Skip to content

Commit 415d370

Browse files
randmonkeyrandmonkey
committed
add CEL validation rules for adopt options in KonnectGatewayControlPlane
1 parent 72b9f1c commit 415d370

File tree

4 files changed

+169
-9
lines changed

4 files changed

+169
-9
lines changed

api/konnect/v1alpha1/konnect_gateway_controlplane_types.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@ func init() {
2323
// +kubebuilder:printcolumn:name="OrgID",description="Konnect Organization ID this resource belongs to.",type=string,JSONPath=`.status.organizationID`
2424
// +kubebuilder:validation:XValidation:message="spec.konnect.authRef is immutable when an entity is already Programmed", rule="!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef"
2525
// +kubebuilder:validation:XValidation:message="spec.konnect.authRef is immutable when an entity refers to a Valid API Auth Configuration", rule="!self.status.conditions.exists(c, c.type == 'APIAuthValid' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef"
26+
// +kubebuilder:validation:XValidation:message="Cannot add spec.adopt when an entitiy is already Programmed", rule="!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True') ? true : (!has(self.spec.adopt) || has(oldSelf.spec.adopt))"
27+
// +kubebuilder:validation:XValidation:message="spec.adopt is immutable when an entitiy is already Programmed", rule="!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True') ? true : ((!has(self.spec.adopt) || !has(oldSelf.spec.adopt)) ? true : self.spec.adopt == oldSelf.spec.adopt)"
2628
// +apireference:kgo:include
2729
// +kong:channels=gateway-operator
2830
type KonnectGatewayControlPlane struct {

config/crd/gateway-operator/konnect.konghq.com_konnectgatewaycontrolplanes.yaml

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

test/crdsvalidation/kongservice_test.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ func TestKongService(t *testing.T) {
4444
},
4545
KonnectOptions: &konnectv1alpha1.KonnectEntityOptions{
4646
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
47-
ID: "abcddcba-0000-1111-9999-fdecba9876543210",
47+
ID: "abcddcba-0000-1111-9999-0123456789ab",
4848
},
4949
},
5050
KongServiceAPISpec: configurationv1alpha1.KongServiceAPISpec{
@@ -55,7 +55,7 @@ func TestKongService(t *testing.T) {
5555
Update: func(ks *configurationv1alpha1.KongService) {
5656
ks.Spec.KonnectOptions = &konnectv1alpha1.KonnectEntityOptions{
5757
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
58-
ID: "abcddcba-0000-1111-9999-fdecba9876543211",
58+
ID: "abcddcba-0000-1111-9999-0123456789ac",
5959
},
6060
}
6161
},
@@ -73,7 +73,7 @@ func TestKongService(t *testing.T) {
7373
},
7474
KonnectOptions: &konnectv1alpha1.KonnectEntityOptions{
7575
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
76-
ID: "abcddcba-0000-1111-9999-fdecba9876543210",
76+
ID: "abcddcba-0000-1111-9999-0123456789ab",
7777
},
7878
},
7979
KongServiceAPISpec: configurationv1alpha1.KongServiceAPISpec{
@@ -83,7 +83,7 @@ func TestKongService(t *testing.T) {
8383
Status: configurationv1alpha1.KongServiceStatus{
8484
Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef{
8585
KonnectEntityStatus: konnectv1alpha1.KonnectEntityStatus{
86-
ID: "abcddcba-0000-1111-9999-fdecba9876543210",
86+
ID: "abcddcba-0000-1111-9999-0123456789ac",
8787
},
8888
ControlPlaneID: "cp-1",
8989
},
@@ -100,7 +100,7 @@ func TestKongService(t *testing.T) {
100100
Update: func(ks *configurationv1alpha1.KongService) {
101101
ks.Spec.KonnectOptions = &konnectv1alpha1.KonnectEntityOptions{
102102
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
103-
ID: "abcddcba-0000-1111-9999-fdecba9876543211",
103+
ID: "abcddcba-0000-1111-9999-fd9876543211",
104104
},
105105
}
106106
},
@@ -124,7 +124,7 @@ func TestKongService(t *testing.T) {
124124
Status: configurationv1alpha1.KongServiceStatus{
125125
Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef{
126126
KonnectEntityStatus: konnectv1alpha1.KonnectEntityStatus{
127-
ID: "abcddcba-0000-1111-9999-fdecba9876543210",
127+
ID: "abcddcba-0000-1111-9999-fdecba987654",
128128
},
129129
ControlPlaneID: "cp-1",
130130
},
@@ -141,7 +141,7 @@ func TestKongService(t *testing.T) {
141141
Update: func(ks *configurationv1alpha1.KongService) {
142142
ks.Spec.KonnectOptions = &konnectv1alpha1.KonnectEntityOptions{
143143
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
144-
ID: "abcddcba-0000-1111-9999-fdecba9876543211",
144+
ID: "abcddcba-0000-1111-9999-1234567890ab",
145145
},
146146
}
147147
},
@@ -160,7 +160,7 @@ func TestKongService(t *testing.T) {
160160
},
161161
KonnectOptions: &konnectv1alpha1.KonnectEntityOptions{
162162
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
163-
ID: "abcddcba-0000-1111-9999-fdecba9876543210",
163+
ID: "abcddcba-0000-1111-9999-0123456789ab",
164164
},
165165
},
166166
KongServiceAPISpec: configurationv1alpha1.KongServiceAPISpec{
@@ -170,7 +170,7 @@ func TestKongService(t *testing.T) {
170170
Status: configurationv1alpha1.KongServiceStatus{
171171
Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef{
172172
KonnectEntityStatus: konnectv1alpha1.KonnectEntityStatus{
173-
ID: "abcddcba-0000-1111-9999-fdecba9876543210",
173+
ID: "abcddcba-0000-1111-9999-fdecba987654",
174174
},
175175
ControlPlaneID: "cp-1",
176176
},

test/crdsvalidation/konnectgatewaycontrolplane_test.go

Lines changed: 151 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -685,4 +685,155 @@ func TestKonnectGatewayControlPlane(t *testing.T) {
685685
},
686686
}.Run(t)
687687
})
688+
689+
t.Run("constraint on adopt options", func(t *testing.T) {
690+
crdsvalidation.TestCasesGroup[*konnectv1alpha1.KonnectGatewayControlPlane]{
691+
{
692+
Name: "Can update adopt options before programmed",
693+
TestObject: &konnectv1alpha1.KonnectGatewayControlPlane{
694+
ObjectMeta: commonObjectMeta,
695+
Spec: konnectv1alpha1.KonnectGatewayControlPlaneSpec{
696+
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
697+
ID: "abcddcba-1234-5678-abcd-0123456789ab",
698+
},
699+
CreateControlPlaneRequest: sdkkonnectcomp.CreateControlPlaneRequest{
700+
Name: "cp-1",
701+
ClusterType: sdkkonnectcomp.CreateControlPlaneRequestClusterTypeClusterTypeControlPlane.ToPointer(),
702+
},
703+
KonnectConfiguration: konnectv1alpha1.KonnectConfiguration{
704+
APIAuthConfigurationRef: konnectv1alpha1.KonnectAPIAuthConfigurationRef{
705+
Name: "name-1",
706+
},
707+
},
708+
},
709+
Status: konnectv1alpha1.KonnectGatewayControlPlaneStatus{
710+
Conditions: []metav1.Condition{
711+
{
712+
Type: "Programmed",
713+
Status: metav1.ConditionUnknown,
714+
Reason: "Pending",
715+
LastTransitionTime: metav1.Now(),
716+
},
717+
},
718+
},
719+
},
720+
Update: func(kgcp *konnectv1alpha1.KonnectGatewayControlPlane) {
721+
kgcp.Spec.Adopt = &konnectv1alpha1.KonnectAdoptOptions{
722+
ID: "abcddcba-1234-5678-abcd-0123456789ac",
723+
}
724+
},
725+
},
726+
{
727+
Name: "Cannot update adopt options after programmed",
728+
TestObject: &konnectv1alpha1.KonnectGatewayControlPlane{
729+
ObjectMeta: commonObjectMeta,
730+
Spec: konnectv1alpha1.KonnectGatewayControlPlaneSpec{
731+
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
732+
ID: "abcddcba-1234-5678-abcd-0123456789ab",
733+
},
734+
CreateControlPlaneRequest: sdkkonnectcomp.CreateControlPlaneRequest{
735+
Name: "cp-1",
736+
ClusterType: sdkkonnectcomp.CreateControlPlaneRequestClusterTypeClusterTypeControlPlane.ToPointer(),
737+
},
738+
KonnectConfiguration: konnectv1alpha1.KonnectConfiguration{
739+
APIAuthConfigurationRef: konnectv1alpha1.KonnectAPIAuthConfigurationRef{
740+
Name: "name-1",
741+
},
742+
},
743+
},
744+
Status: konnectv1alpha1.KonnectGatewayControlPlaneStatus{
745+
KonnectEntityStatus: konnectv1alpha1.KonnectEntityStatus{
746+
ID: "abcddcba-1234-5678-abcd-0123456789ab",
747+
},
748+
Conditions: []metav1.Condition{
749+
{
750+
Type: "Programmed",
751+
Status: metav1.ConditionTrue,
752+
Reason: "Programmed",
753+
LastTransitionTime: metav1.Now(),
754+
},
755+
},
756+
},
757+
},
758+
Update: func(kgcp *konnectv1alpha1.KonnectGatewayControlPlane) {
759+
kgcp.Spec.Adopt = &konnectv1alpha1.KonnectAdoptOptions{
760+
ID: "abcddcba-1234-5678-abcd-0123456789ac",
761+
}
762+
},
763+
ExpectedUpdateErrorMessage: lo.ToPtr("spec.adopt is immutable when an entitiy is already Programmed"),
764+
},
765+
{
766+
Name: "Cannot add adopt options after programmed",
767+
TestObject: &konnectv1alpha1.KonnectGatewayControlPlane{
768+
ObjectMeta: commonObjectMeta,
769+
Spec: konnectv1alpha1.KonnectGatewayControlPlaneSpec{
770+
CreateControlPlaneRequest: sdkkonnectcomp.CreateControlPlaneRequest{
771+
Name: "cp-1",
772+
ClusterType: sdkkonnectcomp.CreateControlPlaneRequestClusterTypeClusterTypeControlPlane.ToPointer(),
773+
},
774+
KonnectConfiguration: konnectv1alpha1.KonnectConfiguration{
775+
APIAuthConfigurationRef: konnectv1alpha1.KonnectAPIAuthConfigurationRef{
776+
Name: "name-1",
777+
},
778+
},
779+
},
780+
Status: konnectv1alpha1.KonnectGatewayControlPlaneStatus{
781+
KonnectEntityStatus: konnectv1alpha1.KonnectEntityStatus{
782+
ID: "abcddcba-1234-5678-abcd-0123456789ab",
783+
},
784+
Conditions: []metav1.Condition{
785+
{
786+
Type: "Programmed",
787+
Status: metav1.ConditionTrue,
788+
Reason: "Programmed",
789+
LastTransitionTime: metav1.Now(),
790+
},
791+
},
792+
},
793+
},
794+
Update: func(kgcp *konnectv1alpha1.KonnectGatewayControlPlane) {
795+
kgcp.Spec.Adopt = &konnectv1alpha1.KonnectAdoptOptions{
796+
ID: "abcddcba-1234-5678-abcd-0123456789ac",
797+
}
798+
},
799+
ExpectedUpdateErrorMessage: lo.ToPtr("Cannot add spec.adopt when an entitiy is already Programmed"),
800+
},
801+
{
802+
Name: "can delete adopt options after programmed",
803+
TestObject: &konnectv1alpha1.KonnectGatewayControlPlane{
804+
ObjectMeta: commonObjectMeta,
805+
Spec: konnectv1alpha1.KonnectGatewayControlPlaneSpec{
806+
Adopt: &konnectv1alpha1.KonnectAdoptOptions{
807+
ID: "abcddcba-1234-5678-abcd-0123456789ab",
808+
},
809+
CreateControlPlaneRequest: sdkkonnectcomp.CreateControlPlaneRequest{
810+
Name: "cp-1",
811+
ClusterType: sdkkonnectcomp.CreateControlPlaneRequestClusterTypeClusterTypeControlPlane.ToPointer(),
812+
},
813+
KonnectConfiguration: konnectv1alpha1.KonnectConfiguration{
814+
APIAuthConfigurationRef: konnectv1alpha1.KonnectAPIAuthConfigurationRef{
815+
Name: "name-1",
816+
},
817+
},
818+
},
819+
Status: konnectv1alpha1.KonnectGatewayControlPlaneStatus{
820+
KonnectEntityStatus: konnectv1alpha1.KonnectEntityStatus{
821+
ID: "abcddcba-1234-5678-abcd-0123456789ab",
822+
},
823+
Conditions: []metav1.Condition{
824+
{
825+
Type: "Programmed",
826+
Status: metav1.ConditionTrue,
827+
Reason: "Programmed",
828+
LastTransitionTime: metav1.Now(),
829+
},
830+
},
831+
},
832+
},
833+
Update: func(kgcp *konnectv1alpha1.KonnectGatewayControlPlane) {
834+
kgcp.Spec.Adopt = nil
835+
},
836+
},
837+
}.Run(t)
838+
})
688839
}

0 commit comments

Comments
 (0)