vault-config-operator icon indicating copy to clipboard operation
vault-config-operator copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

KubernetesAuthEngineRole unknown field "spec.targetNamespaceSelector"

Open alex-old-user opened this issue 1 year ago • 1 comments

Hi, I believe there is a bug

as per https://github.com/redhat-cop/vault-config-operator/blob/main/docs/auth-engines.md#kubernetesauthenginerole the KubernetesAuthEngineRole type has

spec:
  targetNamespaceSelector:

however, that's not the case. I've got the following error after applying the example

strict decoding error: unknown field "spec.targetNamespaceSelector"

checking the Golang types in api/v1alpha1/utils/commons.go and api/v1alpha1/kubernetesauthenginerole_types.go shows

type KubernetesSecretEngineRoleSpec struct {
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`
	Path vaultutils.Path `json:"path,omitempty"`
	TargetNamespaces vaultutils.TargetNamespaceConfig `json:"targetNamespaces,omitempty"`
	KubeSERole `json:",inline"`
}

type TargetNamespaceConfig struct {
	TargetNamespaceSelector *metav1.LabelSelector `json:"targetNamespaceSelector,omitempty"`
	TargetNamespaces []string `json:"targetNamespaces,omitempty"`
}

which corresponds to the following yaml

# either 

  targetNamespaces:
    targetNamespaces:
      - default
    
# or 

  targetNamespaces:
    targetNamespaceSelector:
      matchLabels:
        foo: bar

additionally, spec.targetNamespaces.targetNamespaces is hard to comprehend

alex-old-user avatar Jul 24 '23 15:07 alex-old-user