Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: HOSTEDCP-582: Add CEL validations to hostedcluster v1beta1 #1911

Closed
wants to merge 1 commit into from
Closed

WIP: HOSTEDCP-582: Add CEL validations to hostedcluster v1beta1 #1911

wants to merge 1 commit into from

Conversation

imain
Copy link
Contributor

@imain imain commented Nov 30, 2022
edited

This uses CEL validations available in kubernetes 1.25 and above, requiring OpenShift 4.12 or greater. I have tested with OpenShift 4.10 and while the validations do not work, they are also ignored so it should be safe to have them in place for all versions.

Note that I am not setting maxLength here for the strings. I looked through the source code and it seems for simple string comparisons we should be OK here. I'd really rather not have to set this if we don't have to. However if we run into issues we'll have to think about setting it.

Still a WIP as I need to do more testing.

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 30, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 30, 2022

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: imain
Once this PR has been reviewed and has the lgtm label, please assign csrwng for approval by writing /assign @csrwng in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

enxebre
enxebre reviewed Dec 1, 2022
View reviewed changes
api/v1beta1/hostedcluster_types.go Outdated
@@ -216,24 +235,28 @@ type HostedClusterSpec struct {
// ".dockerconfigjson" whose value is the pull secret JSON.
//
// +immutable
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="pullSecret is immutable"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this si mutable https://issues.redhat.com/browse/HOSTEDCP-593

enxebre
enxebre reviewed Dec 1, 2022
View reviewed changes
api/v1beta1/hostedcluster_types.go
BaseDomain string `json:"baseDomain"`

// PublicZoneID is the Hosted Zone ID where all the DNS records that are
// publicly accessible to the internet exist.
//
// +optional
// +immutable
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="publicZoneID is immutable"
Copy link
Member

@enxebre enxebre Dec 1, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are publicZoneID and PrivateZoneID actually optional? I don't think so cc @sjenning

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the source code, I think you are right. Would be nice to hear from Seth to confirm though.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commented in slack, but I think this is only required if platform is AWS. It get piped into the DNS global config in the guest cluster.

@enxebre
Copy link
Member

enxebre commented Dec 1, 2022

open api complains https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_hypershift/1911/pull-ci-openshift-hypershift-main-e2e-aws/1598097819955105792/build-log.txt

@netlify
Copy link

netlify bot commented Dec 6, 2022

Deploy Preview for hypershift-docs ready!

Name Link
🔨 Latest commit f050340
🔍 Latest deploy log https://app.netlify.com/sites/hypershift-docs/deploys/638fab07f4d31f0008ee5446
😎 Deploy Preview https://deploy-preview-1911--hypershift-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@imain imain force-pushed the v1beta1-hostedcluster-cel branch 3 times, most recently from 349326c to d36e213 Compare December 6, 2022 22:26
@sjenning
Copy link
Contributor

sjenning commented Dec 7, 2022

/hold
OpenAPI still complaining
https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_hypershift/1911/pull-ci-openshift-hypershift-main-e2e-aws/1600256124290863104/build-log.txt

Please test locally to make sure the manifests can be applied to an OCP 4.12 cluster before removing hold.

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 7, 2022
@imain imain force-pushed the v1beta1-hostedcluster-cel branch 5 times, most recently from 5381785 to 2987d37 Compare December 14, 2022 20:11
@imain
WIP: HOSTEDCP-582: Add CEL validations to hostedcluster v1beta1
68c7ce4 
This uses CEL validations available in kubernetes 1.25 and above,
requiring OpenShift 4.12 or greater.  I have tested with OpenShift 4.10
and while the validations do not work, they are also ignored so it should
be safe to have them in place for all versions.

Note that I am not setting maxLength here for the strings. I looked
through the source code and it seems for simple string comparisons we
should be OK here. I'd really rather not have to set this if we don't have
to. However if we run into issues we'll have to think about setting it.

Still a WIP as I need to do more testing.
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 19, 2022
@openshift-merge-robot
Copy link
Contributor

@imain: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 25, 2023

@imain: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/kubevirt-e2e-kubevirt-gcp-ovn 501e783 link false /test kubevirt-e2e-kubevirt-gcp-ovn
ci/prow/kubevirt-e2e-kubevirt-azure-ovn 501e783 link false /test kubevirt-e2e-kubevirt-azure-ovn
ci/prow/capi-provider-agent-sanity 501e783 link false /test capi-provider-agent-sanity
ci/prow/e2e-ibmcloud-roks 68c7ce4 link false /test e2e-ibmcloud-roks
ci/prow/e2e-ibmcloud-iks 68c7ce4 link false /test e2e-ibmcloud-iks
ci/prow/kubevirt-images 68c7ce4 link true /test kubevirt-images
ci/prow/unit 68c7ce4 link true /test unit
ci/prow/verify 68c7ce4 link true /test verify
ci/prow/e2e-aws 68c7ce4 link true /test e2e-aws

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@enxebre enxebre mentioned this pull request Feb 8, 2023
Closed
4 tasks
@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 26, 2023
@enxebre
Copy link
Member

enxebre commented May 22, 2023

closing by #2148 which will need to sync with IBM folks

@enxebre enxebre closed this May 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enxebre enxebre enxebre left review comments

@csrwng csrwng Awaiting requested review from csrwng

@sjenning sjenning Awaiting requested review from sjenning

Assignees
No one assigned
Labels
do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@imain @enxebre @sjenning @openshift-merge-robot @openshift-bot