You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happens since then is that I cannot apply a Secret for Credentials without specifying the field redirect_uris. In my case, I'm not planning on using redirect_uris, as I'm doing machine-to-machine.
Expected Behavior
The Admission Webhook should accept Credential Secret without redirect_uris.
will result with the following error message: unable to update secret test-oauth2-bapi: admission webhook \"secrets.credentials.validation.ingress-controller.konghq.com\" denied the request: consumer credential failed validation: missing required field(s): redirect_uris","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...[]).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:316\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...[]).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:263\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...[]).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:224"
I have tried:
setting the field to an empty value: same error as previous
setting the field to "[]", secret is created, BUT the kong-controller errors: schema violation (redirect_uris.1: cannot parse '[]')\")
setting the field to "null", secret is created, BUT the kong-controller errors: schema violation (redirect_uris.1: cannot parse 'null')\")
setting the field to ",", secret is created, BUT the kong-controller errors: (redirect_uris.1: length must be at least 1; redirect_uris.2: length must be at least 1)\")", "error": "object failed to apply"}
setting the field to "http://fake" works just fine BUT this is not a satisfactory workaround
I ended up going to the admin UI and there, I can save Credentials without redirect_uris.
The temporary fix that I have currently in place to make it work is to set controller.ingressController.admissionWebhook.filterSecrets to true in the values.yaml to go back to the behaviour prior to kong helm release 2.44.0.
### Kong Ingress Controller version
```shell
{ "version": "3.9.0.0", "tagline": "Welcome to kong", "hostname": "ingress-kong-gateway-7474449596-mbbhp", "lua_version": "LuaJIT 2.1.0-20231117.1" }
An array with **one or more** URLs in your app where users will be sent after authorization ([RFC 6742 Section 3.1.2](https://tools.ietf.org/html/rfc6749#section-3.1.2))
Having said that I'm not sure we can allow to not provide this field.
Leaving this open as there might be something that I'm missing here.
Is there an existing issue for this?
Current Behavior
Hi,
Since ingress helm chart 0.15.1, we are using kong helm chart 2.44.0 release.
This release add the following change:
What happens since then is that I cannot apply a Secret for Credentials without specifying the field
redirect_uris
. In my case, I'm not planning on usingredirect_uris
, as I'm doing machine-to-machine.Expected Behavior
The Admission Webhook should accept Credential Secret without redirect_uris.
Steps To Reproduce
will result with the following error message:
unable to update secret test-oauth2-bapi: admission webhook \"secrets.credentials.validation.ingress-controller.konghq.com\" denied the request: consumer credential failed validation: missing required field(s): redirect_uris","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...[]).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:316\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...[]).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:263\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...[]).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:224"
I have tried:
schema violation (redirect_uris.1: cannot parse '[]')\")
schema violation (redirect_uris.1: cannot parse 'null')\")
(redirect_uris.1: length must be at least 1; redirect_uris.2: length must be at least 1)\")", "error": "object failed to apply"}
I ended up going to the admin UI and there, I can save Credentials without redirect_uris.
The temporary fix that I have currently in place to make it work is to set
controller.ingressController.admissionWebhook.filterSecrets
totrue
in thevalues.yaml
to go back to the behaviour prior to kong helm release 2.44.0.Kubernetes version
Anything else?
No response
The text was updated successfully, but these errors were encountered: