Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KubernetesAuthEngineRole unknown field "spec.targetNamespaceSelector" #178

Open
alex-old-user opened this issue Jul 24, 2023 · 1 comment
Open

KubernetesAuthEngineRole unknown field "spec.targetNamespaceSelector" #178

alex-old-user opened this issue Jul 24, 2023 · 1 comment

Comments

@alex-old-user
Copy link

Hi, I believe there is a bug

as per https://github.com/redhat-cop/vault-config-operator/blob/main/docs/auth-engines.md#kubernetesauthenginerole
the KubernetesAuthEngineRole type has

spec:
  targetNamespaceSelector:

however, that's not the case. I've got the following error after applying the example

strict decoding error: unknown field "spec.targetNamespaceSelector"

checking the Golang types in api/v1alpha1/utils/commons.go and api/v1alpha1/kubernetesauthenginerole_types.go
shows

type KubernetesSecretEngineRoleSpec struct {
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`
	Path vaultutils.Path `json:"path,omitempty"`
	TargetNamespaces vaultutils.TargetNamespaceConfig `json:"targetNamespaces,omitempty"`
	KubeSERole `json:",inline"`
}

type TargetNamespaceConfig struct {
	TargetNamespaceSelector *metav1.LabelSelector `json:"targetNamespaceSelector,omitempty"`
	TargetNamespaces []string `json:"targetNamespaces,omitempty"`
}

which corresponds to the following yaml

# either 

  targetNamespaces:
    targetNamespaces:
      - default
    
# or 

  targetNamespaces:
    targetNamespaceSelector:
      matchLabels:
        foo: bar

additionally, spec.targetNamespaces.targetNamespaces is hard to comprehend
@grandwizard28
Copy link

grandwizard28 commented Oct 29, 2023
edited
Loading

+1 on this.

  1. Specifying
targetNamespaceSelector:
      matchLabels:
        foo: bar

(as per the documentation) fails with the error

Error from server (BadRequest): error when creating ********: KubernetesAuthEngineRole in version "v1alpha1" cannot be handled as a KubernetesAuthEngineRole: strict decoding error: unknown field "spec.targetNamespaceSelector"
  1. Specifying
targetNamespaces:
   - default

fails with the error

Error from server: error when creating ********: admission webhook "mkubernetesauthenginerole.kb.io" denied the request: json: cannot unmarshal array into Go struct field KubernetesAuthEngineRoleSpec.spec.targetNamespaces of type utils.TargetNamespaceConfig

@alex-old-user has already pointed out the correct way of specifying either of them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grandwizard28 @alex-old-user