-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Add] CEL rule for validating App and PackageInstall Spec #1382
base: develop
Are you sure you want to change the base?
[Add] CEL rule for validating App and PackageInstall Spec #1382
Conversation
one comment based on my first glance. so validation in PR might break some existing configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@varshaprasad96 Could you run './hack/build.sh', './hack/gen.sh', and './hack/gen-apiserver.sh'
and add the changes to the generated files as well.
With these changes,
- we will error out when serviceAccount and cluster both are not provided (✅ )
- we will error out when both serviceAccount and cluster are provided (Even though this is how it should be, like @prembhaskal mentioned this might be a breaking change for some folks, for example if they have an App CR where they have mentioned both serviceAccount and cluster, then they will start seeing this error when they upgrade to the newer version of kc.)
Is current behaviour to choose serviceAccount over cluster config by design?
I am not sure if this was intended for long term, but yes, this is the current expected behaviour (I think it's mentioned somewhere in the docs as well)
06c580d
to
c8dbf0f
Compare
@prembhaskal @praveenrewar I've modified the validation to just check the existence of atleast one of it. This should retain the current behaviour and fix the failing tests. |
a1cb874
to
821176c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for the PR @varshaprasad96. The changes look good to me, could you also add a quick e2e test here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good.
821176c
to
b157c31
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(A few minor changes)
b157c31
to
470ac80
Compare
470ac80
to
262b480
Compare
|
I think test is failing because k8s version of minikube is set to 1.20 which does not support CEL validation.
|
We could bump k8s version in the tests, but I don't want us to indicate that we don't support any version before 1.26. Since the kind tests with the latest version are passing, I think we can add a check in this test to skip if k8s version is <1.26.x (as the validation won't work on older versions but there shouldn't be any other issue because of it). |
This PR: - Adds KB marker to ensure that either spec.ServiceAccount or spec.Cluster is present in App and PackageInstall CR. - Bumps controller-tools to 0.12.1 to support CEL based validation marker. That is the latest version compatible with the k8s release the project is currently at. - Adds test to validate the logic introduced with the kubebuilder marker. Signed-off-by: Varsha Prasad Narsing <[email protected]>
262b480
to
38f6e7b
Compare
Sorry for not being able to follow up due to other commitments. The recent changes should skip the test if the server version is less than 1.26. |
@varshaprasad96 The test seems to be failing while getting the server version (I haven't taken a closer look so not sure exactly which part). |
failing because the test code is not running on the kind cluster. |
What this PR does / why we need it:
This PR:
Which issue(s) this PR fixes:
Fixes #1380
Does this PR introduce a user-facing change?
No. The validation already exists, this change performs the same action before the resource is created.
Additional Notes for your reviewer:
Review Checklist:
a link to that PR
change
Additional documentation e.g., Proposal, usage docs, etc.: