From b45ae24d2ed875bd2b15a832c2669240f0b301ab Mon Sep 17 00:00:00 2001 From: Sachin Maurya <57769917+slayer321@users.noreply.github.com> Date: Tue, 31 Oct 2023 07:12:06 +0530 Subject: [PATCH] feat: CEL Validation in BackendTrafficPolicy (#2110) * feat: CEL Validation in BackendTrafficPolicy Signed-off-by: slayer321 * leastRequest with consistentHash nil test Signed-off-by: slayer321 --------- Signed-off-by: slayer321 --- api/v1alpha1/loadbalancer_types.go | 2 + ....envoyproxy.io_backendtrafficpolicies.yaml | 5 ++ .../backendtrafficpolicy_test.go | 59 +++++++++++++++++++ 3 files changed, 66 insertions(+) diff --git a/api/v1alpha1/loadbalancer_types.go b/api/v1alpha1/loadbalancer_types.go index d512b6902c7..b4e36a342a5 100644 --- a/api/v1alpha1/loadbalancer_types.go +++ b/api/v1alpha1/loadbalancer_types.go @@ -7,6 +7,8 @@ package v1alpha1 // LoadBalancer defines the load balancer policy to be applied. // +union +// +// +kubebuilder:validation:XValidation:rule="self.type == 'ConsistentHash' ? has(self.consistentHash) : !has(self.consistentHash)",message="If LoadBalancer type is consistentHash, consistentHash field needs to be set." type LoadBalancer struct { // Type decides the type of Load Balancer policy. // Valid RateLimitType values are diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index be8c6c3d760..3d1edb778cc 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -74,6 +74,11 @@ spec: required: - type type: object + x-kubernetes-validations: + - message: If LoadBalancer type is consistentHash, consistentHash + field needs to be set. + rule: 'self.type == ''ConsistentHash'' ? has(self.consistentHash) + : !has(self.consistentHash)' rateLimit: description: RateLimit allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic diff --git a/test/cel-validation/backendtrafficpolicy_test.go b/test/cel-validation/backendtrafficpolicy_test.go index b49870c0dc7..673efd308b8 100644 --- a/test/cel-validation/backendtrafficpolicy_test.go +++ b/test/cel-validation/backendtrafficpolicy_test.go @@ -151,6 +151,65 @@ func TestBackendTrafficPolicyTarget(t *testing.T) { "spec.targetRef: Invalid value: \"object\": this policy does not yet support the sectionName field", }, }, + { + desc: "consistentHash field not nil when type is consistentHash", + mutate: func(btp *egv1a1.BackendTrafficPolicy) { + btp.Spec = egv1a1.BackendTrafficPolicySpec{ + TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gwapiv1a2.PolicyTargetReference{ + Group: gwapiv1a2.Group("gateway.networking.k8s.io"), + Kind: gwapiv1a2.Kind("Gateway"), + Name: gwapiv1a2.ObjectName("eg"), + }, + }, + LoadBalancer: &egv1a1.LoadBalancer{ + Type: egv1a1.ConsistentHashLoadBalancerType, + ConsistentHash: &egv1a1.ConsistentHash{ + Type: "SourceIP", + }, + }, + } + }, + wantErrors: []string{}, + }, + { + desc: "consistentHash field nil when type is consistentHash", + mutate: func(btp *egv1a1.BackendTrafficPolicy) { + btp.Spec = egv1a1.BackendTrafficPolicySpec{ + TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gwapiv1a2.PolicyTargetReference{ + Group: gwapiv1a2.Group("gateway.networking.k8s.io"), + Kind: gwapiv1a2.Kind("Gateway"), + Name: gwapiv1a2.ObjectName("eg"), + }, + }, + LoadBalancer: &egv1a1.LoadBalancer{ + Type: egv1a1.ConsistentHashLoadBalancerType, + }, + } + }, + wantErrors: []string{ + "spec.loadBalancer: Invalid value: \"object\": If LoadBalancer type is consistentHash, consistentHash field needs to be set", + }, + }, + { + desc: "leastRequest with ConsistentHash nil", + mutate: func(btp *egv1a1.BackendTrafficPolicy) { + btp.Spec = egv1a1.BackendTrafficPolicySpec{ + TargetRef: gwapiv1a2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gwapiv1a2.PolicyTargetReference{ + Group: gwapiv1a2.Group("gateway.networking.k8s.io"), + Kind: gwapiv1a2.Kind("Gateway"), + Name: gwapiv1a2.ObjectName("eg"), + }, + }, + LoadBalancer: &egv1a1.LoadBalancer{ + Type: egv1a1.LeastRequestLoadBalancerType, + }, + } + }, + wantErrors: []string{}, + }, } for _, tc := range cases {