add CEL validation for RegistrySources in Image API

muraee · muraee · commit 4db099047b43 · 2024-08-29T15:16:37.000+02:00
diff --git a/config/v1/types_image.go b/config/v1/types_image.go
@@ -162,6 +162,8 @@ type RegistryLocation struct {
 }
 
 // RegistrySources holds cluster-wide information about how to handle the registries config.
+//
+// +kubebuilder:validation:XValidation:rule="self.blockedRegistries.size() > 0 ? self.allowedRegistries.size() == 0 : true",message="Only one of BlockedRegistries or AllowedRegistries may be set"
 type RegistrySources struct {
 	// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
 	// +optional
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml
@@ -139,6 +139,11 @@ spec:
                     type: array
                     x-kubernetes-list-type: atomic
                 type: object
+                x-kubernetes-validations:
+                - message: Only one of BlockedRegistries or AllowedRegistries may
+                    be set
+                  rule: 'self.blockedRegistries.size() > 0 ? self.allowedRegistries.size()
+                    == 0 : true'
             type: object
           status:
             description: status holds observed values from the cluster. They may not
diff --git a/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml
@@ -139,6 +139,11 @@ spec:
                     type: array
                     x-kubernetes-list-type: atomic
                 type: object
+                x-kubernetes-validations:
+                - message: Only one of BlockedRegistries or AllowedRegistries may
+                    be set
+                  rule: 'self.blockedRegistries.size() > 0 ? self.allowedRegistries.size()
+                    == 0 : true'
             type: object
           status:
             description: status holds observed values from the cluster. They may not
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml
@@ -139,6 +139,11 @@ spec:
                     type: array
                     x-kubernetes-list-type: atomic
                 type: object
+                x-kubernetes-validations:
+                - message: Only one of BlockedRegistries or AllowedRegistries may
+                    be set
+                  rule: 'self.blockedRegistries.size() > 0 ? self.allowedRegistries.size()
+                    == 0 : true'
             type: object
           status:
             description: status holds observed values from the cluster. They may not

Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,8 @@ type RegistryLocation struct {`
`162`	`162`	`}`
`163`	`163`
`164`	`164`	`// RegistrySources holds cluster-wide information about how to handle the registries config.`
	`165`	`+//`
	`166`	`+// +kubebuilder:validation:XValidation:rule="self.blockedRegistries.size() > 0 ? self.allowedRegistries.size() == 0 : true",message="Only one of BlockedRegistries or AllowedRegistries may be set"`
`165`	`167`	`type RegistrySources struct {`
`166`	`168`	`// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.`
`167`	`169`	`// +optional`