k8s [Hydra Maester] Creation no longer working from a CR

Preflight checklist

[X] I could not find a solution in the existing issues, docs, nor discussions.
[X] I agree to follow this project's Code of Conduct.
[X] I have read and am following this repository's Contribution Guidelines.
[X] This issue affects my Ory Cloud project.
[X] I have joined the Ory Community Slack.
[ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

I'm using since a long time this kind of CR to create my clients:

apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: aaaaaaaaaaaaaaaaa
  namespace: bbbbbbbbbb
spec:
  grantTypes:
    - client_credentials
  redirectUris: []
  responseTypes:
    - token
  scope: standard
  secretName: xxxxxxxxx
  tokenEndpointAuthMethod: client_secret_post

And I never got into trouble. But maybe after the last update (either Kubernetes or Hydra Maester) now when applying a new oauth2client I get this error:

2022-04-21T14:06:47.548Z ERROR controller-runtime.manager.controller.oauth2client Reconciler error {"reconciler group": "hydra.ory.sh", "reconciler kind": "OAuth2Client", "name": "aaaaaaaaaaaaaaaaa", "namespace": "bbbbbbbbbb", "error": "OAuth2Client.hydra.ory.sh \"aaaaaaaaaaaaaaaaa\" is invalid: spec.metadata: Invalid value: \"null\": spec.metadata in body must be of type object: \"null\""}

It's quite hard to find information on internet but it could come from the type wrongly initiated... I tried multiple things according to my old other CR that worked a long time ago, that have other properties generated after creation. I tried to patch one by one and the only thing making it passes was to add the finalizer explicitly.

So if I'm using:

apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: aaaaaaaaaaaaaaaaa
  namespace: bbbbbbbbbb
  finalizers:
    - finalizer.ory.hydra.sh
spec:
  grantTypes:
    - client_credentials
  redirectUris: []
  responseTypes:
    - token
  scope: standard
  secretName: xxxxxxxxx
  tokenEndpointAuthMethod: client_secret_post

The Hydra Maester won't complain and will create immediately my client into Hydra.

It's so strange... any thought on this issue?

Thank you,

Reproducing the bug

Relevant log output

Relevant configuration

Version

Hydra Maester v0.0.26

On which operating system are you observing this issue?

No response

In which environment are you deploying?

No response

Additional Context

Apr 21 '22 14:04 sneko

If there's been a recently update, do the RBAC resources for hydra-maester still exist and look correct against the chart template?

My feeling is that it's not able to patch to add the finaliser once you apply OAuth2Client

Just to note, we're running the same version and don't experience this issue.

Apr 26 '22 12:04 adamstrawson

The maester has not been changed in a long while, I would rather look for the source in the k8s version used. But this is alarming as it may suggest that the current maester controller won't work properly on newer k8s versions 😞

Apr 28 '22 09:04 Demonsthere