can't set objectAlias to other names

[ozbillwang]

What steps did you take and what happened:

I have to set objectAlias to secretalias, if I choice to other names, secret is not created.

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: akvprovider-demo
  namespace: test-only
spec:
  provider: azure
  secretObjects:
  - secretName: foosecret
    type: Opaque
    data:
    - objectName: SECRET_1
      key: ADMIN-PASSWORD
    # - objectName: secretalias
    #    key: ADMIN-PASSWORD
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "true"
    userAssignedIdentityID: "xxxx-xxxx-xxxx-xxxx-xxxxxxxx"
    keyvaultName: keycloak-prod-secret
    objects: |
      array:
        - |
          objectName: ADMIN-PASSWORD
          objectType: secret
          objectAlias: SECRET_1
          objectVersion: ''
        # - |
        #   objectName: ADMIN-PASSWORD
        #   objectType: secret
        #   objectAlias: secretalias
        #   objectVersion: ''
    tenantId:  "xxxx-xxxx-xxxx-xxxx-xxxxxxxx"

So if I switch to use secretalias in objectAlias, after I apply it, the secret foosecret created immediately. But if I change the name to others, such as secretalias01, SECRET_1, no secret is created.

What did you expect to happen:

after apply above yaml file, a secret foosecret need be created automatically.

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

Which provider are you using:

aks-secrets-store-csi-driver aks-secrets-store-provider

Environment:

• Secrets Store CSI Driver version: (use the image tag):

    Image:         mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
    Image:         mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4
    Image:         mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0

• Kubernetes version: (use kubectl version):

kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.27.3
Kustomize Version: v5.0.1
Server Version: v1.26.3

[aramase]

@ozbillwang If you define an object alias, you'll need to ensure the objectName matches the alias value. It's documented here: https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/configurations/sync-with-k8s-secrets/. If the k8s secret isn't being created, you can look at the driver logs to see errors: https://secrets-store-csi-driver.sigs.k8s.io/troubleshooting.html

[ozbillwang]

I do ensure the objectName matches the alias value, I can successfully create the secrets when the alias name is secretalias but if change to others, I can't.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.