Skip to content

test(admission): add CRD validation integration test#3877

Merged
robobario merged 1 commit into
kroxylicious:epic/admission-web-hookfrom
robobario:admission-crd-validation-tests
May 6, 2026
Merged

test(admission): add CRD validation integration test#3877
robobario merged 1 commit into
kroxylicious:epic/admission-web-hookfrom
robobario:admission-crd-validation-tests

Conversation

@robobario
Copy link
Copy Markdown
Member

@robobario robobario commented May 5, 2026
edited
Loading

Type of change

  • Enhancement / new feature

Description

Adds CustomResourceValidationIT following the same pattern as the operator's validation test. The test validates KroxyliciousSidecarConfig CRD schema enforcement by applying YAML scenarios against a live Kubernetes cluster.

Test coverage:

  • Required fields (spec.targetBootstrapServers)
  • Pattern validations (metadata.name, filterDefinitions, plugins)
  • Numeric constraints (port ranges, nodeIdRange minimums)
  • Enum validations (pullPolicy)
  • Length constraints (maxLength on names)
  • Status subresource schema (Kubernetes condition structure)

Infrastructure:

  • AdmissionTestUtils: Kubernetes client utilities
  • TestFiles: YAML scenario file discovery (duplicated from operator)

Test uses direct Fabric8 client calls (serverSideApply) rather than JOSDK, consistent with existing admission module patterns.

Also fixes CRD schema issues:

  • Anchors filter name pattern to prevent partial matches
  • Adds missing "status" to required fields in conditions

Assisted-by: Claude Sonnet 4.5 noreply@anthropic.com

Contributes towards #3890

Checklist

Please go through this checklist and make sure all applicable tasks have been done

  • PR raised from a fork of this repository and made from a branch rather than main.
  • Write tests
  • Update documentation
  • Make sure all unit/integration tests pass
  • Make sure all Sonarcloud warnings are addressed or are justifiably ignored.
  • If applicable to the change, make sure system tests pass.
  • If applicable to the change, trigger the performance test suite. Ensure that any degradations to performance numbers are understood and justified.
  • Ensure the PR references relevant issue(s) so they are closed on merging.
  • For user facing changes, update CHANGELOG.md (remember to include changes affecting the API of the test artefacts too).
  • If AI tools assisted with code changes, ensure commit messages include Assisted-by: trailer (see DEV_GUIDE.md).

NOTE: You must be a member of @kroxylicious/developers to trigger the system test and performance test suites. If you are not part of this group, comment on the PR requesting a trigger, tagging @kroxylicious/developers.

@robobario robobario requested a review from a team as a code owner May 5, 2026 02:17
@robobario robobario added test Relates to testing kube/webhook related to kubernetes webhooks labels May 5, 2026
robobario
robobario commented May 5, 2026
View reviewed changes
Comment thread ...rc/main/resources/META-INF/fabric8/kroxylicioussidecarconfigs.sidecar.kroxylicious.io-v1.yml
@@ -125,7 +125,7 @@ spec:
name:
description: A unique name for this filter instance.
type: string
pattern: "[a-z0-9A-Z]([a-z0-9A-Z_.\\-]{0,251}[a-z0-9A-Z])?"
pattern: "^[a-z0-9A-Z]([a-z0-9A-Z_.\\-]{0,251}[a-z0-9A-Z])?$"
Copy link
Copy Markdown
Member Author

@robobario robobario May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tests showed up that the pattern matched names like -starts-with-hyphen

Copy link
Copy Markdown
Member

@tombentley tombentley May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch.

@robobario robobario force-pushed the admission-crd-validation-tests branch from f6a260e to bde3740 Compare May 6, 2026 03:28
tombentley
tombentley reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tombentley tombentley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but I had one question.

Comment thread ...rc/main/resources/META-INF/fabric8/kroxylicioussidecarconfigs.sidecar.kroxylicious.io-v1.yml Outdated
@robobario
test(admission): add CRD validation integration test
877b9da 
Adds CustomResourceValidationIT following the same pattern as the
operator's validation test. The test validates KroxyliciousSidecarConfig
CRD schema enforcement by applying YAML scenarios against a live
Kubernetes cluster.

Test coverage:
- Required fields (spec.targetBootstrapServers)
- Pattern validations (metadata.name, filterDefinitions, plugins)
- Numeric constraints (port ranges, nodeIdRange minimums)
- Enum validations (pullPolicy)
- Length constraints (maxLength on names)
- Status subresource schema (Kubernetes condition structure)

Infrastructure:
- AdmissionTestUtils: Kubernetes client utilities
- TestFiles: YAML scenario file discovery (duplicated from operator)

Test uses direct Fabric8 client calls (serverSideApply) rather than
JOSDK, consistent with existing admission module patterns.

Also fixes CRD schema issues:
- Anchors filter name pattern to prevent partial matches

Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Robert Young <robertyoungnz@gmail.com>
@robobario robobario force-pushed the admission-crd-validation-tests branch from bde3740 to 877b9da Compare May 6, 2026 04:42
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 6, 2026

Quality Gate Passed Quality Gate passed for 'Proxy Runtime'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 6, 2026

Quality Gate Passed Quality Gate passed for 'Kroxylicious Operator'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

tombentley
tombentley approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tombentley tombentley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @robobario

@robobario robobario merged commit 0783f0d into kroxylicious:epic/admission-web-hook May 6, 2026
30 checks passed
tombentley pushed a commit that referenced this pull request May 8, 2026
@robobario @tombentley
test(admission): add CRD validation integration test (#3877)
360a2af 
Adds CustomResourceValidationIT following the same pattern as the
operator's validation test. The test validates KroxyliciousSidecarConfig
CRD schema enforcement by applying YAML scenarios against a live
Kubernetes cluster.

Test coverage:
- Required fields (spec.targetBootstrapServers)
- Pattern validations (metadata.name, filterDefinitions, plugins)
- Numeric constraints (port ranges, nodeIdRange minimums)
- Enum validations (pullPolicy)
- Length constraints (maxLength on names)
- Status subresource schema (Kubernetes condition structure)

Infrastructure:
- AdmissionTestUtils: Kubernetes client utilities
- TestFiles: YAML scenario file discovery (duplicated from operator)

Test uses direct Fabric8 client calls (serverSideApply) rather than
JOSDK, consistent with existing admission module patterns.

Also fixes CRD schema issues:
- Anchors filter name pattern to prevent partial matches

Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Signed-off-by: Robert Young <robertyoungnz@gmail.com>
robobario added a commit that referenced this pull request May 11, 2026
@robobario
test(admission): add CRD validation integration test (#3877)
7282a96 
Adds CustomResourceValidationIT following the same pattern as the
operator's validation test. The test validates KroxyliciousSidecarConfig
CRD schema enforcement by applying YAML scenarios against a live
Kubernetes cluster.

Test coverage:
- Required fields (spec.targetBootstrapServers)
- Pattern validations (metadata.name, filterDefinitions, plugins)
- Numeric constraints (port ranges, nodeIdRange minimums)
- Enum validations (pullPolicy)
- Length constraints (maxLength on names)
- Status subresource schema (Kubernetes condition structure)

Infrastructure:
- AdmissionTestUtils: Kubernetes client utilities
- TestFiles: YAML scenario file discovery (duplicated from operator)

Test uses direct Fabric8 client calls (serverSideApply) rather than
JOSDK, consistent with existing admission module patterns.

Also fixes CRD schema issues:
- Anchors filter name pattern to prevent partial matches

Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Signed-off-by: Robert Young <robertyoungnz@gmail.com>
robobario added a commit that referenced this pull request May 11, 2026
@robobario
test(admission): add CRD validation integration test (#3877)
ef790f3 
Adds CustomResourceValidationIT following the same pattern as the
operator's validation test. The test validates KroxyliciousSidecarConfig
CRD schema enforcement by applying YAML scenarios against a live
Kubernetes cluster.

Test coverage:
- Required fields (spec.targetBootstrapServers)
- Pattern validations (metadata.name, filterDefinitions, plugins)
- Numeric constraints (port ranges, nodeIdRange minimums)
- Enum validations (pullPolicy)
- Length constraints (maxLength on names)
- Status subresource schema (Kubernetes condition structure)

Infrastructure:
- AdmissionTestUtils: Kubernetes client utilities
- TestFiles: YAML scenario file discovery (duplicated from operator)

Test uses direct Fabric8 client calls (serverSideApply) rather than
JOSDK, consistent with existing admission module patterns.

Also fixes CRD schema issues:
- Anchors filter name pattern to prevent partial matches

Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Signed-off-by: Robert Young <robertyoungnz@gmail.com>
robobario added a commit that referenced this pull request May 11, 2026
@robobario
test(admission): add CRD validation integration test (#3877)
293d501 
Adds CustomResourceValidationIT following the same pattern as the
operator's validation test. The test validates KroxyliciousSidecarConfig
CRD schema enforcement by applying YAML scenarios against a live
Kubernetes cluster.

Test coverage:
- Required fields (spec.targetBootstrapServers)
- Pattern validations (metadata.name, filterDefinitions, plugins)
- Numeric constraints (port ranges, nodeIdRange minimums)
- Enum validations (pullPolicy)
- Length constraints (maxLength on names)
- Status subresource schema (Kubernetes condition structure)

Infrastructure:
- AdmissionTestUtils: Kubernetes client utilities
- TestFiles: YAML scenario file discovery (duplicated from operator)

Test uses direct Fabric8 client calls (serverSideApply) rather than
JOSDK, consistent with existing admission module patterns.

Also fixes CRD schema issues:
- Anchors filter name pattern to prevent partial matches

Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Signed-off-by: Robert Young <robertyoungnz@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tombentley tombentley tombentley approved these changes

Assignees

No one assigned

Labels

kube/webhook related to kubernetes webhooks test Relates to testing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@robobario @tombentley