add CEL validation for RegistrySources in Image API

muraee · muraee · commit ad2927ae55c1 · 2024-04-18T12:37:16.000+02:00
diff --git a/config/v1/types_image.go b/config/v1/types_image.go
@@ -112,6 +112,8 @@ type RegistryLocation struct {
 }
 
 // RegistrySources holds cluster-wide information about how to handle the registries config.
+//
+// +kubebuilder:validation:XValidation:rule="self.blockedRegistries.size() > 0 ? self.allowedRegistries.size() == 0 : true",message="Only one of BlockedRegistries or AllowedRegistries may be set"
 type RegistrySources struct {
 	// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
 	// +optional
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
@@ -132,6 +132,11 @@ spec:
                       type: string
                     type: array
                 type: object
+                x-kubernetes-validations:
+                - message: Only one of BlockedRegistries or AllowedRegistries may
+                    be set
+                  rule: 'self.blockedRegistries.size() > 0 ? self.allowedRegistries.size()
+                    == 0 : true'
             type: object
           status:
             description: status holds observed values from the cluster. They may not
diff --git a/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml
@@ -133,6 +133,11 @@ spec:
                       type: string
                     type: array
                 type: object
+                x-kubernetes-validations:
+                - message: Only one of BlockedRegistries or AllowedRegistries may
+                    be set
+                  rule: 'self.blockedRegistries.size() > 0 ? self.allowedRegistries.size()
+                    == 0 : true'
             type: object
           status:
             description: status holds observed values from the cluster. They may not
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml
@@ -132,6 +132,11 @@ spec:
                       type: string
                     type: array
                 type: object
+                x-kubernetes-validations:
+                - message: Only one of BlockedRegistries or AllowedRegistries may
+                    be set
+                  rule: 'self.blockedRegistries.size() > 0 ? self.allowedRegistries.size()
+                    == 0 : true'
             type: object
           status:
             description: status holds observed values from the cluster. They may not

Original file line number	Diff line number	Diff line change
`@@ -112,6 +112,8 @@ type RegistryLocation struct {`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`// RegistrySources holds cluster-wide information about how to handle the registries config.`
	`115`	`+//`
	`116`	`+// +kubebuilder:validation:XValidation:rule="self.blockedRegistries.size() > 0 ? self.allowedRegistries.size() == 0 : true",message="Only one of BlockedRegistries or AllowedRegistries may be set"`
`115`	`117`	`type RegistrySources struct {`
`116`	`118`	`// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.`
`117`	`119`	`// +optional`