Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use CEL to enforce immutable featureset #1839

Merged
merged 1 commit into from
Mar 30, 2024
Merged

use CEL to enforce immutable featureset #1839

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
80 changes: 80 additions & 0 deletions config/v1/tests/featuregates.config.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,83 @@ tests:
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec: {}
- name: Can create TechPreview
initial: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: TechPreviewNoUpgrade
expected: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: TechPreviewNoUpgrade
onUpdate:
- name: Default to TechPreview
initial: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: ""
updated: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: TechPreviewNoUpgrade
expected: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: TechPreviewNoUpgrade
- name: TechPreview to Default
initial: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: TechPreviewNoUpgrade
updated: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: ""
expectedError: "TechPreviewNoUpgrade may not be changed"
- name: TechPreview to Custom
initial: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: TechPreviewNoUpgrade
updated: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: CustomNoUpgrade
expectedError: "TechPreviewNoUpgrade may not be changed"
- name: Default to Custom
initial: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: ""
updated: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: CustomNoUpgrade
expected: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: CustomNoUpgrade
- name: Custom to Default
initial: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: CustomNoUpgrade
updated: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec:
featureSet: ""
expectedError: "CustomNoUpgrade may not be changed"
2 changes: 2 additions & 0 deletions config/v1/types_feature.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ type FeatureGateSelection struct {
// Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
// +unionDiscriminator
// +optional
// +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed"
// +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed"
FeatureSet FeatureSet `json:"featureSet,omitempty"`

// customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
Expand Down
7 changes: 7 additions & 0 deletions config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_featuregates.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,13 @@ spec:
on or off features may cause irreversible changes in your cluster
which cannot be undone.
type: string
x-kubernetes-validations:
- message: CustomNoUpgrade may not be changed
rule: 'oldSelf == ''CustomNoUpgrade'' ? self == ''CustomNoUpgrade''
: true'
- message: TechPreviewNoUpgrade may not be changed
rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade''
: true'
type: object
status:
description: status holds observed values from the cluster. They may not
Expand Down
7 changes: 7 additions & 0 deletions ...zz_generated.featuregated-crd-manifests/featuregates.config.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,13 @@ spec:
on or off features may cause irreversible changes in your cluster
which cannot be undone.
type: string
x-kubernetes-validations:
- message: CustomNoUpgrade may not be changed
rule: 'oldSelf == ''CustomNoUpgrade'' ? self == ''CustomNoUpgrade''
: true'
- message: TechPreviewNoUpgrade may not be changed
rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade''
: true'
type: object
status:
description: status holds observed values from the cluster. They may not
Expand Down
7 changes: 7 additions & 0 deletions payload-manifests/crds/0000_10_config-operator_01_featuregates.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,13 @@ spec:
on or off features may cause irreversible changes in your cluster
which cannot be undone.
type: string
x-kubernetes-validations:
- message: CustomNoUpgrade may not be changed
rule: 'oldSelf == ''CustomNoUpgrade'' ? self == ''CustomNoUpgrade''
: true'
- message: TechPreviewNoUpgrade may not be changed
rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade''
: true'
type: object
status:
description: status holds observed values from the cluster. They may not
Expand Down