux-amd64 \
write --verbose foo/foo88 my-key-82 -- my-value-AA
$ AWS_REGION=us-east-1 CHAMBER_KMS_KEY_ALIAS=xx/foo/kms-key ./chamber-v2.14.1-linux-amd64 \
write --verbose foo/foo88 my-key-82 -- my-value-82
List the history of the versions. Note how the two most recent versions are both reported as version 2.
$ AWS_REGION=us-east-1 ./chamber-v2.14.1-linux-amd64 history foo/foo88 my-key-82
Event Version Date User
Created 1 2024-05-16 18:30:11 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Updated 2 2024-05-16 18:37:00 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Updated 2 2024-05-16 18:37:02 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Version 1 and the initial version 2 can be referenced directly, by number.
$ AWS_REGION=us-east-1 ./chamber-v2.14.1-linux-amd64 read foo/foo88 my-key-82 --version 1
Key Value Version LastModified User
my-key-82 my-value-82 1 2024-05-16 18:30:11 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
$ AWS_REGION=us-east-1 ./chamber-v2.14.1-linux-amd64 read foo/foo88 my-key-82 --version 2
Key Value Version LastModified User
my-key-82 my-value-AA 2 2024-05-16 18:37:00 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Unfortunately, the third version cannot be referenced by number. However, it can be referenced by relative number (-1 is latest).
$ AWS_REGION=us-east-1 ./chamber-v2.14.1-linux-amd64 read foo/foo88 my-key-82 --version 3
Error: Failed to read: secret not found
$ AWS_REGION=us-east-1 ./chamber-v2.14.1-linux-amd64 read foo/foo88 my-key-82 --version -1
Key Value Version LastModified User
my-key-82 my-value-82 2 2024-05-16 18:37:02 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Now, create a fourth version of this key.
$ AWS_REGION=us-east-1 CHAMBER_KMS_KEY_ALIAS=xx/foo/kms-key ./chamber-v2.14.1-linux-amd64 \
write --verbose foo/foo88 my-key-82 -- my-value-BB
The history still reports the two items as having version 2, and the most recent (fourth) version is listed as version 3.
$ AWS_REGION=us-east-1 ./chamber-v2.14.1-linux-amd64 history foo/foo88 my-key-82
Event Version Date User
Created 1 2024-05-16 18:30:11 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Updated 2 2024-05-16 18:37:00 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Updated 2 2024-05-16 18:37:02 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Updated 3 2024-05-16 18:49:58 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
However, a screenshot of the AWS console reports distinct versions 1, 2, 3, and 4. Note how the Last modified date column in the AWS console reports the same timestamps as found in the output of the chamber history command above.
Note also how the following command fetches version 3 (according to Chamber), but in fact, the timestamp corresponds to Version 4 within the AWS console. As further confirmation, the value corresponds to the fourth version of the key, as modified by the chamber write command earlier in this issue description.
$ AWS_REGION=us-east-1 ./chamber-v2.14.1-linux-amd64 read foo/foo88 my-key-82 --version 3
Key Value Version LastModified User
my-key-82 my-value-BB 3 2024-05-16 18:49:58 arn:aws:sts::123456789012:assumed-role/other-admin/[email protected]
Therefore, it would seem that Chamber may have a bug in how it tracks/reports version numbers of a Parameter Store key's history.
Although I have not been able to reproduce this, I searched previous Issues in this repo and found issue #308, which seems to report a similar bug.