Skip to content

Commit

Permalink
chore: add CEL validation for BackendRef Group
Browse files Browse the repository at this point in the history
Signed-off-by: phantooom <xiaorui.zou@gmail.com>
  • Loading branch information
phantooom committed Jun 6, 2024
1 parent 0907e40 commit cce160e
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 0 deletions.
2 changes: 2 additions & 0 deletions api/v1alpha1/accesslogging_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ type ALSEnvoyProxyAccessLog struct {
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs"`
// LogName defines the friendly name of the access log to be returned in
// StreamAccessLogsMessage.Identifier. This allows the access log server
Expand Down Expand Up @@ -176,6 +177,7 @@ type OpenTelemetryEnvoyProxyAccessLog struct {
// +optional
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="only support Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
// Resources is a set of labels that describe the source of a log entry, including envoy node info.
// It's recommended to follow [semantic conventions](https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/).
Expand Down
2 changes: 2 additions & 0 deletions api/v1alpha1/ext_auth_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ type GRPCExtAuthService struct {
// +optional
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="only support Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
}

Expand All @@ -92,6 +93,7 @@ type HTTPExtAuthService struct {
// +optional
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="only support Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs,omitempty"`

// Path is the path of the HTTP External Authorization service.
Expand Down
1 change: 1 addition & 0 deletions api/v1alpha1/tracing_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ type TracingProvider struct {
// +optional
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="only support Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10356,6 +10356,9 @@ spec:
- message: BackendRefs only supports Service
kind.
rule: self.all(f, f.kind == 'Service')
- message: BackendRefs only supports Core
group.
rule: self.all(f, f.group == '')
http:
description: HTTP defines additional configuration
specific to HTTP access logs.
Expand Down Expand Up @@ -10505,6 +10508,9 @@ spec:
x-kubernetes-validations:
- message: only support Service kind.
rule: self.all(f, f.kind == 'Service')
- message: BackendRefs only supports Core
group.
rule: self.all(f, f.group == '')
host:
description: |-
Host define the extension service hostname.
Expand Down Expand Up @@ -10927,6 +10933,8 @@ spec:
x-kubernetes-validations:
- message: only support Service kind.
rule: self.all(f, f.kind == 'Service')
- message: BackendRefs only supports Core group.
rule: self.all(f, f.group == '')
host:
description: |-
Host define the provider service hostname.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -424,6 +424,8 @@ spec:
x-kubernetes-validations:
- message: only support Service kind.
rule: self.all(f, f.kind == 'Service')
- message: BackendRefs only supports Core group.
rule: self.all(f, f.group == '')
type: object
x-kubernetes-validations:
- message: backendRef or backendRefs needs to be set
Expand Down Expand Up @@ -618,6 +620,8 @@ spec:
x-kubernetes-validations:
- message: only support Service kind.
rule: self.all(f, f.kind == 'Service')
- message: BackendRefs only supports Core group.
rule: self.all(f, f.group == '')
headersToBackend:
description: |-
HeadersToBackend are the authorization response headers that will be added
Expand Down

0 comments on commit cce160e

Please sign in to comment.