From bb6476e67e02ccb648900d4474c294c4b7979630 Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Thu, 2 Nov 2023 15:11:15 +0000 Subject: [PATCH] Fix bug in response validation rules (#287) --- api/v1beta2/authpolicy_types.go | 4 ++-- .../kuadrant-operator.clusterserviceversion.yaml | 2 +- bundle/manifests/kuadrant.io_authpolicies.yaml | 8 ++++---- config/crd/bases/kuadrant.io_authpolicies.yaml | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/api/v1beta2/authpolicy_types.go b/api/v1beta2/authpolicy_types.go index d2569624e..af7287341 100644 --- a/api/v1beta2/authpolicy_types.go +++ b/api/v1beta2/authpolicy_types.go @@ -119,8 +119,8 @@ type CallbackSpec struct { // +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.authentication) || !self.rules.authentication.exists(x, has(self.rules.authentication[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" // +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.metadata) || !self.rules.metadata.exists(x, has(self.rules.metadata[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" // +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.authorization) || !self.rules.authorization.exists(x, has(self.rules.authorization[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" -// +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || self.rules.response.success.headers.exists(x, has(self.rules.response.success.headers[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" -// +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || self.rules.response.success.dynamicMetadata.exists(x, has(self.rules.response.success.dynamicMetadata[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +// +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || !has(self.rules.response.success.headers) || !self.rules.response.success.headers.exists(x, has(self.rules.response.success.headers[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +// +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || !has(self.rules.response.success.dynamicMetadata) || !self.rules.response.success.dynamicMetadata.exists(x, has(self.rules.response.success.dynamicMetadata[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" // +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.callbacks) || !self.rules.callbacks.exists(x, has(self.rules.callbacks[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" type AuthPolicySpec struct { // TargetRef identifies an API object to apply policy to. diff --git a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml index 9efbcc92b..2f8b390d2 100644 --- a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml +++ b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml @@ -41,7 +41,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/kuadrant/kuadrant-operator:latest - createdAt: "2023-10-20T10:46:36Z" + createdAt: "2023-11-02T12:36:24Z" operators.operatorframework.io/builder: operator-sdk-v1.28.1 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/Kuadrant/kuadrant-operator diff --git a/bundle/manifests/kuadrant.io_authpolicies.yaml b/bundle/manifests/kuadrant.io_authpolicies.yaml index 971f8e947..90fcd5de0 100644 --- a/bundle/manifests/kuadrant.io_authpolicies.yaml +++ b/bundle/manifests/kuadrant.io_authpolicies.yaml @@ -4197,12 +4197,12 @@ spec: || !self.rules.authorization.exists(x, has(self.rules.authorization[x].routeSelectors)) - message: route selectors not supported when targeting a Gateway rule: self.targetRef.kind != 'Gateway' || !has(self.rules.response) - || !has(self.rules.response.success) || self.rules.response.success.headers.exists(x, - has(self.rules.response.success.headers[x].routeSelectors)) + || !has(self.rules.response.success) || !has(self.rules.response.success.headers) + || !self.rules.response.success.headers.exists(x, has(self.rules.response.success.headers[x].routeSelectors)) - message: route selectors not supported when targeting a Gateway rule: self.targetRef.kind != 'Gateway' || !has(self.rules.response) - || !has(self.rules.response.success) || self.rules.response.success.dynamicMetadata.exists(x, - has(self.rules.response.success.dynamicMetadata[x].routeSelectors)) + || !has(self.rules.response.success) || !has(self.rules.response.success.dynamicMetadata) + || !self.rules.response.success.dynamicMetadata.exists(x, has(self.rules.response.success.dynamicMetadata[x].routeSelectors)) - message: route selectors not supported when targeting a Gateway rule: self.targetRef.kind != 'Gateway' || !has(self.rules.callbacks) || !self.rules.callbacks.exists(x, has(self.rules.callbacks[x].routeSelectors)) diff --git a/config/crd/bases/kuadrant.io_authpolicies.yaml b/config/crd/bases/kuadrant.io_authpolicies.yaml index 86765f134..eda23f8bf 100644 --- a/config/crd/bases/kuadrant.io_authpolicies.yaml +++ b/config/crd/bases/kuadrant.io_authpolicies.yaml @@ -4196,12 +4196,12 @@ spec: || !self.rules.authorization.exists(x, has(self.rules.authorization[x].routeSelectors)) - message: route selectors not supported when targeting a Gateway rule: self.targetRef.kind != 'Gateway' || !has(self.rules.response) - || !has(self.rules.response.success) || self.rules.response.success.headers.exists(x, - has(self.rules.response.success.headers[x].routeSelectors)) + || !has(self.rules.response.success) || !has(self.rules.response.success.headers) + || !self.rules.response.success.headers.exists(x, has(self.rules.response.success.headers[x].routeSelectors)) - message: route selectors not supported when targeting a Gateway rule: self.targetRef.kind != 'Gateway' || !has(self.rules.response) - || !has(self.rules.response.success) || self.rules.response.success.dynamicMetadata.exists(x, - has(self.rules.response.success.dynamicMetadata[x].routeSelectors)) + || !has(self.rules.response.success) || !has(self.rules.response.success.dynamicMetadata) + || !self.rules.response.success.dynamicMetadata.exists(x, has(self.rules.response.success.dynamicMetadata[x].routeSelectors)) - message: route selectors not supported when targeting a Gateway rule: self.targetRef.kind != 'Gateway' || !has(self.rules.callbacks) || !self.rules.callbacks.exists(x, has(self.rules.callbacks[x].routeSelectors))