Invalid extKeyUsage expression

[delubi-ro]

The extKeyUsage in pki secret engine role CRD appears to expect an array of strings.

I have a CR manifest file defined as

apiVersion: redhatcop.redhat.io/v1alpha1
kind: PKISecretEngineRole
metadata:
  name: test-role
spec:
  authentication:
    path: kubernetes
    role: admin
    serviceAccount:
      name: default
  path: pki
  allowSubdomains: true
  allowAnyName: true
  maxTTL: "360h"
  extKeyUsage:
    - ServerAuth
    - ClientAuth

Got the following error during kubectl apply

The PKISecretEngineRole "test-role" is invalid: spec.extKeyUsage: Unsupported value: []interface {}{"ServerAuth", "ClientAuth"}: supported values: "ServerAuth", "ClientAuth", "CodeSigning", "EmailProtection", "IPSECEndSystem", "IPSECTunnel", "IPSECUser", "TimeStamping", "OCSPSigning", "MicrosoftServerGatedCrypto", "NetscapeServerGatedCrypto", "MicrosoftCommercialCodeSigning", "MicrosoftKernelCodeSigning"

Expected outcome: No error.

Vault config operator version: v0.8.24

[raffaelespazzoli]

yeah, there is an error in the kubebuilder annotation. the right approach is documented here: kubernetes-sigs/kubebuilder#2812 we will queue the work for a fix, or perhaps you could contributed it.