Incorrect Subject structure for KubeFlowSchema

[scohen-nd]

Description of the bug:

KubeFlowSchema resource from src/imports/k8s.ts file, is reliant on a Subject interface that is using the wrong object layout. - leading to invalid resource when trying to apply to kubernetes.
Instead it should be using the same Subject structure to the one used by KubeFlowSchemaV1Beta3.
Here is an example of proper resource with subjects:

apiVersion: flowcontrol.apiserver.k8s.io/v1
kind: FlowSchema
metadata:
  name: health-for-strangers
spec:
  matchingPrecedence: 1000
  priorityLevelConfiguration:
    name: exempt
  rules:
    - nonResourceRules:
      - nonResourceURLs:
          - "/healthz"
          - "/livez"
          - "/readyz"
        verbs:
          - "*"
      subjects:
        - kind: Group
          group:
            name: "system:unauthenticated"

Notice that the name and namespace fields, are hierarchical to group, user and serviceAccount and are not flat as mentioned in the structure of the Subject interface.
Alternatively to replacing the Subject structure, is to make sure the proper structure of the resource is generated when calling the toJson method - unlike passing the value as is which is what the code is doing.

Reproduction Steps:

Create a flowSchema like the bellow:

    const flowSchemasChart = new cdk8s.Chart(new cdk8s.App(), 'ManifestBuilder');
    const leaderElection = new kplus.k8s.KubeFlowSchema(flowSchemasChart, 'LeaderElection', {
      metadata: {
        name: 'karpenter-leader-election',
      },
      spec: {
        distinguisherMethod: {
          type: 'ByUser',
        },
        matchingPrecedence: 200,
        priorityLevelConfiguration: {
          name: 'leader-election',
        },
        rules: [
          {
            resourceRules: [
              {
                apiGroups: ['coordination.k8s.io'],
                namespaces: ['*'],
                resources: ['leases'],
                verbs: ['get', 'create', 'update'],
              },
            ],
            subjects: [
              {
                kind: 'ServiceAccount',
                name: 'karpenter',
                namespace: Karpenter.NAMESPACE,
              },
            ],
          },
        ],
      },
    });
    const flowSchemas = new KubernetesManifest(this, 'FlowSchemas', {
      cluster: props.cluster.cluster,
      manifest: flowSchemasChart.toJson(),
    });

The output structure of json for the above flowChart resource will fail to get applied, kubernetes will complain about the incorrect subject layout.

Error Log:

Error from server (BadRequest): error when creating "/tmp/manifest.yaml": FlowSchema in version "v1" cannot be handled as a FlowSchema: strict decoding error: unknown field "spec.rules[0].subjects[0].name", unknown field "spec.rules[0].subjects[0].namespace"\nError from server (BadRequest): error when creating "/tmp/manifest.yaml": FlowSchema in version "v1" cannot be handled as a FlowSchema: strict decoding error: unknown field "spec.rules[0].subjects[0].name", unknown field "spec.rules[0].subjects[0].namespace"

Environment:

• Framework Version: 29, 30 and 31
• OS: Linux

Other:

I suggest to properly structure the json objects to be compliant with FlowSchema V1 by restructuring the subjects layout properly where the name and namespace becomes child of serviceAccount, user and group.
The alternative is to fallback tot he approach taken by the V1Beta3 resource which structures the props correctly, so no manipulation or restructuring is required when converting to json.

---

This is 🐛 Bug Report