Commit 9b7ac1b

committed

Make ImageVolumeSource.Reference required via OpenAPI

OpenAPI validation does not count toward the CRD XValidation CEL budget.

1 parent da69a57 commit 9b7ac1bCopy full SHA for 9b7ac1b

File tree

12 files changed

+233

-115

lines changed

config/crd/bases
- postgres-operator.crunchydata.com_pgadmins.yaml
- postgres-operator.crunchydata.com_postgresclusters.yaml
internal/crd
- post-process.jq
- validation
pkg/apis/postgres-operator.crunchydata.com/v1beta1
- postgrescluster_types.go
- shared_types.go

12 files changed

+233

-115

lines changed

`‎config/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml‎`

Lines changed: 12 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -2620,7 +2620,9 @@ spec:`
`2620`	`2620`	`type: array`
`2621`	`2621`	`x-kubernetes-list-type: set`
`2622`	`2622`	`image:`
`2623`		`- description: Details for adding an image volume`
	`2623`	`+ description: \|-`
	`2624`	`+ Reference to an image or OCI artifact.`
	`2625`	`+ More info: https://kubernetes.io/docs/concepts/storage/volumes#image`
`2624`	`2626`	`properties:`
`2625`	`2627`	`pullPolicy:`
`2626`	`2628`	`description: \|-`
`@@ -2629,6 +2631,11 @@ spec:`
`2629`	`2631`	`Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.`
`2630`	`2632`	`IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.`
`2631`	`2633`	`Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.`
	`2634`	`+ enum:`
	`2635`	`+ - Always`
	`2636`	`+ - Never`
	`2637`	`+ - IfNotPresent`
	`2638`	`+ maxLength: 12`
`2632`	`2639`	`type: string`
`2633`	`2640`	`reference:`
`2634`	`2641`	`description: \|-`
`@@ -2638,7 +2645,10 @@ spec:`
`2638`	`2645`	`More info: https://kubernetes.io/docs/concepts/containers/images`
`2639`	`2646`	`This field is optional to allow higher level config management to default or override`
`2640`	`2647`	`container images in workload controllers like Deployments and StatefulSets.`
	`2648`	`+ minLength: 1`
`2641`	`2649`	`type: string`
	`2650`	`+ required:`
	`2651`	`+ - reference`
`2642`	`2652`	`type: object`
`2643`	`2653`	`name:`
`2644`	`2654`	`description: \|-`
`@@ -2659,11 +2669,8 @@ spec:`
`2659`	`2669`	`x-kubernetes-validations:`
`2660`	`2670`	`- message: you must set only one of image or claimName`
`2661`	`2671`	`rule: has(self.claimName) != has(self.image)`
`2662`		`- - message: readOnly cannot be set false when using an ImageVolumeSource`
	`2672`	`+ - message: image volumes must be readOnly`
`2663`	`2673`	`rule: '!has(self.image) \|\| !has(self.readOnly) \|\| self.readOnly'`
`2664`		`- - message: if using an ImageVolumeSource, you must set a reference`
`2665`		`- rule: '!has(self.image) \|\| (self.?image.reference.hasValue()`
`2666`		`- && self.image.reference.size() > 0)'`
`2667`	`2674`	`maxItems: 10`
`2668`	`2675`	`type: array`
`2669`	`2676`	`x-kubernetes-list-map-keys:`

`‎config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml‎`

Lines changed: 168 additions & 98 deletions

Large diffs are not rendered by default.

`‎internal/crd/post-process.jq‎`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,13 +3,26 @@`
`3`	`3`	`# SPDX-License-Identifier: Apache-2.0`
`4`	`4`	`#`
`5`	`5`	`# This [jq] filter modifies a Kubernetes CustomResourceDefinition.`
	`6`	`+# Use the controller-gen "+kubebuilder:title" marker to identify schemas that need special manipulation.`
`6`	`7`	`#`
`7`	`8`	`# [jq]: https://jqlang.org`
`8`	`9`
`9`	`10`	`# merge recursively combines a stream of objects.`
`10`	`11`	`# https://jqlang.org/manual#multiplication-division-modulo`
`11`	`12`	`def merge(stream): reduce stream as $i ({}; . * $i);`
`12`	`13`
	`14`	`+# https://pkg.go.dev/k8s.io/api/core/v1#ImageVolumeSource`
	`15`	`+reduce paths(try .title == "$corev1.ImageVolumeSource") as $path (.;`
	`16`	`+ getpath($path) as $schema \|`
	`17`	`+ setpath($path; $schema * {`
	`18`	`+ required: (["reference"] + ($schema.required // []) \| sort),`
	`19`	`+ properties: {`
	`20`	`+ pullPolicy: { enum: ["Always", "Never", "IfNotPresent"] },`
	`21`	`+ reference: { minLength: 1 }`
	`22`	`+ }`
	`23`	`+ } \| del(.title))`
	`24`	`+) \|`
	`25`	`+`
`13`	`26`	`# Kubernetes assumes the evaluation cost of an enum value is very large: https://issue.k8s.io/119511`
`14`	`27`	`# Look at every schema that has a populated "enum" property.`
`15`	`28`	`reduce paths(try .enum \| length > 0) as $path (.;`

`‎internal/testing/validation/pgadmin_test.go‎ renamed to ‎internal/crd/validation/pgadmin_test.go‎`

File renamed without changes.

`‎internal/testing/validation/pgbackrest_test.go‎ renamed to ‎internal/crd/validation/pgbackrest_test.go‎`

File renamed without changes.

`‎internal/testing/validation/pgbouncer_test.go‎ renamed to ‎internal/crd/validation/pgbouncer_test.go‎`

File renamed without changes.

`‎internal/testing/validation/postgrescluster/postgres_authentication_test.go‎ renamed to ‎internal/crd/validation/postgrescluster/postgres_authentication_test.go‎`

File renamed without changes.

`‎internal/testing/validation/postgrescluster/postgres_config_test.go‎ renamed to ‎internal/crd/validation/postgrescluster/postgres_config_test.go‎`

File renamed without changes.

`‎internal/testing/validation/postgrescluster/postgres_users_test.go‎ renamed to ‎internal/crd/validation/postgrescluster/postgres_users_test.go‎`

File renamed without changes.

`‎internal/testing/validation/postgrescluster_test.go‎ renamed to ‎internal/crd/validation/postgrescluster_test.go‎`

Lines changed: 32 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ import (`
`14`	`14`	`"sigs.k8s.io/controller-runtime/pkg/client"`
`15`	`15`	`"sigs.k8s.io/yaml"`
`16`	`16`
	`17`	`+ "github.com/crunchydata/postgres-operator/internal/testing/cmp"`
`17`	`18`	`"github.com/crunchydata/postgres-operator/internal/testing/require"`
`18`	`19`	`v1 "github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1"`
`19`	`20`	`"github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"`
`@@ -110,6 +111,7 @@ func TestPostgresUserInterfaceAcrossVersions(t *testing.T) {`
`110`	`111`	`func TestAdditionalVolumes(t *testing.T) {`
`111`	`112`	`ctx := context.Background()`
`112`	`113`	`cc := require.KubernetesAtLeast(t, "1.30")`
	`114`	`+ dryrun := client.NewDryRunClient(cc)`
`113`	`115`	`t.Parallel()`
`114`	`116`
`115`	`117`	`namespace := require.Namespace(t, cc)`
`@@ -154,8 +156,13 @@ func TestAdditionalVolumes(t *testing.T) {`
`154`	`156`	`}]`
`155`	`157`	`}`
`156`	`158`	}]`, "spec", "instances")
`157`		`- err := cc.Create(ctx, tmp.DeepCopy(), client.DryRunAll)`
	`159`	`+`
	`160`	`+ err := dryrun.Create(ctx, tmp.DeepCopy())`
`158`	`161`	`assert.Assert(t, apierrors.IsInvalid(err))`
	`162`	`+`
	`163`	`+ details := require.StatusErrorDetails(t, err)`
	`164`	`+ assert.Assert(t, cmp.Len(details.Causes, 1))`
	`165`	`+ assert.Equal(t, details.Causes[0].Field, "spec.instances[0].volumes.additional[0]")`
`159`	`166`	`assert.ErrorContains(t, err, "you must set only one of image or claimName")`
`160`	`167`	`})`
`161`	`168`
`@@ -178,9 +185,14 @@ func TestAdditionalVolumes(t *testing.T) {`
`178`	`185`	`}]`
`179`	`186`	`}`
`180`	`187`	}]`, "spec", "instances")
`181`		`- err := cc.Create(ctx, tmp.DeepCopy(), client.DryRunAll)`
	`188`	`+`
	`189`	`+ err := dryrun.Create(ctx, tmp.DeepCopy())`
`182`	`190`	`assert.Assert(t, apierrors.IsInvalid(err))`
`183`		`- assert.ErrorContains(t, err, "readOnly cannot be set false when using an ImageVolumeSource")`
	`191`	`+`
	`192`	`+ details := require.StatusErrorDetails(t, err)`
	`193`	`+ assert.Assert(t, cmp.Len(details.Causes, 1))`
	`194`	`+ assert.Equal(t, details.Causes[0].Field, "spec.instances[0].volumes.additional[0]")`
	`195`	`+ assert.ErrorContains(t, err, "image volumes must be readOnly")`
`184`	`196`	`})`
`185`	`197`
`186`	`198`	`t.Run("Reference must be set when using image volume", func(t *testing.T) {`
`@@ -201,9 +213,15 @@ func TestAdditionalVolumes(t *testing.T) {`
`201`	`213`	`}]`
`202`	`214`	`}`
`203`	`215`	}]`, "spec", "instances")
`204`		`- err := cc.Create(ctx, tmp.DeepCopy(), client.DryRunAll)`
	`216`	`+`
	`217`	`+ err := dryrun.Create(ctx, tmp.DeepCopy())`
`205`	`218`	`assert.Assert(t, apierrors.IsInvalid(err))`
`206`		`- assert.ErrorContains(t, err, "if using an ImageVolumeSource, you must set a reference")`
	`219`	`+`
	`220`	`+ details := require.StatusErrorDetails(t, err)`
	`221`	`+ assert.Assert(t, cmp.Len(details.Causes, 2))`
	`222`	`+ assert.Assert(t, cmp.Equal(details.Causes[0].Field, "spec.instances[0].volumes.additional[0].image.reference"))`
	`223`	`+ assert.Assert(t, cmp.Equal(details.Causes[0].Type, "FieldValueRequired"))`
	`224`	`+ assert.ErrorContains(t, err, "Required")`
`207`	`225`	`})`
`208`	`226`
`209`	`227`	`t.Run("Reference cannot be an empty string when using image volume", func(t *testing.T) {`
`@@ -225,9 +243,15 @@ func TestAdditionalVolumes(t *testing.T) {`
`225`	`243`	`}]`
`226`	`244`	`}`
`227`	`245`	}]`, "spec", "instances")
`228`		`- err := cc.Create(ctx, tmp.DeepCopy(), client.DryRunAll)`
	`246`	`+`
	`247`	`+ err := dryrun.Create(ctx, tmp.DeepCopy())`
`229`	`248`	`assert.Assert(t, apierrors.IsInvalid(err))`
`230`		`- assert.ErrorContains(t, err, "if using an ImageVolumeSource, you must set a reference")`
	`249`	`+`
	`250`	`+ details := require.StatusErrorDetails(t, err)`
	`251`	`+ assert.Assert(t, cmp.Len(details.Causes, 1))`
	`252`	`+ assert.Assert(t, cmp.Equal(details.Causes[0].Field, "spec.instances[0].volumes.additional[0].image.reference"))`
	`253`	`+ assert.Assert(t, cmp.Equal(details.Causes[0].Type, "FieldValueInvalid"))`
	`254`	`+ assert.ErrorContains(t, err, "at least 1 chars long")`
`231`	`255`	`})`
`232`	`256`
`233`	`257`	`t.Run("ReadOnly can be omitted or set true when using image volume", func(t *testing.T) {`
`@@ -265,6 +289,6 @@ func TestAdditionalVolumes(t *testing.T) {`
`265`	`289`	`}]`
`266`	`290`	`}`
`267`	`291`	}]`, "spec", "instances")
`268`		`- assert.NilError(t, cc.Create(ctx, tmp.DeepCopy(), client.DryRunAll))`
	`292`	`+ assert.NilError(t, dryrun.Create(ctx, tmp.DeepCopy()))`
`269`	`293`	`})`
`270`	`294`	`}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 9b7ac1b

File tree

12 files changed

12 files changed

`‎config/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml‎`

`‎config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml‎`

`‎internal/crd/post-process.jq‎`

`‎internal/testing/validation/pgadmin_test.go‎ renamed to ‎internal/crd/validation/pgadmin_test.go‎`

`‎internal/testing/validation/pgbackrest_test.go‎ renamed to ‎internal/crd/validation/pgbackrest_test.go‎`

`‎internal/testing/validation/pgbouncer_test.go‎ renamed to ‎internal/crd/validation/pgbouncer_test.go‎`

`‎internal/testing/validation/postgrescluster/postgres_authentication_test.go‎ renamed to ‎internal/crd/validation/postgrescluster/postgres_authentication_test.go‎`

`‎internal/testing/validation/postgrescluster/postgres_config_test.go‎ renamed to ‎internal/crd/validation/postgrescluster/postgres_config_test.go‎`

`‎internal/testing/validation/postgrescluster/postgres_users_test.go‎ renamed to ‎internal/crd/validation/postgrescluster/postgres_users_test.go‎`

`‎internal/testing/validation/postgrescluster_test.go‎ renamed to ‎internal/crd/validation/postgrescluster_test.go‎`

0 commit comments