gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.54k stars 1.75k forks source link

Operator doesn't handle OIDCConnectors with `max_age` set #48165

Open hugoShaka opened 2 hours ago

hugoShaka commented 2 hours ago

Expected behavior:

I create a teleport_oidc_connector CR with spec.max_age set and the operator reconciles it.

Current behavior:

The operator fails to convert the resource:

Failed to decode Kubernetes CR: strict decoding error: unknown field "spec.max_age"

reason: FailedToDecode
status: 'False'
type: validStructure

Bug details:

hugoShaka commented 2 hours ago

A potential fix would be a custom JSON unmarshaler:

// UnmarshalJSON serializes a JSON string into a spec. This override is required to deal with the
// MaxAge field which is special case because it's an object embedded into the spec.
func (spec TeleportOIDCConnectorSpec) UnmarshalJSON(data []byte) error {
    type Alias TeleportOIDCConnectorSpec
    temp := struct {
        MaxAge types.Duration `json:"max_age"`
        Alias
    }{
        Alias: (Alias)(spec),
    }
    if err := json.Unmarshal(data, &temp); err != nil {
        return trace.Wrap(err, "unmarshalling custom teleport oidc connector spec")
    }
    spec.MaxAge = &types.MaxAge{Value: temp.MaxAge}
    return nil
}