Skip to content

Commit

Permalink
feat: make konnect entities spec.konnect.authRef immutable only when …
Browse files Browse the repository at this point in the history
…entity is already programmed
  • Loading branch information
pmalek committed Aug 8, 2024
1 parent 15e20a6 commit 4fbea76
Show file tree
Hide file tree
Showing 12 changed files with 33 additions and 18 deletions.
2 changes: 2 additions & 0 deletions api/configuration/v1alpha1/kongroute_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ import (
// +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status`
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.konnect.authRef) || has(self.spec.konnect.authRef)", message="Konnect Configuration's API auth ref reference is required once set"
// +kubebuilder:validation:XValidation:rule="self.spec.protocols.exists(p, p == 'http') ? (has(self.spec.hosts) || has(self.spec.methods) || has(self.spec.paths) || has(self.spec.paths) || has(self.spec.paths) || has(self.spec.headers) ) : true", message="If protocols has 'http', at least one of 'hosts', 'methods', 'paths' or 'headers' must be set"
// +kubebuilder:validation:XValidation:rule="!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef", message="spec.konnect.authRef is immutable when entity is already Programmed."
// +kubebuilder:validation:XValidation:rule="!self.status.conditions.exists(c, c.type == 'APIAuthValid' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef", message="spec.konnect.authRef is immutable when entity refers to a Valid API Auth Configuration."
type KongRoute struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Expand Down
2 changes: 2 additions & 0 deletions api/configuration/v1alpha1/kongservice_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ import (
// +kubebuilder:printcolumn:name="Protocol",type=string,JSONPath=`.spec.procol`,description="Protocol of the service"
// +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status`
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.konnect.authRef) || has(self.spec.konnect.authRef)", message="Konnect Configuration's API auth ref reference is required once set"
// +kubebuilder:validation:XValidation:rule="!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef", message="spec.konnect.authRef is immutable when entity is already Programmed."
// +kubebuilder:validation:XValidation:rule="!self.status.conditions.exists(c, c.type == 'APIAuthValid' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef", message="spec.konnect.authRef is immutable when entity refers to a Valid API Auth Configuration."
type KongService struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Expand Down
2 changes: 1 addition & 1 deletion api/konnect/v1alpha1/konnect_apiauthconfiguration_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func init() {
// +kubebuilder:object:root=true
// +kubebuilder:object:generate=true
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Valid",description="The API authentication information is valid",type=string,JSONPath=`.status.conditions[?(@.type=='Valid')].status`
// +kubebuilder:printcolumn:name="Valid",description="The API authentication information is valid",type=string,JSONPath=`.status.conditions[?(@.type=='APIAuthValid')].status`
// +kubebuilder:printcolumn:name="OrgID",description="Konnect Organization ID this API authentication configuration belongs to.",type=string,JSONPath=`.status.organizationID`
// +kubebuilder:printcolumn:name="ServerURL",description="Configured server URL.",type=string,JSONPath=`.status.serverURL`
// +kubebuilder:validation:XValidation:rule="self.spec.type != 'token' || (self.spec.token.startsWith('spat_') || self.spec.token.startsWith('kpat_'))", message="Konnect tokens have to start with spat_ or kpat_"
Expand Down
1 change: 0 additions & 1 deletion api/konnect/v1alpha1/konnect_configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ type KonnectConfiguration struct {
// that should be used for this Konnect Configuration.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="authRef is immutable"
APIAuthConfigurationRef KonnectAPIAuthConfigurationRef `json:"authRef"`

// NOTE: Place for extending the KonnectConfiguration object.
Expand Down
2 changes: 2 additions & 0 deletions api/konnect/v1alpha1/konnect_controlplane_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ func init() {
// +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status`
// +kubebuilder:printcolumn:name="ID",description="Konnect ID",type=string,JSONPath=`.status.id`
// +kubebuilder:printcolumn:name="OrgID",description="Konnect Organization ID this resource belongs to.",type=string,JSONPath=`.status.organizationID`
// +kubebuilder:validation:XValidation:rule="!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef", message="spec.konnect.authRef is immutable when entity is already Programmed."
// +kubebuilder:validation:XValidation:rule="!self.status.conditions.exists(c, c.type == 'APIAuthValid' && c.status == 'True') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef", message="spec.konnect.authRef is immutable when entity refers to a Valid API Auth Configuration."
type KonnectControlPlane struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Expand Down
3 changes: 0 additions & 3 deletions config/crd/bases/configuration.konghq.com_kongconsumers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,6 @@ spec:
required:
- name
type: object
x-kubernetes-validations:
- message: authRef is immutable
rule: self == oldSelf
required:
- authRef
type: object
Expand Down
10 changes: 7 additions & 3 deletions config/crd/bases/configuration.konghq.com_kongroutes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -130,9 +130,6 @@ spec:
required:
- name
type: object
x-kubernetes-validations:
- message: authRef is immutable
rule: self == oldSelf
required:
- authRef
type: object
Expand Down Expand Up @@ -364,6 +361,13 @@ spec:
rule: 'self.spec.protocols.exists(p, p == ''http'') ? (has(self.spec.hosts)
|| has(self.spec.methods) || has(self.spec.paths) || has(self.spec.paths)
|| has(self.spec.paths) || has(self.spec.headers) ) : true'
- message: spec.konnect.authRef is immutable when entity is already Programmed.
rule: '!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status
== ''True'') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef'
- message: spec.konnect.authRef is immutable when entity refers to a Valid
API Auth Configuration.
rule: '!self.status.conditions.exists(c, c.type == ''APIAuthValid'' && c.status
== ''True'') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef'
served: true
storage: true
subresources:
Expand Down
10 changes: 7 additions & 3 deletions config/crd/bases/configuration.konghq.com_kongservices.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -115,9 +115,6 @@ spec:
required:
- name
type: object
x-kubernetes-validations:
- message: authRef is immutable
rule: self == oldSelf
required:
- authRef
type: object
Expand Down Expand Up @@ -285,6 +282,13 @@ spec:
- message: Konnect Configuration's API auth ref reference is required once
set
rule: '!has(oldSelf.spec.konnect.authRef) || has(self.spec.konnect.authRef)'
- message: spec.konnect.authRef is immutable when entity is already Programmed.
rule: '!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status
== ''True'') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef'
- message: spec.konnect.authRef is immutable when entity refers to a Valid
API Auth Configuration.
rule: '!self.status.conditions.exists(c, c.type == ''APIAuthValid'' && c.status
== ''True'') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef'
served: true
storage: true
subresources:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ spec:
versions:
- additionalPrinterColumns:
- description: The API authentication information is valid
jsonPath: .status.conditions[?(@.type=='Valid')].status
jsonPath: .status.conditions[?(@.type=='APIAuthValid')].status
name: Valid
type: string
- description: Konnect Organization ID this API authentication configuration belongs
Expand Down
11 changes: 8 additions & 3 deletions config/crd/bases/konnect.konghq.com_konnectcontrolplanes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,6 @@ spec:
required:
- name
type: object
x-kubernetes-validations:
- message: authRef is immutable
rule: self == oldSelf
required:
- authRef
type: object
Expand Down Expand Up @@ -230,6 +227,14 @@ spec:
type: string
type: object
type: object
x-kubernetes-validations:
- message: spec.konnect.authRef is immutable when entity is already Programmed.
rule: '!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status
== ''True'') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef'
- message: spec.konnect.authRef is immutable when entity refers to a Valid
API Auth Configuration.
rule: '!self.status.conditions.exists(c, c.type == ''APIAuthValid'' && c.status
== ''True'') ? true : self.spec.konnect.authRef == oldSelf.spec.konnect.authRef'
served: true
storage: true
subresources:
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/kong/kubernetes-configuration
go 1.22.4

require (
github.com/Kong/sdk-konnect-go v0.0.0-20240723160412-999d9a987e1a
github.com/Kong/sdk-konnect-go v0.0.1
github.com/kong/go-kong v0.57.1
k8s.io/api v0.30.3
k8s.io/apiextensions-apiserver v0.30.3
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
github.com/Kong/sdk-konnect-go v0.0.0-20240723160412-999d9a987e1a h1:0mQhPVVA2/+uTVmoKrEIGf+0eTrNyr80Ssv1zGs/1Lk=
github.com/Kong/sdk-konnect-go v0.0.0-20240723160412-999d9a987e1a/go.mod h1:ipu67aQNnwDzu/LXKePG46cVqkkZnAHKWpsbhTEI8xE=
github.com/Kong/sdk-konnect-go v0.0.1 h1:yxDRzT7gBriM9ZD3MDJCoEVBwtzEpcujuxLK1Ga5ObM=
github.com/Kong/sdk-konnect-go v0.0.1/go.mod h1:75YzLhfnYfmCvBJgkafzVuREwBAec2/jihCW2fyn6hY=
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand Down

0 comments on commit 4fbea76

Please sign in to comment.