You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My expectation was that this changing the data of an immutable secret with force: true does work
ACTUAL RESULTS
fatal: [test-cluster -> localhost]: FAILED! => changed=false
msg: 'Failed to replace object: b''{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Secret \\"some-secret\\" is invalid: data: Forbidden: field is immutable when `immutable` is set","reason":"Invalid","details":{"name":"some-secret","kind":"Secret","causes":[{"reason":"FieldValueForbidden","message":"Forbidden: field is immutable when `immutable` is set","field":"data"}]},"code":422}\n'''
reason: Unprocessable Entity
The text was updated successfully, but these errors were encountered:
@sebhoss this is a server-side issue. The force=true option replaces the resource whether it exists or not. A post request is issued to the server, however, it fails because you have set immutable=true. The only way to fix that is to delete and re-create the secret
SUMMARY
I have a secret that sets its
immutable
field totrue
and thus cannot be changed through a normal apply operation but requires a replacement in case itsdata
does change. According to https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html#parameter-force a replacement should have happened but it fails insteadISSUE TYPE
COMPONENT NAME
kubernetes.core.k8s
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Fedora 40
STEPS TO REPRODUCE
Use the following secret (or any other that sets
immutable: true
):EXPECTED RESULTS
My expectation was that this changing the data of an immutable secret with
force: true
does workACTUAL RESULTS
The text was updated successfully, but these errors were encountered: