Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Hydra Maester] Creation no longer working from a CR #433

Open
5 of 6 tasks
sneko opened this issue Apr 21, 2022 · 2 comments
Open
5 of 6 tasks

[Hydra Maester] Creation no longer working from a CR #433

sneko opened this issue Apr 21, 2022 · 2 comments
Labels
bug Something is not working.

Comments

@sneko
Copy link

sneko commented Apr 21, 2022

Preflight checklist

Describe the bug

I'm using since a long time this kind of CR to create my clients:

apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: aaaaaaaaaaaaaaaaa
  namespace: bbbbbbbbbb
spec:
  grantTypes:
    - client_credentials
  redirectUris: []
  responseTypes:
    - token
  scope: standard
  secretName: xxxxxxxxx
  tokenEndpointAuthMethod: client_secret_post

And I never got into trouble. But maybe after the last update (either Kubernetes or Hydra Maester) now when applying a new oauth2client I get this error:

2022-04-21T14:06:47.548Z ERROR controller-runtime.manager.controller.oauth2client Reconciler error {"reconciler group": "hydra.ory.sh", "reconciler kind": "OAuth2Client", "name": "aaaaaaaaaaaaaaaaa", "namespace": "bbbbbbbbbb", "error": "OAuth2Client.hydra.ory.sh \"aaaaaaaaaaaaaaaaa\" is invalid: spec.metadata: Invalid value: \"null\": spec.metadata in body must be of type object: \"null\""}

It's quite hard to find information on internet but it could come from the type wrongly initiated... I tried multiple things according to my old other CR that worked a long time ago, that have other properties generated after creation. I tried to patch one by one and the only thing making it passes was to add the finalizer explicitly.

So if I'm using:

apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: aaaaaaaaaaaaaaaaa
  namespace: bbbbbbbbbb
  finalizers:
    - finalizer.ory.hydra.sh
spec:
  grantTypes:
    - client_credentials
  redirectUris: []
  responseTypes:
    - token
  scope: standard
  secretName: xxxxxxxxx
  tokenEndpointAuthMethod: client_secret_post

The Hydra Maester won't complain and will create immediately my client into Hydra.

It's so strange... any thought on this issue?

Thank you,

Reproducing the bug

Relevant log output

-

Relevant configuration

-

Version

Hydra Maester v0.0.26

On which operating system are you observing this issue?

No response

In which environment are you deploying?

No response

Additional Context
@sneko sneko added the bug Something is not working. label Apr 21, 2022
@adamstrawson
Copy link
Contributor

If there's been a recently update, do the RBAC resources for hydra-maester still exist and look correct against the chart template?

My feeling is that it's not able to patch to add the finaliser once you apply OAuth2Client

Just to note, we're running the same version and don't experience this issue.

@Demonsthere
Copy link
Collaborator

The maester has not been changed in a long while, I would rather look for the source in the k8s version used. But this is alarming as it may suggest that the current maester controller won't work properly on newer k8s versions 😞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adamstrawson @sneko @Demonsthere