still requesting AWS Secrets / SSM Parameters if region is provided and function disabled

Question

still requesting AWS Secrets / SSM Parameters if region is provided and function disabled

bdellegrazie opened this issue a year ago · 0 comments

Describe the bug

In the helm chart, there is a value representing concourse.web.awsSecretsManager.enabled and similarly concourse.web.awsSsm.enabled. These values default to false.

If the concourse.web.awsSecretsManager.region or concourse.web.awsSsm.region are supplied Concourse still tries to look for secrets in AWS SecretsManager or SSM respectively, even though the enabled flag is false.

Reproduction steps

Deploy on AWS via helm using values file:

concourse:
  web:
    awsSecretsManager:
       region: us-east-1
    awsSsm:
       region: us-east-1

(default for enabled flag is false)
deploy a pipeline that expects a secret and Concourse will go looking in SecretsManager / Ssm for that secret.

Expected behavior

Concourse looks only in Kubernetes Secrets

Additional context

looks trivial to fix, will raise a PR