Skip to content

LOG-5748: Include additional API declarative validations #2606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 8, 2024
Merged

LOG-5748: Include additional API declarative validations #2606

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions api/observability/v1/clusterlogforwarder_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ type PipelineSpec struct {
// Name of the pipeline
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern:="^[a-z][a-z0-9-]{2,62}[a-z0-9]$"
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Name",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:text"}
Name string `json:"name"`

Expand All @@ -140,11 +141,13 @@ type PipelineSpec struct {
// `audit` selects node logs related to security audits.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems:=1
InputRefs []string `json:"inputRefs"`

// OutputRefs lists the names (`output.name`) of outputs from this pipeline.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems:=1
OutputRefs []string `json:"outputRefs"`

// Filters lists the names of filters to be applied to records going through this pipeline.
Expand Down Expand Up @@ -198,6 +201,7 @@ type SecretKey struct {

// BearerToken allows configuring the source of a bearer token used for authentication.
// The token can either be read from a secret or from a Kubernetes ServiceAccount.
// +kubebuilder:validation:XValidation:rule="self.from == 'secret' && has(self.secret)", message="Additional secret spec is required when bearer token is sourced from a secret"
type BearerToken struct {

// From is the source from where to find the token
Expand Down
5 changes: 5 additions & 0 deletions api/observability/v1/filter_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,15 @@ var (
)

// FilterSpec defines a filter for log messages.
// +kubebuilder:validation:XValidation:rule="self.type != 'kubeAPIAudit' || has(self.kubeAPIAudit)", message="Additional type specific spec is required for the filter type"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Maybe make sense to add filter type name to the validation message to be more clear

// +kubebuilder:validation:XValidation:rule="self.type != 'drop' || has(self.drop)", message="Additional type specific spec is required for the filter type"
// +kubebuilder:validation:XValidation:rule="self.type != 'prune' || has(self.prune)", message="Additional type specific spec is required for the filter type"
// +kubebuilder:validation:XValidation:rule="self.type != 'openShiftLabels' || has(self.openShiftLabels)", message="Additional type specific spec is required for the filter type"
type FilterSpec struct {
// Name used to refer to the filter from a `pipeline`.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern:="^[a-z][a-z0-9-]{2,62}[a-z0-9]$"
Name string `json:"name"`

// Type of filter.
Expand Down
5 changes: 5 additions & 0 deletions api/observability/v1/input_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,15 @@ var (
)

// InputSpec defines a selector of log messages for a given log type.
// +kubebuilder:validation:XValidation:rule="self.type != 'application' || has(self.application)", message="Additional type specific spec is required for the input type"
// +kubebuilder:validation:XValidation:rule="self.type != 'infrastructure' || has(self.infrastructure)", message="Additional type specific spec is required for the input type"
// +kubebuilder:validation:XValidation:rule="self.type != 'audit' || has(self.audit)", message="Additional type specific spec is required for the input type"
// +kubebuilder:validation:XValidation:rule="self.type != 'receiver' || has(self.receiver)", message="Additional type specific spec is required for the input type"
type InputSpec struct {
// Name used to refer to the input of a `pipeline`.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern:="^[a-z][a-z0-9-]{2,62}[a-z0-9]$"
Name string `json:"name"`

// Type of output sink.
Expand Down
15 changes: 14 additions & 1 deletion api/observability/v1/output_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ const (
OutputTypeKafka OutputType = "kafka"
OutputTypeLoki OutputType = "loki"
OutputTypeLokiStack OutputType = "lokiStack"
OutputTypeOTLP OutputType = "otlp"
OutputTypeSplunk OutputType = "splunk"
OutputTypeSyslog OutputType = "syslog"
OutputTypeOTLP OutputType = "otlp"
)

var (
Expand All @@ -59,10 +59,22 @@ var (
)

// OutputSpec defines a destination for log messages.
// +kubebuilder:validation:XValidation:rule="self.type != 'azureMonitor' || has(self.azureMonitor)", message="Additional type specific spec is required for the output type"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Maybe make sense to add output type name to the validation message to be more clear

// +kubebuilder:validation:XValidation:rule="self.type != 'cloudwatch' || has(self.cloudwatch)", message="Additional type specific spec is required for the output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'elasticsearch' || has(self.elasticsearch)", message="Additional type specific spec is required for the output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'googleCloudLogging' || has(self.googleCloudLogging)", message="Additional type specific spec is required for the output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'http' || has(self.http)", message="Additional type specific spec is required for the output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'kafka' || has(self.kafka)", message="Additional type specific spec is required for the output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'loki' || has(self.loki)", message="Additional type specific spec is required for the output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'lokiStack' || has(self.lokiStack)", message="Additional type specific spec is required for the output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'splunk' || has(self.splunk)", message="Additional type specific spec is required the for output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'syslog' || has(self.syslog)", message="Additional type specific spec is required the for output type"
// +kubebuilder:validation:XValidation:rule="self.type != 'otlp' || has(self.otlp)", message="Additional type specific spec is required the for output type"
type OutputSpec struct {
// Name used to refer to the output from a `pipeline`.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern:="^[a-z][a-z0-9-]{2,62}[a-z0-9]$"
Name string `json:"name"`

// Type of output sink.
Expand Down Expand Up @@ -600,6 +612,7 @@ type LokiStackTarget struct {
// Name of the in-cluster LokiStack resource.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern:="^[a-z][a-z0-9-]{2,62}[a-z0-9]$"
Name string `json:"name"`
}

Expand Down
91 changes: 91 additions & 0 deletions bundle/manifests/observability.openshift.io_clusterlogforwarders.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,7 @@ spec:
type: object
name:
description: Name used to refer to the filter from a `pipeline`.
pattern: ^[a-z][a-z0-9-]{2,62}[a-z0-9]$
type: string
openShiftLabels:
additionalProperties:
Expand Down Expand Up @@ -432,6 +433,19 @@ spec:
- name
- type
type: object
x-kubernetes-validations:
- message: Additional type specific spec is required for the filter
type
rule: self.type != 'kubeAPIAudit' || has(self.kubeAPIAudit)
- message: Additional type specific spec is required for the filter
type
rule: self.type != 'drop' || has(self.drop)
- message: Additional type specific spec is required for the filter
type
rule: self.type != 'prune' || has(self.prune)
- message: Additional type specific spec is required for the filter
type
rule: self.type != 'openShiftLabels' || has(self.openShiftLabels)
type: array
x-kubernetes-list-map-keys:
- name
Expand Down Expand Up @@ -593,6 +607,7 @@ spec:
type: object
name:
description: Name used to refer to the input of a `pipeline`.
pattern: ^[a-z][a-z0-9-]{2,62}[a-z0-9]$
type: string
receiver:
description: Receiver to receive logs from non-cluster sources.
Expand Down Expand Up @@ -767,6 +782,19 @@ spec:
- name
- type
type: object
x-kubernetes-validations:
- message: Additional type specific spec is required for the input
type
rule: self.type != 'application' || has(self.application)
- message: Additional type specific spec is required for the input
type
rule: self.type != 'infrastructure' || has(self.infrastructure)
- message: Additional type specific spec is required for the input
type
rule: self.type != 'audit' || has(self.audit)
- message: Additional type specific spec is required for the input
type
rule: self.type != 'receiver' || has(self.receiver)
type: array
x-kubernetes-list-map-keys:
- name
Expand Down Expand Up @@ -999,6 +1027,10 @@ spec:
required:
- from
type: object
x-kubernetes-validations:
- message: Additional secret spec is required when
bearer token is sourced from a secret
rule: self.from == 'secret' && has(self.secret)
required:
- roleARN
type: object
Expand Down Expand Up @@ -1132,6 +1164,10 @@ spec:
required:
- from
type: object
x-kubernetes-validations:
- message: Additional secret spec is required when bearer
token is sourced from a secret
rule: self.from == 'secret' && has(self.secret)
username:
description: Username to use for authenticating requests.
nullable: true
Expand Down Expand Up @@ -1381,6 +1417,10 @@ spec:
required:
- from
type: object
x-kubernetes-validations:
- message: Additional secret spec is required when bearer
token is sourced from a secret
rule: self.from == 'secret' && has(self.secret)
username:
description: Username to use for authenticating requests.
nullable: true
Expand Down Expand Up @@ -1673,6 +1713,10 @@ spec:
required:
- from
type: object
x-kubernetes-validations:
- message: Additional secret spec is required when bearer
token is sourced from a secret
rule: self.from == 'secret' && has(self.secret)
username:
description: Username to use for authenticating requests.
nullable: true
Expand Down Expand Up @@ -1818,6 +1862,10 @@ spec:
required:
- from
type: object
x-kubernetes-validations:
- message: Additional secret spec is required when bearer
token is sourced from a secret
rule: self.from == 'secret' && has(self.secret)
required:
- token
type: object
Expand Down Expand Up @@ -1847,6 +1895,7 @@ spec:
properties:
name:
description: Name of the in-cluster LokiStack resource.
pattern: ^[a-z][a-z0-9-]{2,62}[a-z0-9]$
type: string
namespace:
description: Namespace of the in-cluster LokiStack resource.
Expand Down Expand Up @@ -1898,6 +1947,7 @@ spec:
type: object
name:
description: Name used to refer to the output from a `pipeline`.
pattern: ^[a-z][a-z0-9-]{2,62}[a-z0-9]$
type: string
otlp:
description: OTLP defines configuration for sending logs via
Expand Down Expand Up @@ -1961,6 +2011,10 @@ spec:
required:
- from
type: object
x-kubernetes-validations:
- message: Additional secret spec is required when bearer
token is sourced from a secret
rule: self.from == 'secret' && has(self.secret)
username:
description: Username to use for authenticating requests.
nullable: true
Expand Down Expand Up @@ -2456,6 +2510,40 @@ spec:
- name
- type
type: object
x-kubernetes-validations:
- message: Additional type specific spec is required for the output
type
rule: self.type != 'azureMonitor' || has(self.azureMonitor)
- message: Additional type specific spec is required for the output
type
rule: self.type != 'cloudwatch' || has(self.cloudwatch)
- message: Additional type specific spec is required for the output
type
rule: self.type != 'elasticsearch' || has(self.elasticsearch)
- message: Additional type specific spec is required for the output
type
rule: self.type != 'googleCloudLogging' || has(self.googleCloudLogging)
- message: Additional type specific spec is required for the output
type
rule: self.type != 'http' || has(self.http)
- message: Additional type specific spec is required for the output
type
rule: self.type != 'kafka' || has(self.kafka)
- message: Additional type specific spec is required for the output
type
rule: self.type != 'loki' || has(self.loki)
- message: Additional type specific spec is required for the output
type
rule: self.type != 'lokiStack' || has(self.lokiStack)
- message: Additional type specific spec is required the for output
type
rule: self.type != 'splunk' || has(self.splunk)
- message: Additional type specific spec is required the for output
type
rule: self.type != 'syslog' || has(self.syslog)
- message: Additional type specific spec is required the for output
type
rule: self.type != 'otlp' || has(self.otlp)
type: array
x-kubernetes-list-map-keys:
- name
Expand Down Expand Up @@ -2484,15 +2572,18 @@ spec:
logs related to security audits."
items:
type: string
minItems: 1
type: array
name:
description: Name of the pipeline
pattern: ^[a-z][a-z0-9-]{2,62}[a-z0-9]$
type: string
outputRefs:
description: OutputRefs lists the names (`output.name`) of outputs
from this pipeline.
items:
type: string
minItems: 1
type: array
required:
- inputRefs
Expand Down
Loading