fix(kgo): fix ports.dataplane.gateway-operator.konghq.com ValidatingA…

…dmissionPolicy rules

charts/gateway-operator/CHANGELOG.md

@@ -1,10 +1,17 @@
 # Changelog
 
+## 0.4.4
+
+### Changes
+
+- Fix rules of `ValidatingAdmissionPolicy` validating `DataPlane` ports.
+  [#1215](https://github.com/Kong/charts/pull/1215)
+
 ## 0.4.3
 
 ### Changes
 
-- Added `ValidatingAdmissionPolicy` and ``ValidatingAdmissionPolicyBinding` for
+- Added `ValidatingAdmissionPolicy` and `ValidatingAdmissionPolicyBinding` for
   validating `DataPlane` ports.
   [#1215](https://github.com/Kong/charts/pull/1215)
 

charts/gateway-operator/Chart.yaml

@@ -8,7 +8,7 @@ maintainers:
 name: gateway-operator
 sources:
   - https://github.com/Kong/charts/tree/main/charts/gateway-operator
-version: 0.4.3
+version: 0.4.4
 appVersion: "1.4"
 annotations:
   artifacthub.io/prerelease: "false"

charts/gateway-operator/ci/__snapshots__/affinity-values.snap

@@ -694,7 +694,7 @@ kind: Deployment
 metadata:
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
     app.kubernetes.io/component: kgo
@@ -716,7 +716,7 @@ spec:
       labels:
         control-plane: controller-manager
         app.kubernetes.io/name: gateway-operator
-        helm.sh/chart: gateway-operator-0.4.3
+        helm.sh/chart: gateway-operator-0.4.4
         app.kubernetes.io/instance: "chartsnap"
         app.kubernetes.io/version: "1.4"
         app.kubernetes.io/component: kgo
@@ -816,7 +816,7 @@ metadata:
   name: ports.dataplane.gateway-operator.konghq.com
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
 spec:
@@ -832,18 +832,17 @@ spec:
       resources:
       - "dataplanes"
   variables:
-  - name: network
-    expression: object.spec.network
-  - name: services
-    expression: variables.network.services
   - name: ingressPorts
-    expression: variables.services.ingress.ports
+    expression: object.spec.network.services.ingress.ports
   - name: podTemplateSpec
     expression: object.spec.deployment.podTemplateSpec
+  - name: proxyContainers
+    expression: |
+      variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')
   - name: proxyContainer
     expression: |
-      variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ?
-        variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] :
+      variables.proxyContainers.size() > 0 ?
+        variables.proxyContainers[0] :
         null
   - name: envFilteredPortMaps
     expression: |
@@ -863,27 +862,35 @@ spec:
     expression: |
       !has(object.spec.network) ||
       !has(object.spec.network.services) ||
-      variables.ingressPorts == null ||
-      variables.envPortMaps == null ||
-      variables.ingressPorts.all(p, variables.envPortMaps.
-                split(",").
-                exists(pm,
-                    pm.split(":")[1].trim() == string(p.targetPort)
-                    )
-                )
+      !has(object.spec.network.services.ingress) ||
+      !has(object.spec.network.services.ingress.ports) ||
+      (
+        has(variables.proxyContainer.env) &&
+        variables.envPortMaps != null &&
+        variables.ingressPorts.all(p, variables.envPortMaps.
+                  split(",").
+                  exists(pm,
+                      pm.split(":")[1].trim() == string(p.targetPort)
+                      )
+                  )
+      )
     reason: Invalid
   - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'"
     expression: |
       !has(object.spec.network) ||
       !has(object.spec.network.services) ||
-      variables.ingressPorts == null ||
-      variables.envProxyListen == null ||
-      variables.ingressPorts.all(p, variables.envProxyListen.
-                split(",").
-                exists(pm,
-                  pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
+      !has(object.spec.network.services.ingress) ||
+      !has(object.spec.network.services.ingress.ports) ||
+      (
+        has(variables.proxyContainer.env) &&
+        variables.envProxyListen != null &&
+        variables.ingressPorts.all(p, variables.envProxyListen.
+                  split(",").
+                  exists(pm,
+                    pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
+                    )
                   )
-                )
+      )
     reason: Invalid
 ---
 # Source: gateway-operator/templates/validation-policy-dataplane.yaml
@@ -893,7 +900,7 @@ metadata:
   name: binding-ports.dataplane.gateway-operator.konghq.com
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
 spec:

charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap

@@ -694,7 +694,7 @@ kind: Deployment
 metadata:
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
     app.kubernetes.io/component: kgo
@@ -716,7 +716,7 @@ spec:
       labels:
         control-plane: controller-manager
         app.kubernetes.io/name: gateway-operator
-        helm.sh/chart: gateway-operator-0.4.3
+        helm.sh/chart: gateway-operator-0.4.4
         app.kubernetes.io/instance: "chartsnap"
         app.kubernetes.io/version: "1.4"
         app.kubernetes.io/component: kgo
@@ -808,7 +808,7 @@ metadata:
   name: ports.dataplane.gateway-operator.konghq.com
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
 spec:
@@ -824,18 +824,17 @@ spec:
       resources:
       - "dataplanes"
   variables:
-  - name: network
-    expression: object.spec.network
-  - name: services
-    expression: variables.network.services
   - name: ingressPorts
-    expression: variables.services.ingress.ports
+    expression: object.spec.network.services.ingress.ports
   - name: podTemplateSpec
     expression: object.spec.deployment.podTemplateSpec
+  - name: proxyContainers
+    expression: |
+      variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')
   - name: proxyContainer
     expression: |
-      variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ?
-        variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] :
+      variables.proxyContainers.size() > 0 ?
+        variables.proxyContainers[0] :
         null
   - name: envFilteredPortMaps
     expression: |
@@ -855,27 +854,35 @@ spec:
     expression: |
       !has(object.spec.network) ||
       !has(object.spec.network.services) ||
-      variables.ingressPorts == null ||
-      variables.envPortMaps == null ||
-      variables.ingressPorts.all(p, variables.envPortMaps.
-                split(",").
-                exists(pm,
-                    pm.split(":")[1].trim() == string(p.targetPort)
-                    )
-                )
+      !has(object.spec.network.services.ingress) ||
+      !has(object.spec.network.services.ingress.ports) ||
+      (
+        has(variables.proxyContainer.env) &&
+        variables.envPortMaps != null &&
+        variables.ingressPorts.all(p, variables.envPortMaps.
+                  split(",").
+                  exists(pm,
+                      pm.split(":")[1].trim() == string(p.targetPort)
+                      )
+                  )
+      )
     reason: Invalid
   - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'"
     expression: |
       !has(object.spec.network) ||
       !has(object.spec.network.services) ||
-      variables.ingressPorts == null ||
-      variables.envProxyListen == null ||
-      variables.ingressPorts.all(p, variables.envProxyListen.
-                split(",").
-                exists(pm,
-                  pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
+      !has(object.spec.network.services.ingress) ||
+      !has(object.spec.network.services.ingress.ports) ||
+      (
+        has(variables.proxyContainer.env) &&
+        variables.envProxyListen != null &&
+        variables.ingressPorts.all(p, variables.envProxyListen.
+                  split(",").
+                  exists(pm,
+                    pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
+                    )
                   )
-                )
+      )
     reason: Invalid
 ---
 # Source: gateway-operator/templates/validation-policy-dataplane.yaml
@@ -885,7 +892,7 @@ metadata:
   name: binding-ports.dataplane.gateway-operator.konghq.com
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
 spec:

charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap

@@ -694,7 +694,7 @@ kind: Deployment
 metadata:
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
     app.kubernetes.io/component: kgo
@@ -716,7 +716,7 @@ spec:
       labels:
         control-plane: controller-manager
         app.kubernetes.io/name: gateway-operator
-        helm.sh/chart: gateway-operator-0.4.3
+        helm.sh/chart: gateway-operator-0.4.4
         app.kubernetes.io/instance: "chartsnap"
         app.kubernetes.io/version: "1.4"
         app.kubernetes.io/component: kgo
@@ -808,7 +808,7 @@ metadata:
   name: ports.dataplane.gateway-operator.konghq.com
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
 spec:
@@ -824,18 +824,17 @@ spec:
       resources:
       - "dataplanes"
   variables:
-  - name: network
-    expression: object.spec.network
-  - name: services
-    expression: variables.network.services
   - name: ingressPorts
-    expression: variables.services.ingress.ports
+    expression: object.spec.network.services.ingress.ports
   - name: podTemplateSpec
     expression: object.spec.deployment.podTemplateSpec
+  - name: proxyContainers
+    expression: |
+      variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')
   - name: proxyContainer
     expression: |
-      variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ?
-        variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] :
+      variables.proxyContainers.size() > 0 ?
+        variables.proxyContainers[0] :
         null
   - name: envFilteredPortMaps
     expression: |
@@ -855,27 +854,35 @@ spec:
     expression: |
       !has(object.spec.network) ||
       !has(object.spec.network.services) ||
-      variables.ingressPorts == null ||
-      variables.envPortMaps == null ||
-      variables.ingressPorts.all(p, variables.envPortMaps.
-                split(",").
-                exists(pm,
-                    pm.split(":")[1].trim() == string(p.targetPort)
-                    )
-                )
+      !has(object.spec.network.services.ingress) ||
+      !has(object.spec.network.services.ingress.ports) ||
+      (
+        has(variables.proxyContainer.env) &&
+        variables.envPortMaps != null &&
+        variables.ingressPorts.all(p, variables.envPortMaps.
+                  split(",").
+                  exists(pm,
+                      pm.split(":")[1].trim() == string(p.targetPort)
+                      )
+                  )
+      )
     reason: Invalid
   - messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'"
     expression: |
       !has(object.spec.network) ||
       !has(object.spec.network.services) ||
-      variables.ingressPorts == null ||
-      variables.envProxyListen == null ||
-      variables.ingressPorts.all(p, variables.envProxyListen.
-                split(",").
-                exists(pm,
-                  pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
+      !has(object.spec.network.services.ingress) ||
+      !has(object.spec.network.services.ingress.ports) ||
+      (
+        has(variables.proxyContainer.env) &&
+        variables.envProxyListen != null &&
+        variables.ingressPorts.all(p, variables.envProxyListen.
+                  split(",").
+                  exists(pm,
+                    pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
+                    )
                   )
-                )
+      )
     reason: Invalid
 ---
 # Source: gateway-operator/templates/validation-policy-dataplane.yaml
@@ -885,7 +892,7 @@ metadata:
   name: binding-ports.dataplane.gateway-operator.konghq.com
   labels:
     app.kubernetes.io/name: gateway-operator
-    helm.sh/chart: gateway-operator-0.4.3
+    helm.sh/chart: gateway-operator-0.4.4
     app.kubernetes.io/instance: "chartsnap"
     app.kubernetes.io/version: "1.4"
 spec: