handle deprecation migrations for validate/reconcile

src/pepr/operator/controllers/istio/virtual-service.ts

@@ -51,11 +51,6 @@ export async function virtualService(pkg: UDSPackage, namespace: string) {
       http.route = route;
     }
 
-    // Manage deprecated match field
-    if (expose.match) {
-      http.match = expose.match;
-    }
-
     const payload: Istio.VirtualService = {
       metadata: {
         name,

src/pepr/operator/crd/migrate.ts

@@ -0,0 +1,38 @@
+import { UDSPackage } from ".";
+
+/**
+ * Migrates the package to the latest version
+ *
+ * @param pkg the package to migrate
+ * @returns
+ */
+export function migrate(pkg: UDSPackage) {
+  const exposeList = pkg.spec?.network?.expose ?? [];
+
+  for (const expose of exposeList) {
+    // Migrate expose[].match -> expose[].advancedHTTP.match
+    if (expose.match) {
+      expose.advancedHTTP = expose.advancedHTTP ?? {};
+      expose.advancedHTTP.match = expose.match;
+      delete expose.match;
+    }
+  }
+
+  const allowList = pkg.spec?.network?.allow ?? [];
+
+  for (const allow of allowList) {
+    // Migrate allow[].podLabels -> allow[].selector
+    if (allow.podLabels) {
+      allow.selector = allow.podLabels;
+      delete allow.podLabels;
+    }
+
+    // Migrate allow[].remotePodLabels -> allow[].remoteSelector
+    if (allow.remotePodLabels) {
+      allow.remoteSelector = allow.remotePodLabels;
+      delete allow.remotePodLabels;
+    }
+  }
+
+  return pkg;
+}

src/pepr/operator/crd/validator.ts

@@ -4,17 +4,20 @@ import { Gateway, UDSPackage } from ".";
 import { generateName } from "../controllers/network/generate";
 import { sanitizeResourceName } from "../controllers/utils";
 import { generateVSName } from "../controllers/istio/virtual-service";
+import { migrate } from "./migrate";
 
 const invalidNamespaces = ["kube-system", "kube-public", "_unknown_", "pepr-system"];
 
 export async function validator(req: PeprValidateRequest<UDSPackage>) {
-  const ns = req.Raw.metadata?.namespace ?? "_unknown_";
+  const pkg = migrate(req.Raw);
+
+  const ns = pkg.metadata?.namespace ?? "_unknown_";
 
   if (invalidNamespaces.includes(ns)) {
     return req.Deny("invalid namespace");
   }
 
-  const exposeList = req.Raw.spec?.network?.expose ?? [];
+  const exposeList = pkg.spec?.network?.expose ?? [];
 
   // Track the names of the virtual services to ensure they are unique
   const virtualServiceNames = new Set<string>();
@@ -48,7 +51,7 @@ export async function validator(req: PeprValidateRequest<UDSPackage>) {
     virtualServiceNames.add(name);
   }
 
-  const networkPolicy = req.Raw.spec?.network?.allow ?? [];
+  const networkPolicy = pkg.spec?.network?.allow ?? [];
 
   // Track the names of the network policies to ensure they are unique
   const networkPolicyNames = new Set<string>();
@@ -60,7 +63,7 @@ export async function validator(req: PeprValidateRequest<UDSPackage>) {
     }
 
     // Ensure the policy name is unique
-    const name = sanitizeResourceName(`allow-${req.Raw.metadata?.name}-${generateName(policy)}`);
+    const name = sanitizeResourceName(`allow-${pkg.metadata?.name}-${generateName(policy)}`);
     if (networkPolicyNames.has(name)) {
       return req.Deny(
         `The combination of characteristics of this network allow rule would create a duplicate NetworkPolicy. ` +

src/pepr/operator/reconciler.ts

@@ -6,6 +6,7 @@ import { virtualService } from "./controllers/istio/virtual-service";
 import { networkPolicies } from "./controllers/network/policies";
 import { Phase, Status, UDSPackage } from "./crd";
 import { VirtualService } from "./crd/generated/istio/virtualservice-v1beta1";
+import { migrate } from "./crd/migrate";
 
 /**
  * The reconciler is called from the queue and is responsible for reconciling the state of the package
@@ -14,6 +15,8 @@ import { VirtualService } from "./crd/generated/istio/virtualservice-v1beta1";
  * @param pkg the package to reconcile
  */
 export async function reconciler(pkg: UDSPackage) {
+  migrate(pkg);
+
   if (!pkg.metadata?.namespace) {
     Log.error(pkg, `Invalid Package definition`);
     return;