Skip to content

Commit

Permalink
fix(kgo): fix ports.dataplane.gateway-operator.konghq.com ValidatingA…
Browse files Browse the repository at this point in the history 
…dmissionPolicy rules
  • Loading branch information
@pmalek
pmalek committed Jan 22, 2025
1 parent 5053daf commit e68cb02
Show file tree
Hide file tree
Showing 9 changed files with 240 additions and 177 deletions.
9 changes: 8 additions & 1 deletion charts/gateway-operator/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# Changelog

## 0.4.5

### Changes

- Fix rules of `ValidatingAdmissionPolicy` validating `DataPlane` ports.
[#1215](https://github.com/Kong/charts/pull/1215)

## 0.4.4

### Changes
Expand All @@ -12,7 +19,7 @@

### Changes

- Added `ValidatingAdmissionPolicy` and ``ValidatingAdmissionPolicyBinding` for
- Added `ValidatingAdmissionPolicy` and `ValidatingAdmissionPolicyBinding` for
validating `DataPlane` ports.
[#1215](https://github.com/Kong/charts/pull/1215)

Expand Down
51 changes: 29 additions & 22 deletions charts/gateway-operator/ci/__snapshots__/affinity-values.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -834,18 +834,17 @@ spec:
resources:
- "dataplanes"
variables:
- name: network
expression: object.spec.network
- name: services
expression: variables.network.services
- name: ingressPorts
expression: variables.services.ingress.ports
expression: object.spec.network.services.ingress.ports
- name: podTemplateSpec
expression: object.spec.deployment.podTemplateSpec
- name: proxyContainers
expression: |
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')
- name: proxyContainer
expression: |
variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ?
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] :
variables.proxyContainers.size() > 0 ?
variables.proxyContainers[0] :
null
- name: envFilteredPortMaps
expression: |
Expand All @@ -865,27 +864,35 @@ spec:
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envPortMaps == null ||
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envPortMaps != null &&
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
)
reason: Invalid
- messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'"
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envProxyListen == null ||
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envProxyListen != null &&
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
)
)
)
)
reason: Invalid
---
# Source: gateway-operator/templates/validation-policy-dataplane.yaml
Expand Down
51 changes: 29 additions & 22 deletions charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -826,18 +826,17 @@ spec:
resources:
- "dataplanes"
variables:
- name: network
expression: object.spec.network
- name: services
expression: variables.network.services
- name: ingressPorts
expression: variables.services.ingress.ports
expression: object.spec.network.services.ingress.ports
- name: podTemplateSpec
expression: object.spec.deployment.podTemplateSpec
- name: proxyContainers
expression: |
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')
- name: proxyContainer
expression: |
variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ?
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] :
variables.proxyContainers.size() > 0 ?
variables.proxyContainers[0] :
null
- name: envFilteredPortMaps
expression: |
Expand All @@ -857,27 +856,35 @@ spec:
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envPortMaps == null ||
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envPortMaps != null &&
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
)
reason: Invalid
- messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'"
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envProxyListen == null ||
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envProxyListen != null &&
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
)
)
)
)
reason: Invalid
---
# Source: gateway-operator/templates/validation-policy-dataplane.yaml
Expand Down
51 changes: 29 additions & 22 deletions charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -826,18 +826,17 @@ spec:
resources:
- "dataplanes"
variables:
- name: network
expression: object.spec.network
- name: services
expression: variables.network.services
- name: ingressPorts
expression: variables.services.ingress.ports
expression: object.spec.network.services.ingress.ports
- name: podTemplateSpec
expression: object.spec.deployment.podTemplateSpec
- name: proxyContainers
expression: |
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')
- name: proxyContainer
expression: |
variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ?
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] :
variables.proxyContainers.size() > 0 ?
variables.proxyContainers[0] :
null
- name: envFilteredPortMaps
expression: |
Expand All @@ -857,27 +856,35 @@ spec:
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envPortMaps == null ||
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envPortMaps != null &&
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
)
reason: Invalid
- messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'"
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envProxyListen == null ||
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envProxyListen != null &&
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
)
)
)
)
reason: Invalid
---
# Source: gateway-operator/templates/validation-policy-dataplane.yaml
Expand Down
51 changes: 29 additions & 22 deletions charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -828,18 +828,17 @@ spec:
resources:
- "dataplanes"
variables:
- name: network
expression: object.spec.network
- name: services
expression: variables.network.services
- name: ingressPorts
expression: variables.services.ingress.ports
expression: object.spec.network.services.ingress.ports
- name: podTemplateSpec
expression: object.spec.deployment.podTemplateSpec
- name: proxyContainers
expression: |
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')
- name: proxyContainer
expression: |
variables.podTemplateSpec.spec.containers.exists(c, c.name == 'proxy') ?
variables.podTemplateSpec.spec.containers.filter(c, c.name == 'proxy')[0] :
variables.proxyContainers.size() > 0 ?
variables.proxyContainers[0] :
null
- name: envFilteredPortMaps
expression: |
Expand All @@ -859,27 +858,35 @@ spec:
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envPortMaps == null ||
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envPortMaps != null &&
variables.ingressPorts.all(p, variables.envPortMaps.
split(",").
exists(pm,
pm.split(":")[1].trim() == string(p.targetPort)
)
)
)
reason: Invalid
- messageExpression: "'Each port from spec.network.services.ingress.ports has to have an accompanying port in KONG_PROXY_LISTEN env'"
expression: |
!has(object.spec.network) ||
!has(object.spec.network.services) ||
variables.ingressPorts == null ||
variables.envProxyListen == null ||
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
!has(object.spec.network.services.ingress) ||
!has(object.spec.network.services.ingress.ports) ||
(
has(variables.proxyContainer.env) &&
variables.envProxyListen != null &&
variables.ingressPorts.all(p, variables.envProxyListen.
split(",").
exists(pm,
pm.trim().split(" ")[0].split(":")[1].trim() == string(p.targetPort)
)
)
)
)
reason: Invalid
---
# Source: gateway-operator/templates/validation-policy-dataplane.yaml
Expand Down
Loading

0 comments on commit e68cb02

Please sign in to comment.