Skip to content

Commit

Permalink
Add CEL Validation to disallow 0s for baseInterval
Browse files Browse the repository at this point in the history 
Fixes: #5147

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
  • Loading branch information
@arkodg
arkodg committed Jan 30, 2025
1 parent e904d3f commit d84819d
Show file tree
Hide file tree
Showing 5 changed files with 123 additions and 0 deletions.
2 changes: 2 additions & 0 deletions api/v1alpha1/retry_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,12 +101,14 @@ type BackOffPolicy struct {
// BaseInterval is the base interval between retries.
//
// +kubebuilder:validation:Format=duration
// +kubebuilder:validation:XValidation:rule="self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')",message="Invalid format: Must be a valid duration (e.g., '1h30m', '5m20s'). '0h', '0m', '0s', or '0ms' are not allowed."
BaseInterval *metav1.Duration `json:"baseInterval,omitempty"`
// MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
// The default is 10 times the base_interval
//
// +optional
// +kubebuilder:validation:Format=duration
// +kubebuilder:validation:XValidation:rule="self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')",message="Invalid format: Must be a val id duration (e.g., '1h30m', '5m20s'). '0h', '0m', '0s', or '0ms' are not allowed."
MaxInterval *metav1.Duration `json:"maxInterval,omitempty"`
// we can add rate limited based backoff config here if we want to.
}
10 changes: 10 additions & 0 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1328,12 +1328,22 @@ spec:
retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a valid duration (e.g.,
''1h30m'', ''5m20s''). ''0h'', ''0m'', ''0s'', or
''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a val id duration
(e.g., ''1h30m'', ''5m20s''). ''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout per retry attempt.
Expand Down
10 changes: 10 additions & 0 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -780,12 +780,22 @@ spec:
between retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a valid
duration (e.g., ''1h30m'', ''5m20s''). ''0h'',
''0m'', ''0s'', or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a val id
duration (e.g., ''1h30m'', ''5m20s''). ''0h'',
''0m'', ''0s'', or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout per retry attempt.
Expand Down
53 changes: 53 additions & 0 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11266,12 +11266,26 @@ spec:
retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format:
Must be a valid duration
(e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format:
Must be a val id duration
(e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout
Expand Down Expand Up @@ -12243,12 +12257,26 @@ spec:
retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format:
Must be a valid duration
(e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format:
Must be a val id duration
(e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout
Expand Down Expand Up @@ -13286,12 +13314,25 @@ spec:
base interval between retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must
be a valid duration (e.g., ''1h30m'',
''5m20s''). ''0h'', ''0m'',
''0s'', or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must
be a val id duration (e.g.,
''1h30m'', ''5m20s''). ''0h'',
''0m'', ''0s'', or ''0ms'' are
not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout
Expand Down Expand Up @@ -14268,12 +14309,24 @@ spec:
interval between retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a
valid duration (e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'', or ''0ms''
are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a
val id duration (e.g., ''1h30m'',
''5m20s''). ''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout per retry
Expand Down
48 changes: 48 additions & 0 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1198,12 +1198,24 @@ spec:
between retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a valid
duration (e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'', or ''0ms'' are
not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a val id
duration (e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'', or ''0ms'' are
not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout per retry
Expand Down Expand Up @@ -2079,12 +2091,24 @@ spec:
between retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a valid
duration (e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'', or ''0ms'' are
not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a val id
duration (e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'', or ''0ms'' are
not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout per retry
Expand Down Expand Up @@ -3103,12 +3127,24 @@ spec:
interval between retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be
a valid duration (e.g., ''1h30m'',
''5m20s''). ''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be
a val id duration (e.g., ''1h30m'',
''5m20s''). ''0h'', ''0m'', ''0s'',
or ''0ms'' are not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout per
Expand Down Expand Up @@ -4110,12 +4146,24 @@ spec:
between retries.
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a valid
duration (e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'', or ''0ms'' are
not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
maxInterval:
description: |-
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
The default is 10 times the base_interval
format: duration
type: string
x-kubernetes-validations:
- message: 'Invalid format: Must be a val id
duration (e.g., ''1h30m'', ''5m20s'').
''0h'', ''0m'', ''0s'', or ''0ms'' are
not allowed.'
rule: self.matches(r'^([1-9][0-9]{0,4}(h|m|s|ms)){1,4}$')
type: object
timeout:
description: Timeout is the timeout per retry
Expand Down

0 comments on commit d84819d

Please sign in to comment.