machineconfiguration/v1alpha1: add updates per review

Signed-off-by: Sam Batschelet <sbatsche@redhat.com>

machineconfiguration/v1/custom.machineconfigpool.testsuite.yaml

@@ -1,9 +1,18 @@
 apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
 name: "[Custom] MachineConfigPool"
-crd: 0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml
+crd: 0000_80_machine-config_01_machineconfigpools-CustomNoUpgrade.crd.yaml
 tests:
   onCreate:
   - name: Should be able to create a minimal MachineConfigPool
+    initial: |
+      apiVersion: machineconfiguration.openshift.io/v1
+      kind: MachineConfigPool
+      spec: {} # No spec is required for a MachineConfigPool
+    expected: |
+      apiVersion: machineconfiguration.openshift.io/v1
+      kind: MachineConfigPool
+      spec: {}
+  - name: Should be able to add a PinnedImageSet
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1
       kind: MachineConfigPool

machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml

@@ -1,6 +1,6 @@
 apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
 name: "[Default] MachineConfigPool"
-crd: 0000_80_machineconfigpool-Default.crd.yaml
+crd: 0000_80_machine-config_01_machineconfigpools-Default.crd.yaml
 tests:
   onCreate:
   - name: Should be able to create a minimal MachineConfigPool

machineconfiguration/v1/techpreview.machineconfigpool.testsuite.yaml

@@ -1,9 +1,18 @@
 apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
 name: "[TechPreview] MachineConfigPool"
-crd: 0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml
+crd: 0000_80_machine-config_01_machineconfigpools-TechPreviewNoUpgrade.crd.yaml
 tests:
   onCreate:
   - name: Should be able to create a minimal MachineConfigPool
+    initial: |
+      apiVersion: machineconfiguration.openshift.io/v1
+      kind: MachineConfigPool
+      spec: {} # No spec is required for a MachineConfigPool
+    expected: |
+      apiVersion: machineconfiguration.openshift.io/v1
+      kind: MachineConfigPool
+      spec: {}
+  - name: Should be able to add a PinnedImageSet
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1
       kind: MachineConfigPool

machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml

@@ -1,8 +1,8 @@
 apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
 name: "[Custom] PinnedImageSet"
-crd: 0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml
+crd: 0000_80_machine-config_01_pinnedimagesets-CustomNoUpgrade.crd.yaml
 tests:
-  onCreate:
+ onCreate:
   - name: Should be able to create a minimal PinnedImageSet
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1alpha1
@@ -35,7 +35,7 @@ tests:
       spec:
         pinnedImages:
           - name: "example.io/my-project/image-v1.0_23:latest"
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"string\": the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"
   - name: Invalid empty image
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1alpha1
@@ -45,17 +45,17 @@ tests:
       spec:
         pinnedImages:
           - name: ""
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"\": spec.pinnedImages[0].name in body should be at least 1 chars long"
   - name: Should reject a malformed SHA256 digest
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1alpha1
       kind: PinnedImageSet
       metadata:
-        name: test-pinnedimageset-bad-digest
+        name: test-pinnedimageset-bad-digest length
       spec:
         pinnedImages:
           - name: "example.io/bad-digest/image@sha256:12345"
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"string\": the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"
   - name: Should accept multiple images with different registries and namespaces
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1alpha1
@@ -84,4 +84,15 @@ tests:
       spec:
         pinnedImages:
         - name: "my-project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"string\": the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme"
+  - name: Should reject duplicate images
+    initial: |
+      apiVersion: machineconfiguration.openshift.io/v1alpha1
+      kind: PinnedImageSet
+      metadata:
+        name: test-pinnedimageset-duplicates
+      spec:
+        pinnedImages:
+        - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
+        - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
+    expectedError: "Duplicate value: map[string]interface {}{\"name\":\"docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef\"}"

machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml

@@ -1,6 +1,6 @@
 apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
 name: "[TechPreview] PinnedImageSet"
-crd: 0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml
+crd: 0000_80_machine-config_01_pinnedimagesets-TechPreviewNoUpgrade.crd.yaml
 tests:
   onCreate:
   - name: Should be able to create a minimal PinnedImageSet
@@ -35,7 +35,7 @@ tests:
       spec:
         pinnedImages:
           - name: "example.io/my-project/image-v1.0_23:latest"
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"string\": the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"
   - name: Invalid empty image
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1alpha1
@@ -45,17 +45,17 @@ tests:
       spec:
         pinnedImages:
           - name: ""
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"\": spec.pinnedImages[0].name in body should be at least 1 chars long"
   - name: Should reject a malformed SHA256 digest
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1alpha1
       kind: PinnedImageSet
       metadata:
-        name: test-pinnedimageset-bad-digest
+        name: test-pinnedimageset-bad-digest length
       spec:
         pinnedImages:
           - name: "example.io/bad-digest/image@sha256:12345"
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"string\": the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"
   - name: Should accept multiple images with different registries and namespaces
     initial: |
       apiVersion: machineconfiguration.openshift.io/v1alpha1
@@ -84,4 +84,15 @@ tests:
       spec:
         pinnedImages:
         - name: "my-project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
-    expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+    expectedError: "Invalid value: \"string\": the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme"
+  - name: Should reject duplicate images
+    initial: |
+      apiVersion: machineconfiguration.openshift.io/v1alpha1
+      kind: PinnedImageSet
+      metadata:
+        name: test-pinnedimageset-duplicates
+      spec:
+        pinnedImages:
+        - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
+        - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
+    expectedError: "Duplicate value: map[string]interface {}{\"name\":\"docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef\"}"

machineconfiguration/v1alpha1/types_pinnedimageset.go

@@ -10,7 +10,7 @@ import (
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path=pinnedimagesets,scope=Cluster
 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1713
-// +openshift:file-pattern=0000_80_pinnedimagesetMARKERS.crd.yaml
+// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01
 // +openshift:enable:FeatureGate=PinnedImages
 // +kubebuilder:metadata:labels=openshift.io/operator-managed=
 
@@ -45,7 +45,7 @@ type PinnedImageSetSpec struct {
 	// These image references should all be by digest, tags aren't allowed.
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=2000
+	// +kubebuilder:validation:MaxItems=500
 	// +listType=map
 	// +listMapKey=name
 	PinnedImages []PinnedImageRef `json:"pinnedImages"`
@@ -59,7 +59,9 @@ type PinnedImageRef struct {
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:MaxLength=447
-	// +kubebuilder:validation:XValidation:rule=`self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$')`,message="The OCI Image reference must be in the format host[:port][/namespace]/name@sha256:<digest> with a valid SHA256 digest"
+	// +kubebuilder:validation:XValidation:rule=`self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$')`,message="the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"
+	// +kubebuilder:validation:XValidation:rule=`self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme"
+
 	Name string `json:"name"`
 }