diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.input.yaml b/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.input.yaml new file mode 100644 index 000000000000..dcc99b229722 --- /dev/null +++ b/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.input.yaml @@ -0,0 +1,15 @@ +from: + - targetRef: + kind: Mesh + default: + tlsVersion: + min: TLS11 + max: TLS12 + tlsCiphers: + - "ECDHE-ECDSA-AES128-GCM-SHA256" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-ECDSA-CHACHA20-POLY1305" + - "ECDHE-RSA-AES128-GCM-SHA256" + - "ECDHE-RSA-AES256-GCM-SHA384" + - "ECDHE-RSA-CHACHA20-POLY1305" + mode: Strict diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.output.yaml b/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.output.yaml new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go index 5a1c1e9d9e3a..abb039fd04c7 100644 --- a/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go @@ -7,13 +7,15 @@ import ( common_tls "github.com/kumahq/kuma/api/common/v1alpha1/tls" "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" "github.com/kumahq/kuma/pkg/core/validators" + "github.com/kumahq/kuma/pkg/util/pointer" ) func (r *MeshTLSResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") verr.AddErrorAt(path.Field("targetRef"), validateTop(r.Spec.TargetRef)) - verr.AddErrorAt(path.Field("from"), validateFrom(r.Spec.From, r.Spec.TargetRef.Kind)) + topLevel := pointer.DerefOr(r.Spec.TargetRef, common_api.TargetRef{Kind: common_api.Mesh, UsesSyntacticSugar: true}) + verr.AddErrorAt(path.Field("from"), validateFrom(r.Spec.From, topLevel.Kind)) return verr.OrNil() } diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshtls/api/v1alpha1/validator_test.go index de3f8f530630..53b871a882f0 100644 --- a/pkg/plugins/policies/meshtls/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshtls/api/v1alpha1/validator_test.go @@ -60,6 +60,10 @@ var _ = Describe("MeshTLS", func() { name: "meshtls-3", file: "invalid-top-level", }), + Entry("full passing without top level", testCase{ + name: "meshtls-4", + file: "full-valid-no-top-target", + }), ) }) })