WIP: ⚠️ updates from api audit #1404
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
✅ Deploy Preview for olmv1 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1404 +/- ##
=======================================
Coverage 73.31% 73.31%
=======================================
Files 42 42
Lines 3166 3166
=======================================
Hits 2321 2321
Misses 659 659
Partials 186 186
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
| @@ -496,6 +507,7 @@ type ClusterExtensionStatus struct { | |||
| // +patchStrategy=merge | |||
| // +listType=map | |||
| // +listMapKey=type | |||
| // +kubebuilder:validation:Required | |||
There was a problem hiding this comment.
This should be optional?
There was a problem hiding this comment.
Yes. A copy/paste error.
| required: | ||
| - conditions |
There was a problem hiding this comment.
I would have expected no diff in our generated CRD by only adding the required tags to the already required fields
There was a problem hiding this comment.
Ditto! And yet ...
It's even more apparently-empty in the generated docs!
There was a problem hiding this comment.
I left another comment that I think the conditions should be optional. We include omitempty in the JSON tag. If it should be required then this change is fine.
grokspawn
force-pushed
the
api-audit-updates
branch
from
b7e2f01
to
ae86221
Compare
| @@ -258,7 +264,7 @@ type CatalogSource struct { | |||
| // For more information on semver, please see https://semver.org/ | |||
| // | |||
| //+kubebuilder:validation:MaxLength:=64 | |||
| //+kubebuilder:validation:Pattern=`^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$` | |||
| //+kubebuilder:validation.XValidation:rule="self.matches(r'^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$')"", message="invalid version expression in the catalog source" | |||
There was a problem hiding this comment.
Is the error message correct here?
There was a problem hiding this comment.
We don't need to say "in the catalog source" because the error emitted by the validator includes the parent path leading up to this field.
| //+kubebuilder:validation.XValidation:rule="self.matches(r'^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$')"", message="invalid version expression in the catalog source" | |
| //+kubebuilder:validation.XValidation:rule="self.matches(r'^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$')"", message="invalid version expression" |
There was a problem hiding this comment.
The error message here definitely seems a bit vague to me. Could we update the message to also include some helpful information for crafting a valid version expression?
Signed-off-by: Jordan Keister <jordan@nimblewidget.com>
grokspawn
force-pushed
the
api-audit-updates
branch
from
ae86221
to
7a14b4d
Compare
| @@ -80,14 +82,15 @@ const SourceTypeCatalog = "Catalog" | |||
| type SourceConfig struct { | |||
There was a problem hiding this comment.
I believe we need to update the CEL validation here to match the changes in https://github.com/operator-framework/catalogd/pull/443/files#diff-d446855f2187e6d61c4719c3202fcb21e4aea9b09e09f9e1d01419f341d8fc9fR233
It looks like Joel had requested this as well: https://github.com/openshift/api/pull/2067/files#r1812412946
| // | ||
| // When this field is set to "Catalog", information for determining the appropriate | ||
| // bundle of content to install will be fetched from ClusterCatalog resources existing | ||
| // on the cluster. When using the Catalog sourceType, the catalog field must also be set. | ||
| // | ||
| // +unionDiscriminator | ||
| // +kubebuilder:validation:Enum:="Catalog" | ||
| // +kubebuilder:validation:Required | ||
| SourceType string `json:"sourceType"` | ||
|
|
||
| // catalog is used to configure how information is sourced from a catalog. This field must be defined when sourceType is set to "Catalog", |
There was a problem hiding this comment.
Should probably update this to reflect any updates we make to the CEL validation following my comment on this structs validations
| @@ -130,6 +133,7 @@ type ClusterExtensionInstallConfig struct { | |||
| //+kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ | |||
| //+kubebuilder:validation:MaxLength:=63 | |||
| //+kubebuilder:validation:XValidation:rule="self == oldSelf",message="namespace is immutable" | |||
| //+kubebuilder:validation:Required | |||
| Namespace string `json:"namespace"` | |||
There was a problem hiding this comment.
There were a few comments from Joel related to the GoDoc for this field that I don't see reflected here. Did we decide against accepting those suggestions or making adjustments to clarify some of the questions asked?
Ref:
| @@ -130,6 +133,7 @@ type ClusterExtensionInstallConfig struct { | |||
| //+kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ | |||
There was a problem hiding this comment.
Should we use CEL here instead of pattern validation?
| @@ -69,6 +70,7 @@ type ClusterExtensionSpec struct { | |||
| // namespace: example-namespace | |||
| // serviceAccount: | |||
| // name: example-sa | |||
| // +kubebuilder:validation:Required | |||
There was a problem hiding this comment.
Add an extra new line above the Required comment marker?
| // This field is required when the spec.install.preflight.crdUpgradeSafety field is | ||
| // specified. |
There was a problem hiding this comment.
I think I saw a comment from Joel about not needing the conditional statement here. We can just say "enforcement is required" unconditionally (it is implicit that it being required is conditional on the parent struct being specified).
| @@ -258,14 +264,14 @@ type CatalogSource struct { | |||
| // For more information on semver, please see https://semver.org/ | |||
| // | |||
| //+kubebuilder:validation:MaxLength:=64 | |||
| //+kubebuilder:validation:Pattern=`^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$` | |||
| //+kubebuilder:validation.XValidation:rule="self.matches(r'^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$')"", message="invalid version expression in the catalog source" | |||
There was a problem hiding this comment.
| //+kubebuilder:validation.XValidation:rule="self.matches(r'^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$')"", message="invalid version expression in the catalog source" | |
| //+kubebuilder:validation:XValidation:rule="self.matches(r'^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$')"", message="invalid version expression in the catalog source" |
| @@ -140,6 +144,7 @@ type ClusterExtensionInstallConfig struct { | |||
| // the ServiceAccount provided via this field should be configured with the | |||
| // appropriate permissions to perform the necessary operations on all the | |||
| // resources that are included in the bundle of content being applied. | |||
| //+kubebuilder:validation:Required | |||
| ServiceAccount ServiceAccountReference `json:"serviceAccount"` | |||
|
|
|||
| // preflight is an optional field that can be used to configure the preflight checks run before installation or upgrade of the content for the package specified in the packageName field. | |||
There was a problem hiding this comment.
Do we need to be more descriptive about what the default preflight checks are?
Context: https://github.com/openshift/api/pull/2067/files#r1812435988
| @@ -181,6 +186,7 @@ type CatalogSource struct { | |||
| //+kubebuilder:validation:MaxLength:=253 | |||
| //+kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ | |||
| //+kubebuilder:validation:XValidation:rule="self == oldSelf",message="packageName is immutable" | |||
| //+kubebuilder:validation:Required | |||
| PackageName string `json:"packageName"` | |||
There was a problem hiding this comment.
Similar question regarding Joel having comments on the GoDoc for this field - are we intentionally not changing the GoDoc?
| func shouldSkipPreflight(preflight Preflight, ctx context.Context, ext *ocv1alpha1.ClusterExtension, state string) bool { | ||
| l := log.FromContext(ctx) | ||
| if ext.Spec.Install.Preflight != nil && ext.Spec.Install.Preflight.CRDUpgradeSafety != nil { | ||
| if _, ok := preflight.(*crdupgradesafety.Preflight); ok { |
There was a problem hiding this comment.
Maybe move this line out to the calling function, probably a more appropriate place for it, and might solve the linter concern around nested blocks.
| @@ -181,6 +186,7 @@ type CatalogSource struct { | |||
| //+kubebuilder:validation:MaxLength:=253 | |||
| //+kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ | |||
There was a problem hiding this comment.
Should this also be CEL validation?
Description
Reviewer Checklist