feat: add KongUpstreamPolicy CRD validation rules

Kong · Oct 24, 2023 · ff23b3f · ff23b3f
1 parent e3186f6
commit ff23b3f
Show file tree

Hide file tree

Showing 7 changed files with 246 additions and 12 deletions.
diff --git a/config/crd/bases/configuration.konghq.com_kongupstreampolicies.yaml b/config/crd/bases/configuration.konghq.com_kongupstreampolicies.yaml
@@ -142,6 +142,9 @@ spec:
                             description: HTTPStatuses is a list of HTTP status codes
                               that Kong considers a success.
                             items:
+                              description: HTTPStatus is an HTTP status code.
+                              maximum: 599
+                              minimum: 100
                               type: integer
                             type: array
                           interval:
@@ -197,6 +200,9 @@ spec:
                             description: HTTPStatuses is a list of HTTP status codes
                               that Kong considers a failure.
                             items:
+                              description: HTTPStatus is an HTTP status code.
+                              maximum: 599
+                              minimum: 100
                               type: integer
                             type: array
                           interval:
@@ -228,6 +234,9 @@ spec:
                             description: HTTPStatuses is a list of HTTP status codes
                               that Kong considers a success.
                             items:
+                              description: HTTPStatus is an HTTP status code.
+                              maximum: 599
+                              minimum: 100
                               type: integer
                             type: array
                           interval:
@@ -267,6 +276,9 @@ spec:
                             description: HTTPStatuses is a list of HTTP status codes
                               that Kong considers a failure.
                             items:
+                              description: HTTPStatus is an HTTP status code.
+                              maximum: 599
+                              minimum: 100
                               type: integer
                             type: array
                           interval:
@@ -305,6 +317,29 @@ spec:
                 type: integer
             type: object
         type: object
+        x-kubernetes-validations:
+        - message: Only one of spec.hashOn.(cookie|header|uriCapture|queryArg) can
+            be set.
+          rule: 'has(self.spec.hashOn) ? [has(self.spec.hashOn.cookie), has(self.spec.hashOn.header),
+            has(self.spec.hashOn.uriCapture), has(self.spec.hashOn.queryArg)].filter(fieldSet,
+            fieldSet == true).size() <= 1 : true'
+        - message: Only one of spec.hashOnFallback.(header|uriCapture|queryArg) can
+            be set.
+          rule: 'has(self.spec.hashOnFallback) ? [has(self.spec.hashOnFallback.header),
+            has(self.spec.hashOnFallback.uriCapture), has(self.spec.hashOnFallback.queryArg)].filter(fieldSet,
+            fieldSet == true).size() <= 1 : true'
+        - message: When spec.hashOn.cookie is set, spec.hashOn.cookiePath is required.
+          rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookie) ? has(self.spec.hashOn.cookiePath)
+            : true'
+        - message: When spec.hashOn.cookiePath is set, spec.hashOn.cookie is required.
+          rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookiePath) ? has(self.spec.hashOn.cookie)
+            : true'
+        - message: spec.hashOnFallback.cookie must not be set.
+          rule: 'has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookie)
+            : true'
+        - message: spec.hashOnFallback.cookiePath must not be set.
+          rule: 'has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookiePath)
+            : true'
     served: true
     storage: true
     subresources:

diff --git a/docs/api-reference.md b/docs/api-reference.md
diff --git a/internal/dataplane/parser/translators/kongupstreampolicy.go b/internal/dataplane/parser/translators/kongupstreampolicy.go
@@ -128,7 +128,7 @@ func translateHealthy(healthy *kongv1beta1.KongUpstreamHealthcheckHealthy) *kong
 		return nil
 	}
 	return &kong.Healthy{
-		HTTPStatuses: healthy.HTTPStatuses,
+		HTTPStatuses: lo.Map(healthy.HTTPStatuses, func(s kongv1beta1.HTTPStatus, _ int) int { return int(s) }),
 		Interval:     healthy.Interval,
 		Successes:    healthy.Successes,
 	}
@@ -140,7 +140,7 @@ func translateUnhealthy(unhealthy *kongv1beta1.KongUpstreamHealthcheckUnhealthy)
 	}
 	return &kong.Unhealthy{
 		HTTPFailures: unhealthy.HTTPFailures,
-		HTTPStatuses: unhealthy.HTTPStatuses,
+		HTTPStatuses: lo.Map(unhealthy.HTTPStatuses, func(s kongv1beta1.HTTPStatus, _ int) int { return int(s) }),
 		TCPFailures:  unhealthy.TCPFailures,
 		Timeouts:     unhealthy.Timeouts,
 		Interval:     unhealthy.Interval,

diff --git a/internal/dataplane/parser/translators/kongupstreampolicy_test.go b/internal/dataplane/parser/translators/kongupstreampolicy_test.go
@@ -93,13 +93,13 @@ func TestTranslateKongUpstreamPolicy(t *testing.T) {
 						Type:        lo.ToPtr("http"),
 						Concurrency: lo.ToPtr(10),
 						Healthy: &kongv1beta1.KongUpstreamHealthcheckHealthy{
-							HTTPStatuses: []int{200},
+							HTTPStatuses: []kongv1beta1.HTTPStatus{200},
 							Interval:     lo.ToPtr(20),
 							Successes:    lo.ToPtr(30),
 						},
 						Unhealthy: &kongv1beta1.KongUpstreamHealthcheckUnhealthy{
 							HTTPFailures: lo.ToPtr(40),
-							HTTPStatuses: []int{500},
+							HTTPStatuses: []kongv1beta1.HTTPStatus{500},
 							Timeouts:     lo.ToPtr(60),
 							Interval:     lo.ToPtr(70),
 						},

diff --git a/pkg/apis/configuration/v1beta1/kongupstreampolicy_types.go b/pkg/apis/configuration/v1beta1/kongupstreampolicy_types.go
@@ -34,6 +34,12 @@ func init() {
 // +kubebuilder:subresource:status
 // +kubebuilder:storageversion
 // +kubebuilder:metadata:labels=gateway.networking.k8s.io/policy=direct
+// +kubebuilder:validation:XValidation:rule="has(self.spec.hashOn) ? [has(self.spec.hashOn.cookie), has(self.spec.hashOn.header), has(self.spec.hashOn.uriCapture), has(self.spec.hashOn.queryArg)].filter(fieldSet, fieldSet == true).size() <= 1 : true", message="Only one of spec.hashOn.(cookie|header|uriCapture|queryArg) can be set."
+// +kubebuilder:validation:XValidation:rule="has(self.spec.hashOnFallback) ? [has(self.spec.hashOnFallback.header), has(self.spec.hashOnFallback.uriCapture), has(self.spec.hashOnFallback.queryArg)].filter(fieldSet, fieldSet == true).size() <= 1 : true", message="Only one of spec.hashOnFallback.(header|uriCapture|queryArg) can be set."
+// +kubebuilder:validation:XValidation:rule="has(self.spec.hashOn) && has(self.spec.hashOn.cookie) ? has(self.spec.hashOn.cookiePath) : true", message="When spec.hashOn.cookie is set, spec.hashOn.cookiePath is required."
+// +kubebuilder:validation:XValidation:rule="has(self.spec.hashOn) && has(self.spec.hashOn.cookiePath) ? has(self.spec.hashOn.cookie) : true", message="When spec.hashOn.cookiePath is set, spec.hashOn.cookie is required."
+// +kubebuilder:validation:XValidation:rule="has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookie) : true", message="spec.hashOnFallback.cookie must not be set."
+// +kubebuilder:validation:XValidation:rule="has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookiePath) : true", message="spec.hashOnFallback.cookiePath must not be set."
 type KongUpstreamPolicy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -165,10 +171,15 @@ type KongUpstreamPassiveHealthcheck struct {
 	Unhealthy *KongUpstreamHealthcheckUnhealthy `json:"unhealthy,omitempty"`
 }
 
+// HTTPStatus is an HTTP status code.
+// +kubebuilder:validation:Minimum=100
+// +kubebuilder:validation:Maximum=599
+type HTTPStatus int
+
 // KongUpstreamHealthcheckHealthy configures thresholds and HTTP status codes to mark targets healthy for an upstream.
 type KongUpstreamHealthcheckHealthy struct {
 	// HTTPStatuses is a list of HTTP status codes that Kong considers a success.
-	HTTPStatuses []int `json:"httpStatuses,omitempty"`
+	HTTPStatuses []HTTPStatus `json:"httpStatuses,omitempty"`
 
 	// Interval is the interval between active health checks for an upstream in seconds when in a healthy state.
 	// +kubebuilder:validation:Minimum=0
@@ -186,7 +197,7 @@ type KongUpstreamHealthcheckUnhealthy struct {
 	HTTPFailures *int `json:"httpFailures,omitempty"`
 
 	// HTTPStatuses is a list of HTTP status codes that Kong considers a failure.
-	HTTPStatuses []int `json:"httpStatuses,omitempty"`
+	HTTPStatuses []HTTPStatus `json:"httpStatuses,omitempty"`
 
 	// TCPFailures is the number of TCP failures in a row to consider a target unhealthy.
 	// +kubebuilder:validation:Minimum=0

diff --git a/pkg/apis/configuration/v1beta1/zz_generated.deepcopy.go b/pkg/apis/configuration/v1beta1/zz_generated.deepcopy.go