Error vendoring rook crds

[Pythoner6]

I ran into this error

9:47PM ERR could not convert schema for version v1alpha1 to CUE: constraint not allowed because type array is excluded

while trying to run timoni mod vendor crd -f ... for the rook crds (https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/templates/resources.yaml). Specifically it seems to be the ObjectBucket crd causing problems:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: objectbuckets.objectbucket.io
  annotations:
    helm.sh/resource-policy: keep
spec:
  group: objectbucket.io
  names:
    kind: ObjectBucket
    listKind: ObjectBucketList
    plural: objectbuckets
    singular: objectbucket
    shortNames:
      - ob
      - obs
  scope: Cluster
  versions:
    - name: v1alpha1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                storageClassName:
                  type: string
                endpoint:
                  type: object
                  nullable: true
                  properties:
                    bucketHost:
                      type: string
                    bucketPort:
                      type: integer
                      format: int32
                    bucketName:
                      type: string
                    region:
                      type: string
                    subRegion:
                      type: string
                    additionalConfig:
                      type: object
                      nullable: true
                      x-kubernetes-preserve-unknown-fields: true
                authentication:
                  type: object
                  nullable: true
                  items:
                    type: object
                    x-kubernetes-preserve-unknown-fields: true
                additionalState:
                  type: object
                  nullable: true
                  x-kubernetes-preserve-unknown-fields: true
                reclaimPolicy:
                  type: string
                claimRef:
                  type: object
                  nullable: true
                  x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-preserve-unknown-fields: true
      subresources:
        status: {}

Unfortunately I'm not super well versed in k8s crd definitions, and the error message is very obtuse (I had to manually check which resource it even was because all it gave me was the version), so I'm really not sure what's going on here.

[Pythoner6]

After some experimentation it looks like the authentication field is what's causing the problem. I'm actually not sure it's even supposed to exist in this definition.

[stefanprodan]

Ok so I've been looking into this and the rook CRD does not have a valid OpenAPI schema, the authentication type should've been array for it to have items.

[Pythoner6]

Yeah that makes sense. Interesting that this has been around for so long without being noticed. Based on what I've been able to find I have a hunch that field wasn't supposed to get serialized at all in the first place. I'll probably just patch that out on my end for now, and report it upstream then. Thanks!

[stefanprodan]

The authentication field is meant for internal usage and not be part of the CRD https://github.com/kube-object-storage/lib-bucket-provisioner/blob/d1a8c34382f127670e363ae925ae6087e8b2c7bf/pkg/apis/objectbucket.io/v1alpha1/objectbucket_types.go#L97 notice the json:"-", best way is to patch the YAML before importing it to remove that field.

[Pythoner6]

Yep, that's what I've done.