Use CEL validation

GDATASoftwareAG · Sep 13, 2023 · 19463f8 · 19463f8
1 parent 9c1bc57
commit 19463f8
Show file tree

Hide file tree

Showing 29 changed files with 383 additions and 466 deletions.
diff --git a/api/v1alpha1/ionoscloudcluster_types.go b/api/v1alpha1/ionoscloudcluster_types.go
@@ -80,20 +80,38 @@ const (
 	LoadBalancerForwardingRuleCreationFailedReason = "LoadBalancerForwardingRuleCreationFailed"
 )
 
-// +kubebuilder:validation:Enum=de/txl;de/fra
+// +kubebuilder:validation:Enum=es/vlt;fr/par;de/txl;de/fra;gb-lhr;us-ewr;us-las;
 type Location string
 
+func (r Location) String() string {
+	return string(r)
+}
+
 // IONOSCloudClusterSpec defines the desired state of IONOSCloudCluster
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.dataCenterID) || has(self.dataCenterID)", message="DataCenterID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.loadBalancerID) || has(self.loadBalancerID)", message="LoadBalancerID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.publicLanID) || has(self.publicLanID)", message="PublicLanID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.internetLanID) || has(self.internetLanID)", message="InternetLanID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.privateLanID) || has(self.privateLanID)", message="PrivateLanID is required once set"
 type IONOSCloudClusterSpec struct {
-	Location             string                `json:"location,omitempty"` // TODO: make immutable, see https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation.html
-	IdentityName         string                `json:"identityName,omitempty"`
-	ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint,omitempty"`
 
-	DataCenterID   string `json:"dataCenterID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Location is immutable"
+	Location Location `json:"location"`
+
+	// +kubebuilder:validation:MinLength=1
+	IdentityName         string                `json:"identityName"`
+	ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"`
+
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="DataCenterID is immutable"
+	DataCenterID string `json:"dataCenterID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="LoadBalancerID is immutable"
 	LoadBalancerID string `json:"loadBalancerID,omitempty"`
-	PublicLanID    *int32 `json:"publicLanID,omitempty"`
-	InternetLanID  *int32 `json:"internetLanID,omitempty"`
-	PrivateLanID   *int32 `json:"privateLanID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="PublicLanID is immutable"
+	PublicLanID *int32 `json:"publicLanID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="InternetLanID is immutable"
+	InternetLanID *int32 `json:"internetLanID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="PrivateLanID is immutable"
+	PrivateLanID *int32 `json:"privateLanID,omitempty"`
 }
 
 // IONOSCloudClusterStatus defines the observed state of IONOSCloudCluster

diff --git a/api/v1alpha1/ionoscloudcluster_webhook.go b/api/v1alpha1/ionoscloudcluster_webhook.go
diff --git a/api/v1alpha1/ionoscloudclustertemplate_types.go b/api/v1alpha1/ionoscloudclustertemplate_types.go
@@ -26,7 +26,12 @@ type IONOSCloudClusterTemplateSpec struct {
 }
 
 type IONOSCloudClusterTemplateResource struct {
-	Spec IONOSCloudClusterSpec `json:"spec"`
+	Spec IONOSCloudClusterTemplateClusterSpec `json:"spec"`
+}
+
+type IONOSCloudClusterTemplateClusterSpec struct {
+	// +kubebuilder:validation:MinLength=1
+	IdentityName string `json:"identityName"`
 }
 
 // +kubebuilder:object:root=true

diff --git a/api/v1alpha1/ionoscloudidentity_types.go b/api/v1alpha1/ionoscloudidentity_types.go
@@ -33,8 +33,9 @@ const (
 type IONOSCloudClusterIdentitySpec struct {
 	// SecretName references a Secret inside the controller namespace with the credentials to use
 	// +kubebuilder:validation:MinLength=1
-	SecretName string `json:"secretName,omitempty"`
-	HostUrl    string `json:"hostUrl"`
+	SecretName string `json:"secretName"`
+	// +kubebuilder:validation:MinLength=1
+	HostUrl string `json:"hostUrl"`
 }
 
 // IONOSCloudClusterIdentityStatus defines the observed state of IONOSCloudClusterIdentity

diff --git a/api/v1alpha1/ionoscloudmachine_types.go b/api/v1alpha1/ionoscloudmachine_types.go
@@ -28,62 +28,50 @@ const (
 	// ServerCreationFailedReason (Severity=Error) documents a controller detecting
 	// issues with the creation of the Server.
 	ServerCreationFailedReason = "ServerCreationFailed"
-
-	// VolumeCreatedCondition documents the creation of the Volume
-	VolumeCreatedCondition clusterv1.ConditionType = "VolumeCreated"
-
-	// VolumeCreationFailedReason (Severity=Error) documents a controller detecting
-	// issues with the creation of the Volume.
-	VolumeCreationFailedReason = "VolumeCreationFailed"
-
-	// NicCreatedCondition documents the creation of the Nic
-	NicCreatedCondition clusterv1.ConditionType = "NicCreated"
-
-	// NicCreationFailedReason (Severity=Error) documents a controller detecting
-	// issues with the creation of the Nic.
-	NicCreationFailedReason = "NicCreationFailed"
 )
 
 // IONOSCloudMachineSpec defines the desired state of IONOSCloudMachine
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.providerID) || has(self.providerID)", message="ProviderID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ip) || has(self.ip)", message="IP is required once set"
 type IONOSCloudMachineSpec struct {
+	// The name of the  resource.
+	Name *string `json:"name,omitempty"`
+
 	// The availability zone in which the server should be provisioned.
+	// +kubebuilder:default=AUTO
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="AvailabilityZone is immutable"
 	AvailabilityZone *string `json:"availabilityZone,omitempty"`
 	// The total number of cores for the enterprise server.
-	Cores *int32 `json:"cores,omitempty"`
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Cores is immutable"
+	Cores *int32 `json:"cores"`
 	// CPU architecture on which server gets provisioned; not all CPU architectures are available in all datacenter regions; available CPU architectures can be retrieved from the datacenter resource; must not be provided for CUBE servers.
-	CpuFamily *string `json:"cpuFamily,omitempty"`
-	// The name of the  resource.
-	Name *string `json:"name,omitempty"`
-	// The placement group ID that belongs to this server; Requires system privileges
-	PlacementGroupId *string `json:"placementGroupId,omitempty"`
-	// The memory size for the enterprise server in MB, such as 2048. Size must be specified in multiples of 256 MB with a minimum of 256 MB; however, if you set ramHotPlug to TRUE then you must use a minimum of 1024 MB. If you set the RAM size more than 240GB, then ramHotPlug will be set to FALSE and can not be set to TRUE unless RAM size not set to less than 240GB.
-	Ram *int32 `json:"ram,omitempty"`
-
-	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="CpuFamily is immutable"
+	CpuFamily *string `json:"cpuFamily"`
+	// The memory size for the enterprise server in MB, such as 2048.
+	// +kubebuilder:validation:Minimum=256
+	// +kubebuilder:validation:MultipleOf=256
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Ram is immutable"
+	Ram        *int32          `json:"ram"`
 	BootVolume IONOSVolumeSpec `json:"bootVolume"`
 
-	// primary ip of the virtual machine.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="IP is immutable"
 	IP *string `json:"ip,omitempty"`
-
-	ProviderID         string `json:"providerID,omitempty"`
-	NetworkInterfaceID string `json:"networkInterfaceID,omitempty"`
-	VolumeID           string `json:"volumeID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ProviderID is immutable"
+	ProviderID string `json:"providerID,omitempty"`
 }
 
-//func (s *IONOSCloudMachineSpec) UnprefixedProviderId() string {
-//	if strings.HasPrefix(s.ProviderID, "ionos://") {
-//		return s.ProviderID[8:]
-//	} else {
-//		return s.ProviderID
-//	}
-//}
-
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.sshKeys) || has(self.sshKeys)", message="SSHKeys is required once set"
 type IONOSVolumeSpec struct {
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Type is immutable"
 	Type string `json:"type"`
-	// +kubebuilder:validation:Required
-	Size  string `json:"size"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Size is immutable"
+	Size string `json:"size"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Image is immutable"
 	Image string `json:"image"`
 	// Public SSH keys are set on the image as authorized keys for appropriate SSH login to the instance using the corresponding private key. This field may only be set in creation requests. When reading, it always returns null. SSH keys are only supported if a public Linux image is used for the volume creation.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="SSHKeys is immutable"
 	SSHKeys *[]string `json:"sshKeys,omitempty"`
 }
 

diff --git a/api/v1alpha1/ionoscloudmachine_webhook.go b/api/v1alpha1/ionoscloudmachine_webhook.go