From fe841552340b41f943b41c851b8bb86937dc9a87 Mon Sep 17 00:00:00 2001 From: Yi Tao Date: Wed, 18 Sep 2024 16:59:49 +0800 Subject: [PATCH 1/3] add namespace in KonnectNamespacedRef --- api/configuration/v1alpha1/konnect_controlplaneref_types.go | 5 +++-- .../bases/configuration.konghq.com_kongcacertificates.yaml | 4 ++++ .../bases/configuration.konghq.com_kongconsumergroups.yaml | 4 ++++ config/crd/bases/configuration.konghq.com_kongconsumers.yaml | 4 ++++ .../bases/configuration.konghq.com_kongpluginbindings.yaml | 4 ++++ config/crd/bases/configuration.konghq.com_kongservices.yaml | 4 ++++ config/crd/bases/configuration.konghq.com_kongupstreams.yaml | 4 ++++ config/crd/bases/configuration.konghq.com_kongvaults.yaml | 4 ++++ docs/api-reference.md | 1 + 9 files changed, 32 insertions(+), 2 deletions(-) diff --git a/api/configuration/v1alpha1/konnect_controlplaneref_types.go b/api/configuration/v1alpha1/konnect_controlplaneref_types.go index a593b0a..92203c2 100644 --- a/api/configuration/v1alpha1/konnect_controlplaneref_types.go +++ b/api/configuration/v1alpha1/konnect_controlplaneref_types.go @@ -39,6 +39,7 @@ type KonnectNamespacedRef struct { // +kubebuilder:validation:Required Name string `json:"name"` - // TODO: Implement cross namespace references: - // https://github.com/Kong/kubernetes-configuration/issues/36 + // Namespace is the namespace where the Konnect Control Plane is in. + // +optional + Namespace string `json:"namespace,omitempty"` } diff --git a/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml b/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml index 336d1f2..1dba78d 100644 --- a/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml +++ b/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml @@ -67,6 +67,10 @@ spec: name: description: Name is the name of the Konnect Control Plane. type: string + namespace: + description: Namespace is the namespace where the Konnect + Control Plane is in. + type: string required: - name type: object diff --git a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml index 562ef45..325894a 100644 --- a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml +++ b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml @@ -68,6 +68,10 @@ spec: name: description: Name is the name of the Konnect Control Plane. type: string + namespace: + description: Namespace is the namespace where the Konnect + Control Plane is in. + type: string required: - name type: object diff --git a/config/crd/bases/configuration.konghq.com_kongconsumers.yaml b/config/crd/bases/configuration.konghq.com_kongconsumers.yaml index 96205f3..d82b846 100644 --- a/config/crd/bases/configuration.konghq.com_kongconsumers.yaml +++ b/config/crd/bases/configuration.konghq.com_kongconsumers.yaml @@ -93,6 +93,10 @@ spec: name: description: Name is the name of the Konnect Control Plane. type: string + namespace: + description: Namespace is the namespace where the Konnect + Control Plane is in. + type: string required: - name type: object diff --git a/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml b/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml index fba1059..180c096 100644 --- a/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml +++ b/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml @@ -71,6 +71,10 @@ spec: name: description: Name is the name of the Konnect Control Plane. type: string + namespace: + description: Namespace is the namespace where the Konnect + Control Plane is in. + type: string required: - name type: object diff --git a/config/crd/bases/configuration.konghq.com_kongservices.yaml b/config/crd/bases/configuration.konghq.com_kongservices.yaml index 495033e..fe9647d 100644 --- a/config/crd/bases/configuration.konghq.com_kongservices.yaml +++ b/config/crd/bases/configuration.konghq.com_kongservices.yaml @@ -76,6 +76,10 @@ spec: name: description: Name is the name of the Konnect Control Plane. type: string + namespace: + description: Namespace is the namespace where the Konnect + Control Plane is in. + type: string required: - name type: object diff --git a/config/crd/bases/configuration.konghq.com_kongupstreams.yaml b/config/crd/bases/configuration.konghq.com_kongupstreams.yaml index 6451161..164ecd7 100644 --- a/config/crd/bases/configuration.konghq.com_kongupstreams.yaml +++ b/config/crd/bases/configuration.konghq.com_kongupstreams.yaml @@ -73,6 +73,10 @@ spec: name: description: Name is the name of the Konnect Control Plane. type: string + namespace: + description: Namespace is the namespace where the Konnect + Control Plane is in. + type: string required: - name type: object diff --git a/config/crd/bases/configuration.konghq.com_kongvaults.yaml b/config/crd/bases/configuration.konghq.com_kongvaults.yaml index 24914bd..0bde5ac 100644 --- a/config/crd/bases/configuration.konghq.com_kongvaults.yaml +++ b/config/crd/bases/configuration.konghq.com_kongvaults.yaml @@ -96,6 +96,10 @@ spec: name: description: Name is the name of the Konnect Control Plane. type: string + namespace: + description: Namespace is the namespace where the Konnect + Control Plane is in. + type: string required: - name type: object diff --git a/docs/api-reference.md b/docs/api-reference.md index 78049b9..d349cd3 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -1019,6 +1019,7 @@ KonnectNamespacedRef is the schema for the KonnectNamespacedRef type. | Field | Description | | --- | --- | | `name` _string_ | Name is the name of the Konnect Control Plane. | +| `namespace` _string_ | Namespace is the namespace where the Konnect Control Plane is in. | _Appears in:_ From c9599b95c29083ad2e1d3e2df8f3e57d59ac549b Mon Sep 17 00:00:00 2001 From: Yi Tao Date: Thu, 19 Sep 2024 11:33:12 +0800 Subject: [PATCH 2/3] add valdation rules to disable konnectNamespacedRef.namespace in namespaced resources --- api/configuration/v1/kongconsumer_types.go | 2 ++ .../v1alpha1/kong_ca_certificate.go | 1 + .../v1alpha1/kongservice_types.go | 1 + .../v1alpha1/kongupstream_types.go | 1 + .../v1alpha1/konnect_controlplaneref_types.go | 3 ++ .../v1beta1/kongconsumergroup_types.go | 1 + ...uration.konghq.com_kongcacertificates.yaml | 8 +++-- ...uration.konghq.com_kongconsumergroups.yaml | 8 +++-- ...onfiguration.konghq.com_kongconsumers.yaml | 8 +++-- ...uration.konghq.com_kongpluginbindings.yaml | 6 ++-- ...configuration.konghq.com_kongservices.yaml | 8 +++-- ...onfiguration.konghq.com_kongupstreams.yaml | 8 +++-- .../configuration.konghq.com_kongvaults.yaml | 6 ++-- docs/api-reference.md | 2 +- .../kongconsumer/testcases/common.go | 1 + .../kongconsumer/testcases/controlplaneref.go | 31 +++++++++++++++++++ .../kongconsumergroup/testcases/common.go | 1 + .../testcases/controlplaneref.go | 30 ++++++++++++++++++ .../kongservice/testcases/controlplaneref.go | 19 ++++++++++++ .../kongupstream/testcases/controlplaneref.go | 17 ++++++++++ 20 files changed, 147 insertions(+), 15 deletions(-) create mode 100644 test/crdsvalidation/kongconsumer/testcases/controlplaneref.go create mode 100644 test/crdsvalidation/kongconsumergroup/testcases/controlplaneref.go diff --git a/api/configuration/v1/kongconsumer_types.go b/api/configuration/v1/kongconsumer_types.go index 3e1f8fe..73794bf 100644 --- a/api/configuration/v1/kongconsumer_types.go +++ b/api/configuration/v1/kongconsumer_types.go @@ -34,6 +34,8 @@ import ( // +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status` // +kubebuilder:validation:XValidation:rule="has(self.username) || has(self.custom_id)", message="Need to provide either username or custom_id" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set" +// REVIEW: allow same namespace? +// +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)", message="spec.controlPlaneRef cannot specify namespace for namespaced resource" // +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed" // KongConsumer is the Schema for the kongconsumers API. diff --git a/api/configuration/v1alpha1/kong_ca_certificate.go b/api/configuration/v1alpha1/kong_ca_certificate.go index 938faab..33e967d 100644 --- a/api/configuration/v1alpha1/kong_ca_certificate.go +++ b/api/configuration/v1alpha1/kong_ca_certificate.go @@ -15,6 +15,7 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status` // +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set" +// +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)", message="spec.controlPlaneRef cannot specify namespace for namespaced resource" // +kubebuilder:validation:XValidation:rule="(!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed" type KongCACertificate struct { metav1.TypeMeta `json:",inline"` diff --git a/api/configuration/v1alpha1/kongservice_types.go b/api/configuration/v1alpha1/kongservice_types.go index 8611e79..59471f2 100644 --- a/api/configuration/v1alpha1/kongservice_types.go +++ b/api/configuration/v1alpha1/kongservice_types.go @@ -35,6 +35,7 @@ import ( // +kubebuilder:printcolumn:name="Protocol",type=string,JSONPath=`.spec.procol`,description="Protocol of the service" // +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status` // +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set" +// +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)", message="spec.controlPlaneRef cannot specify namespace for namespaced resource" // +kubebuilder:validation:XValidation:rule="(!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed" type KongService struct { metav1.TypeMeta `json:",inline"` diff --git a/api/configuration/v1alpha1/kongupstream_types.go b/api/configuration/v1alpha1/kongupstream_types.go index 061f21e..db09101 100644 --- a/api/configuration/v1alpha1/kongupstream_types.go +++ b/api/configuration/v1alpha1/kongupstream_types.go @@ -33,6 +33,7 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status` // +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set" +// +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)", message="spec.controlPlaneRef cannot specify namespace for namespaced resource" // +kubebuilder:validation:XValidation:rule="(!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed" type KongUpstream struct { metav1.TypeMeta `json:",inline"` diff --git a/api/configuration/v1alpha1/konnect_controlplaneref_types.go b/api/configuration/v1alpha1/konnect_controlplaneref_types.go index 92203c2..8fac7f3 100644 --- a/api/configuration/v1alpha1/konnect_controlplaneref_types.go +++ b/api/configuration/v1alpha1/konnect_controlplaneref_types.go @@ -39,6 +39,9 @@ type KonnectNamespacedRef struct { // +kubebuilder:validation:Required Name string `json:"name"` + // TODO: Implement cross namespace references: + // https://github.com/Kong/kubernetes-configuration/issues/36 + // Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. // Namespace is the namespace where the Konnect Control Plane is in. // +optional Namespace string `json:"namespace,omitempty"` diff --git a/api/configuration/v1beta1/kongconsumergroup_types.go b/api/configuration/v1beta1/kongconsumergroup_types.go index 83fa98b..968e79d 100644 --- a/api/configuration/v1beta1/kongconsumergroup_types.go +++ b/api/configuration/v1beta1/kongconsumergroup_types.go @@ -32,6 +32,7 @@ import ( // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age" // +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status` // +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set" +// +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)", message="spec.controlPlaneRef cannot specify namespace for namespaced resource" // +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed" // KongConsumerGroup is the Schema for the kongconsumergroups API. diff --git a/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml b/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml index 1dba78d..64f08c2 100644 --- a/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml +++ b/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml @@ -68,8 +68,10 @@ spec: description: Name is the name of the Konnect Control Plane. type: string namespace: - description: Namespace is the namespace where the Konnect - Control Plane is in. + description: |- + https://github.com/Kong/kubernetes-configuration/issues/36 + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + Namespace is the namespace where the Konnect Control Plane is in. type: string required: - name @@ -198,6 +200,8 @@ spec: x-kubernetes-validations: - message: controlPlaneRef is required once set rule: '!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)' + - message: spec.controlPlaneRef cannot specify namespace for namespaced resource + rule: '!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)' - message: spec.controlPlaneRef is immutable when an entity is already Programmed rule: '(!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status == ''True'')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef' diff --git a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml index 325894a..df48f53 100644 --- a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml +++ b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml @@ -69,8 +69,10 @@ spec: description: Name is the name of the Konnect Control Plane. type: string namespace: - description: Namespace is the namespace where the Konnect - Control Plane is in. + description: |- + https://github.com/Kong/kubernetes-configuration/issues/36 + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + Namespace is the namespace where the Konnect Control Plane is in. type: string required: - name @@ -199,6 +201,8 @@ spec: x-kubernetes-validations: - message: controlPlaneRef is required once set rule: '!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)' + - message: spec.controlPlaneRef cannot specify namespace for namespaced resource + rule: '!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)' - message: spec.controlPlaneRef is immutable when an entity is already Programmed rule: '(!has(self.status) || !self.status.conditions.exists(c, c.type == ''Programmed'' && c.status == ''True'')) ? true : oldSelf.spec.controlPlaneRef diff --git a/config/crd/bases/configuration.konghq.com_kongconsumers.yaml b/config/crd/bases/configuration.konghq.com_kongconsumers.yaml index d82b846..65fd33e 100644 --- a/config/crd/bases/configuration.konghq.com_kongconsumers.yaml +++ b/config/crd/bases/configuration.konghq.com_kongconsumers.yaml @@ -94,8 +94,10 @@ spec: description: Name is the name of the Konnect Control Plane. type: string namespace: - description: Namespace is the namespace where the Konnect - Control Plane is in. + description: |- + https://github.com/Kong/kubernetes-configuration/issues/36 + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + Namespace is the namespace where the Konnect Control Plane is in. type: string required: - name @@ -226,6 +228,8 @@ spec: rule: has(self.username) || has(self.custom_id) - message: controlPlaneRef is required once set rule: '!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)' + - message: spec.controlPlaneRef cannot specify namespace for namespaced resource + rule: '!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)' - message: spec.controlPlaneRef is immutable when an entity is already Programmed rule: '(!has(self.status) || !self.status.conditions.exists(c, c.type == ''Programmed'' && c.status == ''True'')) ? true : oldSelf.spec.controlPlaneRef diff --git a/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml b/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml index 180c096..703cef9 100644 --- a/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml +++ b/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml @@ -72,8 +72,10 @@ spec: description: Name is the name of the Konnect Control Plane. type: string namespace: - description: Namespace is the namespace where the Konnect - Control Plane is in. + description: |- + https://github.com/Kong/kubernetes-configuration/issues/36 + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + Namespace is the namespace where the Konnect Control Plane is in. type: string required: - name diff --git a/config/crd/bases/configuration.konghq.com_kongservices.yaml b/config/crd/bases/configuration.konghq.com_kongservices.yaml index fe9647d..5abde12 100644 --- a/config/crd/bases/configuration.konghq.com_kongservices.yaml +++ b/config/crd/bases/configuration.konghq.com_kongservices.yaml @@ -77,8 +77,10 @@ spec: description: Name is the name of the Konnect Control Plane. type: string namespace: - description: Namespace is the namespace where the Konnect - Control Plane is in. + description: |- + https://github.com/Kong/kubernetes-configuration/issues/36 + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + Namespace is the namespace where the Konnect Control Plane is in. type: string required: - name @@ -259,6 +261,8 @@ spec: x-kubernetes-validations: - message: controlPlaneRef is required once set rule: '!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)' + - message: spec.controlPlaneRef cannot specify namespace for namespaced resource + rule: '!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)' - message: spec.controlPlaneRef is immutable when an entity is already Programmed rule: '(!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status == ''True'')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef' diff --git a/config/crd/bases/configuration.konghq.com_kongupstreams.yaml b/config/crd/bases/configuration.konghq.com_kongupstreams.yaml index 164ecd7..1dda154 100644 --- a/config/crd/bases/configuration.konghq.com_kongupstreams.yaml +++ b/config/crd/bases/configuration.konghq.com_kongupstreams.yaml @@ -74,8 +74,10 @@ spec: description: Name is the name of the Konnect Control Plane. type: string namespace: - description: Namespace is the namespace where the Konnect - Control Plane is in. + description: |- + https://github.com/Kong/kubernetes-configuration/issues/36 + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + Namespace is the namespace where the Konnect Control Plane is in. type: string required: - name @@ -415,6 +417,8 @@ spec: x-kubernetes-validations: - message: controlPlaneRef is required once set rule: '!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)' + - message: spec.controlPlaneRef cannot specify namespace for namespaced resource + rule: '!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)' - message: spec.controlPlaneRef is immutable when an entity is already Programmed rule: '(!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status == ''True'')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef' diff --git a/config/crd/bases/configuration.konghq.com_kongvaults.yaml b/config/crd/bases/configuration.konghq.com_kongvaults.yaml index 0bde5ac..5047049 100644 --- a/config/crd/bases/configuration.konghq.com_kongvaults.yaml +++ b/config/crd/bases/configuration.konghq.com_kongvaults.yaml @@ -97,8 +97,10 @@ spec: description: Name is the name of the Konnect Control Plane. type: string namespace: - description: Namespace is the namespace where the Konnect - Control Plane is in. + description: |- + https://github.com/Kong/kubernetes-configuration/issues/36 + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + Namespace is the namespace where the Konnect Control Plane is in. type: string required: - name diff --git a/docs/api-reference.md b/docs/api-reference.md index d349cd3..13c7359 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -1019,7 +1019,7 @@ KonnectNamespacedRef is the schema for the KonnectNamespacedRef type. | Field | Description | | --- | --- | | `name` _string_ | Name is the name of the Konnect Control Plane. | -| `namespace` _string_ | Namespace is the namespace where the Konnect Control Plane is in. | +| `namespace` _string_ | TODO: Implement cross namespace references: https://github.com/Kong/kubernetes-configuration/issues/36 Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. | _Appears in:_ diff --git a/test/crdsvalidation/kongconsumer/testcases/common.go b/test/crdsvalidation/kongconsumer/testcases/common.go index bee516d..b4f5bcb 100644 --- a/test/crdsvalidation/kongconsumer/testcases/common.go +++ b/test/crdsvalidation/kongconsumer/testcases/common.go @@ -28,6 +28,7 @@ var TestCases = []testCasesGroup{} func init() { TestCases = append(TestCases, + controlPlaneRef, requiredFields, updatesNotAllowedForStatus, ) diff --git a/test/crdsvalidation/kongconsumer/testcases/controlplaneref.go b/test/crdsvalidation/kongconsumer/testcases/controlplaneref.go new file mode 100644 index 0000000..ce1a475 --- /dev/null +++ b/test/crdsvalidation/kongconsumer/testcases/controlplaneref.go @@ -0,0 +1,31 @@ +package testcases + +import ( + "github.com/samber/lo" + + configurationv1 "github.com/kong/kubernetes-configuration/api/configuration/v1" + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +var controlPlaneRef = testCasesGroup{ + Name: "fields of controlPlaneRef", + TestCases: []testCase{ + { + Name: "cpRef cannot have namespace", + KongConsumer: configurationv1.KongConsumer{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1.KongConsumerSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + Namespace: "another-namespace", + }, + }, + }, + Username: "username-1", + }, + ExpectedErrorMessage: lo.ToPtr("spec.controlPlaneRef cannot specify namespace for namespaced resource"), + }, + }, +} diff --git a/test/crdsvalidation/kongconsumergroup/testcases/common.go b/test/crdsvalidation/kongconsumergroup/testcases/common.go index 28bf091..b1747ee 100644 --- a/test/crdsvalidation/kongconsumergroup/testcases/common.go +++ b/test/crdsvalidation/kongconsumergroup/testcases/common.go @@ -29,6 +29,7 @@ var TestCases = []testCasesGroup{} func init() { TestCases = append(TestCases, fields, + controlPlaneRef, updatesNotAllowedForStatus, ) } diff --git a/test/crdsvalidation/kongconsumergroup/testcases/controlplaneref.go b/test/crdsvalidation/kongconsumergroup/testcases/controlplaneref.go new file mode 100644 index 0000000..be5f3a4 --- /dev/null +++ b/test/crdsvalidation/kongconsumergroup/testcases/controlplaneref.go @@ -0,0 +1,30 @@ +package testcases + +import ( + "github.com/samber/lo" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" + configurationv1beta1 "github.com/kong/kubernetes-configuration/api/configuration/v1beta1" +) + +var controlPlaneRef = testCasesGroup{ + Name: "fields of controlPlaneRef", + TestCases: []testCase{ + { + Name: "cpRef cannot have namespace", + KongConsumerGroup: configurationv1beta1.KongConsumerGroup{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1beta1.KongConsumerGroupSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + Namespace: "another-namespace", + }, + }, + }, + }, + ExpectedErrorMessage: lo.ToPtr("spec.controlPlaneRef cannot specify namespace for namespaced resource"), + }, + }, +} diff --git a/test/crdsvalidation/kongservice/testcases/controlplaneref.go b/test/crdsvalidation/kongservice/testcases/controlplaneref.go index e42fc40..06cb09c 100644 --- a/test/crdsvalidation/kongservice/testcases/controlplaneref.go +++ b/test/crdsvalidation/kongservice/testcases/controlplaneref.go @@ -57,6 +57,25 @@ var cpRef = testCasesGroup{ }, ExpectedErrorMessage: lo.ToPtr("when type is konnectID, konnectID must be set"), }, + { + Name: "providing namespace in konnectNamespacedRef yields an error", + KongService: configurationv1alpha1.KongService{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongServiceSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + Namespace: "another-namespace", + }, + }, + KongServiceAPISpec: configurationv1alpha1.KongServiceAPISpec{ + Host: "example.com", + }, + }, + }, + ExpectedErrorMessage: lo.ToPtr("spec.controlPlaneRef cannot specify namespace for namespaced resource"), + }, { Name: "konnectNamespacedRef reference name cannot be changed when an entity is Programmed", KongService: configurationv1alpha1.KongService{ diff --git a/test/crdsvalidation/kongupstream/testcases/controlplaneref.go b/test/crdsvalidation/kongupstream/testcases/controlplaneref.go index ee214cb..a2ffe8f 100644 --- a/test/crdsvalidation/kongupstream/testcases/controlplaneref.go +++ b/test/crdsvalidation/kongupstream/testcases/controlplaneref.go @@ -51,6 +51,23 @@ var cpRef = testCasesGroup{ }, ExpectedErrorMessage: lo.ToPtr("when type is konnectID, konnectID must be set"), }, + { + Name: "providing namespace in konnectNamespacedRef yields an error", + KongUpstream: configurationv1alpha1.KongUpstream{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongUpstreamSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + Namespace: "another-namespace", + }, + }, + KongUpstreamAPISpec: configurationv1alpha1.KongUpstreamAPISpec{}, + }, + }, + ExpectedErrorMessage: lo.ToPtr("spec.controlPlaneRef cannot specify namespace for namespaced resource"), + }, { Name: "konnectNamespacedRef reference name cannot be changed when an entity is Programmed", KongUpstream: configurationv1alpha1.KongUpstream{ From fc27b30313afa6d52d9f416f86db723572311994 Mon Sep 17 00:00:00 2001 From: Yi Tao Date: Thu, 19 Sep 2024 16:26:14 +0800 Subject: [PATCH 3/3] update comments --- api/configuration/v1/kongconsumer_types.go | 1 - api/configuration/v1alpha1/konnect_controlplaneref_types.go | 4 +++- .../bases/configuration.konghq.com_kongcacertificates.yaml | 3 +-- .../bases/configuration.konghq.com_kongconsumergroups.yaml | 3 +-- config/crd/bases/configuration.konghq.com_kongconsumers.yaml | 3 +-- .../bases/configuration.konghq.com_kongpluginbindings.yaml | 3 +-- config/crd/bases/configuration.konghq.com_kongservices.yaml | 3 +-- config/crd/bases/configuration.konghq.com_kongupstreams.yaml | 3 +-- config/crd/bases/configuration.konghq.com_kongvaults.yaml | 3 +-- docs/api-reference.md | 2 +- 10 files changed, 11 insertions(+), 17 deletions(-) diff --git a/api/configuration/v1/kongconsumer_types.go b/api/configuration/v1/kongconsumer_types.go index 73794bf..3f238c9 100644 --- a/api/configuration/v1/kongconsumer_types.go +++ b/api/configuration/v1/kongconsumer_types.go @@ -34,7 +34,6 @@ import ( // +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status` // +kubebuilder:validation:XValidation:rule="has(self.username) || has(self.custom_id)", message="Need to provide either username or custom_id" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set" -// REVIEW: allow same namespace? // +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)", message="spec.controlPlaneRef cannot specify namespace for namespaced resource" // +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed" diff --git a/api/configuration/v1alpha1/konnect_controlplaneref_types.go b/api/configuration/v1alpha1/konnect_controlplaneref_types.go index 8fac7f3..2e4086b 100644 --- a/api/configuration/v1alpha1/konnect_controlplaneref_types.go +++ b/api/configuration/v1alpha1/konnect_controlplaneref_types.go @@ -41,8 +41,10 @@ type KonnectNamespacedRef struct { // TODO: Implement cross namespace references: // https://github.com/Kong/kubernetes-configuration/issues/36 - // Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + // Namespace is the namespace where the Konnect Control Plane is in. + // Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + // // +optional Namespace string `json:"namespace,omitempty"` } diff --git a/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml b/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml index 64f08c2..358119c 100644 --- a/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml +++ b/config/crd/bases/configuration.konghq.com_kongcacertificates.yaml @@ -69,9 +69,8 @@ spec: type: string namespace: description: |- - https://github.com/Kong/kubernetes-configuration/issues/36 - Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. type: string required: - name diff --git a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml index df48f53..f1f697b 100644 --- a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml +++ b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml @@ -70,9 +70,8 @@ spec: type: string namespace: description: |- - https://github.com/Kong/kubernetes-configuration/issues/36 - Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. type: string required: - name diff --git a/config/crd/bases/configuration.konghq.com_kongconsumers.yaml b/config/crd/bases/configuration.konghq.com_kongconsumers.yaml index 65fd33e..9e98665 100644 --- a/config/crd/bases/configuration.konghq.com_kongconsumers.yaml +++ b/config/crd/bases/configuration.konghq.com_kongconsumers.yaml @@ -95,9 +95,8 @@ spec: type: string namespace: description: |- - https://github.com/Kong/kubernetes-configuration/issues/36 - Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. type: string required: - name diff --git a/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml b/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml index 703cef9..08ec523 100644 --- a/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml +++ b/config/crd/bases/configuration.konghq.com_kongpluginbindings.yaml @@ -73,9 +73,8 @@ spec: type: string namespace: description: |- - https://github.com/Kong/kubernetes-configuration/issues/36 - Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. type: string required: - name diff --git a/config/crd/bases/configuration.konghq.com_kongservices.yaml b/config/crd/bases/configuration.konghq.com_kongservices.yaml index 5abde12..39fa971 100644 --- a/config/crd/bases/configuration.konghq.com_kongservices.yaml +++ b/config/crd/bases/configuration.konghq.com_kongservices.yaml @@ -78,9 +78,8 @@ spec: type: string namespace: description: |- - https://github.com/Kong/kubernetes-configuration/issues/36 - Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. type: string required: - name diff --git a/config/crd/bases/configuration.konghq.com_kongupstreams.yaml b/config/crd/bases/configuration.konghq.com_kongupstreams.yaml index 1dda154..8e7607f 100644 --- a/config/crd/bases/configuration.konghq.com_kongupstreams.yaml +++ b/config/crd/bases/configuration.konghq.com_kongupstreams.yaml @@ -75,9 +75,8 @@ spec: type: string namespace: description: |- - https://github.com/Kong/kubernetes-configuration/issues/36 - Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. type: string required: - name diff --git a/config/crd/bases/configuration.konghq.com_kongvaults.yaml b/config/crd/bases/configuration.konghq.com_kongvaults.yaml index 5047049..ebce8df 100644 --- a/config/crd/bases/configuration.konghq.com_kongvaults.yaml +++ b/config/crd/bases/configuration.konghq.com_kongvaults.yaml @@ -98,9 +98,8 @@ spec: type: string namespace: description: |- - https://github.com/Kong/kubernetes-configuration/issues/36 - Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. type: string required: - name diff --git a/docs/api-reference.md b/docs/api-reference.md index 13c7359..268f25e 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -1019,7 +1019,7 @@ KonnectNamespacedRef is the schema for the KonnectNamespacedRef type. | Field | Description | | --- | --- | | `name` _string_ | Name is the name of the Konnect Control Plane. | -| `namespace` _string_ | TODO: Implement cross namespace references: https://github.com/Kong/kubernetes-configuration/issues/36 Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. Namespace is the namespace where the Konnect Control Plane is in. | +| `namespace` _string_ | Namespace is the namespace where the Konnect Control Plane is in. Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. | _Appears in:_