🌱 OPRUN-4138 ClusterExtensionRevision .spec.revision must be positive

[pedjak]

Description

Added the validation rules and the unit tests.

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	c648a1f
🔍 Latest deploy log	https://app.netlify.com/projects/olmv1/deploys/68d29c96db8d0a0008eb45b8
😎 Deploy Preview	https://deploy-preview-2231--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.16%. Comparing base (16d1089) to head (c648a1f).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2231   +/-   ##
=======================================
  Coverage   72.16%   72.16%           
=======================================
  Files          85       85           
  Lines        8440     8440           
=======================================
  Hits         6091     6091           
  Misses       1948     1948           
  Partials      401      401           

Flag	Coverage Δ
e2e	39.11% <ø> (ø)
experimental-e2e	46.17% <ø> (ø)
unit	57.15% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joelanford]

We can validate uniqueness if we require the metadata.name to have a pattern that matches <ceName>-<revNumber>, right?

But I assume there's no way to guarantee "new rev must be previous rev +1"?

[thetechnick]

In theory you could add a webhook, but I'd like to avoid webhooks as much as possible.
I don't think you can add a validation rule to .metadata.name, but we could add a CEL transition rule where .spec.revision must be equal to -digit suffix of the name. 🤔

But I'd add that in a new PR.

[pedjak]

we could probably do that, but for that we need a validation webhook where we could fetch all existing revisions, sort them by creation date and compare their revisions with the one we got in the payload. Not sure if the effort would be justified.

[joelanford]

It is possible to have a CEL validation rule for metadata.name. You just have to declare the validation against the root struct that embeds ObjectMeta.

We could use ValidationAdmissionPolicy, which is now preferred over webhooks in general, but there's still the problem that when there are multiple apiserver replicas, they are each acting independently when making validation decisions and (I'm pretty sure) without holding a lock or transaction against etcd for all the data used to make the validation decision.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva, thetechnick

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• api/OWNERS [perdasilva,thetechnick]
• helm/OWNERS [perdasilva]
• manifests/OWNERS [perdasilva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment