From c3af08dc6ced21171f43e58967019370304d571b Mon Sep 17 00:00:00 2001 From: Bharath B Date: Thu, 2 Feb 2023 20:26:22 +0530 Subject: [PATCH 1/6] CFE-581 : Update Infrastructure CRD to support azure tags in status --- ...perator_01_infrastructure-Default.crd.yaml | 27 +++++++++++ ...frastructure-TechPreviewNoUpgrade.crd.yaml | 27 +++++++++++ config/v1/types_infrastructure.go | 32 +++++++++++++ .../v1/zz_generated.swagger_doc_generated.go | 11 +++++ .../generated_openapi/zz_generated.openapi.go | 48 +++++++++++++++++++ openapi/openapi.json | 29 +++++++++++ 6 files changed, 174 insertions(+) diff --git a/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index af6638c47e2..0660be5846a 100644 --- a/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -534,6 +534,33 @@ spec: resourceGroupName: description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. type: string + resourceTags: + default: Unknown + description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. + items: + description: AzureResourceTag is a tag to apply to Azure resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`. + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + value: + description: 'value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.' + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 10 + type: array + x-kubernetes-validations: + - message: resourceTags once configured cannot be modified + rule: oldSelf == 'Unknown' || self == oldSelf type: object baremetal: description: BareMetal contains settings specific to the BareMetal platform. diff --git a/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index 01eeb092898..2055ae5241b 100644 --- a/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -534,6 +534,33 @@ spec: resourceGroupName: description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. type: string + resourceTags: + default: Unknown + description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. + items: + description: AzureResourceTag is a tag to apply to Azure resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`. + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + value: + description: 'value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.' + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 10 + type: array + x-kubernetes-validations: + - message: resourceTags once configured cannot be modified + rule: oldSelf == 'Unknown' || self == oldSelf type: object baremetal: description: BareMetal contains settings specific to the BareMetal platform. diff --git a/config/v1/types_infrastructure.go b/config/v1/types_infrastructure.go index b6e3afb27b8..deee64c61c0 100644 --- a/config/v1/types_infrastructure.go +++ b/config/v1/types_infrastructure.go @@ -478,6 +478,38 @@ type AzurePlatformStatus struct { // armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. // +optional ARMEndpoint string `json:"armEndpoint,omitempty"` + + // resourceTags is a list of additional tags to apply to Azure resources created for the cluster. + // See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. + // Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags + // may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:default:="Unknown" + // +default="Unknown" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'Unknown' || self == oldSelf",message="resourceTags once configured cannot be modified" + // +optional + ResourceTags []AzureResourceTag `json:"resourceTags,omitempty"` +} + +// AzureResourceTag is a tag to apply to Azure resources created for the cluster. +type AzureResourceTag struct { + // key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key + // must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric + // characters and the following special characters `_ . -`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$` + // +required + Key string `json:"key"` + // value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value + // must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.=+-@]+$` + // +required + Value string `json:"value"` } // AzureCloudEnvironment is the name of the Azure cloud environment diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index 0f149c9900e..11b114c53df 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -1064,12 +1064,23 @@ var map_AzurePlatformStatus = map[string]string{ "networkResourceGroupName": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", "cloudName": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", "armEndpoint": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", + "resourceTags": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", } func (AzurePlatformStatus) SwaggerDoc() map[string]string { return map_AzurePlatformStatus } +var map_AzureResourceTag = map[string]string{ + "": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", + "key": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", + "value": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", +} + +func (AzureResourceTag) SwaggerDoc() map[string]string { + return map_AzureResourceTag +} + var map_BareMetalPlatformSpec = map[string]string{ "": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", } diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index c93457f9ce0..ba6d2118423 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -168,6 +168,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.AuthenticationStatus": schema_openshift_api_config_v1_AuthenticationStatus(ref), "github.com/openshift/api/config/v1.AzurePlatformSpec": schema_openshift_api_config_v1_AzurePlatformSpec(ref), "github.com/openshift/api/config/v1.AzurePlatformStatus": schema_openshift_api_config_v1_AzurePlatformStatus(ref), + "github.com/openshift/api/config/v1.AzureResourceTag": schema_openshift_api_config_v1_AzureResourceTag(ref), "github.com/openshift/api/config/v1.BareMetalPlatformSpec": schema_openshift_api_config_v1_BareMetalPlatformSpec(ref), "github.com/openshift/api/config/v1.BareMetalPlatformStatus": schema_openshift_api_config_v1_BareMetalPlatformStatus(ref), "github.com/openshift/api/config/v1.BasicAuthIdentityProvider": schema_openshift_api_config_v1_BasicAuthIdentityProvider(ref), @@ -8949,10 +8950,57 @@ func schema_openshift_api_config_v1_AzurePlatformStatus(ref common.ReferenceCall Format: "", }, }, + "resourceTags": { + SchemaProps: spec.SchemaProps{ + Description: "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", + Default: "Unknown", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.AzureResourceTag"), + }, + }, + }, + }, + }, }, Required: []string{"resourceGroupName"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1.AzureResourceTag"}, + } +} + +func schema_openshift_api_config_v1_AzureResourceTag(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"key", "value"}, + }, + }, } } diff --git a/openapi/openapi.json b/openapi/openapi.json index 6b537ab6a67..d30dddf06d3 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -4543,6 +4543,35 @@ "description": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", "type": "string", "default": "" + }, + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", + "type": "array", + "default": "Unknown", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AzureResourceTag" + } + } + } + }, + "com.github.openshift.api.config.v1.AzureResourceTag": { + "description": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", + "type": "object", + "required": [ + "key", + "value" + ], + "properties": { + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", + "type": "string", + "default": "" + }, + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", + "type": "string", + "default": "" } } }, From 47346e159a674317aae8b7b4d6e1528543169120 Mon Sep 17 00:00:00 2001 From: Bharath B Date: Thu, 2 Feb 2023 20:46:02 +0530 Subject: [PATCH 2/6] regenerate deepcopy --- config/v1/zz_generated.deepcopy.go | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/config/v1/zz_generated.deepcopy.go b/config/v1/zz_generated.deepcopy.go index a9babbc7f23..ac5c7d8d0b3 100644 --- a/config/v1/zz_generated.deepcopy.go +++ b/config/v1/zz_generated.deepcopy.go @@ -555,6 +555,11 @@ func (in *AzurePlatformSpec) DeepCopy() *AzurePlatformSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) { *out = *in + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]AzureResourceTag, len(*in)) + copy(*out, *in) + } return } @@ -568,6 +573,22 @@ func (in *AzurePlatformStatus) DeepCopy() *AzurePlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureResourceTag) DeepCopyInto(out *AzureResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureResourceTag. +func (in *AzureResourceTag) DeepCopy() *AzureResourceTag { + if in == nil { + return nil + } + out := new(AzureResourceTag) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BareMetalPlatformSpec) DeepCopyInto(out *BareMetalPlatformSpec) { *out = *in @@ -4114,7 +4135,7 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { if in.Azure != nil { in, out := &in.Azure, &out.Azure *out = new(AzurePlatformStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.GCP != nil { in, out := &in.GCP, &out.GCP From 7d97855d8ef0f5a038af735e1521d5d7f7d61306 Mon Sep 17 00:00:00 2001 From: Bharath B Date: Thu, 2 Feb 2023 21:13:42 +0530 Subject: [PATCH 3/6] remove required macro --- config/v1/types_infrastructure.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/v1/types_infrastructure.go b/config/v1/types_infrastructure.go index deee64c61c0..5328cbf5df1 100644 --- a/config/v1/types_infrastructure.go +++ b/config/v1/types_infrastructure.go @@ -500,7 +500,6 @@ type AzureResourceTag struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 // +kubebuilder:validation:Pattern=`^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$` - // +required Key string `json:"key"` // value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value // must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`. @@ -508,7 +507,6 @@ type AzureResourceTag struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.=+-@]+$` - // +required Value string `json:"value"` } From c5cded631bb9252711bd773dc75eae2a36de9fae Mon Sep 17 00:00:00 2001 From: Bharath B Date: Thu, 2 Feb 2023 21:31:21 +0530 Subject: [PATCH 4/6] rmeove default macro --- ...0000_10_config-operator_01_infrastructure-Default.crd.yaml | 3 +-- ...g-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml | 3 +-- config/v1/types_infrastructure.go | 4 +--- openapi/generated_openapi/zz_generated.openapi.go | 1 - openapi/openapi.json | 1 - 5 files changed, 3 insertions(+), 9 deletions(-) diff --git a/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index 0660be5846a..4629a37d7de 100644 --- a/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -535,7 +535,6 @@ spec: description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. type: string resourceTags: - default: Unknown description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. items: description: AzureResourceTag is a tag to apply to Azure resources created for the cluster. @@ -560,7 +559,7 @@ spec: type: array x-kubernetes-validations: - message: resourceTags once configured cannot be modified - rule: oldSelf == 'Unknown' || self == oldSelf + rule: self == oldSelf type: object baremetal: description: BareMetal contains settings specific to the BareMetal platform. diff --git a/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index 2055ae5241b..71e81234c79 100644 --- a/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -535,7 +535,6 @@ spec: description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. type: string resourceTags: - default: Unknown description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. items: description: AzureResourceTag is a tag to apply to Azure resources created for the cluster. @@ -560,7 +559,7 @@ spec: type: array x-kubernetes-validations: - message: resourceTags once configured cannot be modified - rule: oldSelf == 'Unknown' || self == oldSelf + rule: self == oldSelf type: object baremetal: description: BareMetal contains settings specific to the BareMetal platform. diff --git a/config/v1/types_infrastructure.go b/config/v1/types_infrastructure.go index 5328cbf5df1..a584c0f2c30 100644 --- a/config/v1/types_infrastructure.go +++ b/config/v1/types_infrastructure.go @@ -484,9 +484,7 @@ type AzurePlatformStatus struct { // Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags // may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. // +kubebuilder:validation:MaxItems=10 - // +kubebuilder:default:="Unknown" - // +default="Unknown" - // +kubebuilder:validation:XValidation:rule="oldSelf == 'Unknown' || self == oldSelf",message="resourceTags once configured cannot be modified" + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="resourceTags once configured cannot be modified" // +optional ResourceTags []AzureResourceTag `json:"resourceTags,omitempty"` } diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index ba6d2118423..9a7107d2e40 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -8953,7 +8953,6 @@ func schema_openshift_api_config_v1_AzurePlatformStatus(ref common.ReferenceCall "resourceTags": { SchemaProps: spec.SchemaProps{ Description: "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", - Default: "Unknown", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index d30dddf06d3..78a57f3ee2c 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -4547,7 +4547,6 @@ "resourceTags": { "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", "type": "array", - "default": "Unknown", "items": { "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.AzureResourceTag" From 7fe0a0acf3934525e880582a14831d8a6108736a Mon Sep 17 00:00:00 2001 From: Bharath B Date: Mon, 6 Feb 2023 15:12:34 +0530 Subject: [PATCH 5/6] add UT for checking resourceTags immutability behavior --- .../v1/stable.infrastructure.testsuite.yaml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/config/v1/stable.infrastructure.testsuite.yaml b/config/v1/stable.infrastructure.testsuite.yaml index bbafe4c4787..a892a16144c 100644 --- a/config/v1/stable.infrastructure.testsuite.yaml +++ b/config/v1/stable.infrastructure.testsuite.yaml @@ -56,3 +56,23 @@ tests: external: platformName: SomeOtherCoolplatformName expectedError: " spec.platformSpec.external.platformName: Invalid value: \"string\": platform name cannot be changed once set" + - name: Should not be able to update Azure ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: Azure + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + azure: + resourceTags: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.azure.resourceTags: resourceTags once configured cannot be modified" From e82a99f5bc64c2bf8549da559a6f37ccaf7d3af6 Mon Sep 17 00:00:00 2001 From: Bharath B Date: Mon, 6 Feb 2023 16:32:56 +0530 Subject: [PATCH 6/6] add CEL validation to restrict modifying resourceTags --- ...perator_01_infrastructure-Default.crd.yaml | 7 +- ...frastructure-TechPreviewNoUpgrade.crd.yaml | 7 +- .../v1/stable.infrastructure.testsuite.yaml | 142 +++++++++++++++++- config/v1/types_infrastructure.go | 3 +- 4 files changed, 152 insertions(+), 7 deletions(-) diff --git a/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index 4629a37d7de..03646e692a9 100644 --- a/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -558,9 +558,12 @@ spec: maxItems: 10 type: array x-kubernetes-validations: - - message: resourceTags once configured cannot be modified - rule: self == oldSelf + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' baremetal: description: BareMetal contains settings specific to the BareMetal platform. properties: diff --git a/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index 71e81234c79..f96c42eaaf7 100644 --- a/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -558,9 +558,12 @@ spec: maxItems: 10 type: array x-kubernetes-validations: - - message: resourceTags once configured cannot be modified - rule: self == oldSelf + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' baremetal: description: BareMetal contains settings specific to the BareMetal platform. properties: diff --git a/config/v1/stable.infrastructure.testsuite.yaml b/config/v1/stable.infrastructure.testsuite.yaml index a892a16144c..da2d0e6684e 100644 --- a/config/v1/stable.infrastructure.testsuite.yaml +++ b/config/v1/stable.infrastructure.testsuite.yaml @@ -56,7 +56,7 @@ tests: external: platformName: SomeOtherCoolplatformName expectedError: " spec.platformSpec.external.platformName: Invalid value: \"string\": platform name cannot be changed once set" - - name: Should not be able to update Azure ResourceTags + - name: Should not be able to modify an existing Azure ResourceTags Tag initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure @@ -65,14 +65,152 @@ tests: controlPlaneTopology: "HighlyAvailable" infrastructureTopology: "HighlyAvailable" platform: Azure + platformStatus: + type: Azure + azure: + resourceTags: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + type: Azure + azure: + resourceTags: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing Azure ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: Azure + platformStatus: + type: Azure + azure: + resourceTags: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + type: Azure + azure: + resourceTags: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing Azure ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + type: Azure + azure: + resourceTags: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: + platform: Azure + platformStatus: + type: Azure + azure: + resourceTags: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add Azure ResourceTags to an empty platformStatus.azure + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + type: Azure + azure: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + azure: + resourceTags: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove Azure ResourceTags from platformStatus.azure + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + type: Azure + azure: + resourceTags: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + type: Azure + azure: {} + expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should be able to modify the ResourceGroupName while Azure ResourceTags are present + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + type: Azure + azure: + resourceGroupName: foo + resourceTags: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: Azure + platformStatus: + azure: + resourceGroupName: bar + resourceTags: + - {key: "key", value: "value"} + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" platform: Azure platformStatus: azure: + resourceGroupName: bar resourceTags: - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.azure.resourceTags: resourceTags once configured cannot be modified" diff --git a/config/v1/types_infrastructure.go b/config/v1/types_infrastructure.go index a584c0f2c30..0e5e7996030 100644 --- a/config/v1/types_infrastructure.go +++ b/config/v1/types_infrastructure.go @@ -460,6 +460,7 @@ type AWSResourceTag struct { type AzurePlatformSpec struct{} // AzurePlatformStatus holds the current status of the Azure infrastructure provider. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" type AzurePlatformStatus struct { // resourceGroupName is the Resource Group for new Azure resources created for the cluster. ResourceGroupName string `json:"resourceGroupName"` @@ -484,7 +485,7 @@ type AzurePlatformStatus struct { // Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags // may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. // +kubebuilder:validation:MaxItems=10 - // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="resourceTags once configured cannot be modified" + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceTags are immutable and may only be configured during installation" // +optional ResourceTags []AzureResourceTag `json:"resourceTags,omitempty"` }