Drop legacy validation logic for networking API
This commit is contained in:
Jordan Liggitt
@@ -21,11 +21,8 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
networkingv1 "k8s.io/api/networking/v1"
|
||||
networkingv1beta1 "k8s.io/api/networking/v1beta1"
|
||||
apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
@@ -514,7 +511,6 @@ func TestValidateIngress(t *testing.T) {
|
||||
}
|
||||
|
||||
testCases := map[string]struct {
|
||||
groupVersion *schema.GroupVersion
|
||||
tweakIngress func(ing *networking.Ingress)
|
||||
expectErrsOnFields []string
|
||||
}{
|
||||
@@ -531,13 +527,12 @@ func TestValidateIngress(t *testing.T) {
|
||||
expectErrsOnFields: []string{},
|
||||
},
|
||||
// invalid use cases
|
||||
"backend (v1beta1) with no service": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
"backend with no service": {
|
||||
tweakIngress: func(ing *networking.Ingress) {
|
||||
ing.Spec.DefaultBackend.Service.Name = ""
|
||||
},
|
||||
expectErrsOnFields: []string{
|
||||
"spec.backend.serviceName",
|
||||
"spec.defaultBackend.service.name",
|
||||
},
|
||||
},
|
||||
"invalid path type": {
|
||||
@@ -654,7 +649,6 @@ func TestValidateIngress(t *testing.T) {
|
||||
},
|
||||
},
|
||||
"spec.backend resource and service name are not allowed together": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ing *networking.Ingress) {
|
||||
ing.Spec.DefaultBackend = &networking.IngressBackend{
|
||||
Service: serviceBackend,
|
||||
@@ -666,11 +660,10 @@ func TestValidateIngress(t *testing.T) {
|
||||
}
|
||||
},
|
||||
expectErrsOnFields: []string{
|
||||
"spec.backend",
|
||||
"spec.defaultBackend",
|
||||
},
|
||||
},
|
||||
"spec.backend resource and service port are not allowed together": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ing *networking.Ingress) {
|
||||
ing.Spec.DefaultBackend = &networking.IngressBackend{
|
||||
Service: serviceBackend,
|
||||
@@ -682,7 +675,7 @@ func TestValidateIngress(t *testing.T) {
|
||||
}
|
||||
},
|
||||
expectErrsOnFields: []string{
|
||||
"spec.backend",
|
||||
"spec.defaultBackend",
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -691,11 +684,7 @@ func TestValidateIngress(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
ingress := baseIngress.DeepCopy()
|
||||
testCase.tweakIngress(ingress)
|
||||
gv := testCase.groupVersion
|
||||
if gv == nil {
|
||||
gv = &networkingv1.SchemeGroupVersion
|
||||
}
|
||||
errs := validateIngress(ingress, IngressValidationOptions{}, *gv)
|
||||
errs := validateIngress(ingress, IngressValidationOptions{})
|
||||
if len(testCase.expectErrsOnFields) != len(errs) {
|
||||
t.Fatalf("Expected %d errors, got %d errors: %v", len(testCase.expectErrsOnFields), len(errs), errs)
|
||||
}
|
||||
@@ -718,7 +707,6 @@ func TestValidateIngressRuleValue(t *testing.T) {
|
||||
}
|
||||
fldPath := field.NewPath("testing.http.paths[0].path")
|
||||
testCases := map[string]struct {
|
||||
groupVersion *schema.GroupVersion
|
||||
pathType networking.PathType
|
||||
path string
|
||||
expectedErrs field.ErrorList
|
||||
@@ -820,11 +808,7 @@ func TestValidateIngressRuleValue(t *testing.T) {
|
||||
},
|
||||
},
|
||||
}
|
||||
gv := testCase.groupVersion
|
||||
if gv == nil {
|
||||
gv = &networkingv1.SchemeGroupVersion
|
||||
}
|
||||
errs := validateIngressRuleValue(irv, field.NewPath("testing"), IngressValidationOptions{}, *gv)
|
||||
errs := validateIngressRuleValue(irv, field.NewPath("testing"), IngressValidationOptions{})
|
||||
if len(errs) != len(testCase.expectedErrs) {
|
||||
t.Fatalf("Expected %d errors, got %d (%+v)", len(testCase.expectedErrs), len(errs), errs)
|
||||
}
|
||||
@@ -868,7 +852,6 @@ func TestValidateIngressCreate(t *testing.T) {
|
||||
}
|
||||
|
||||
testCases := map[string]struct {
|
||||
groupVersion *schema.GroupVersion
|
||||
tweakIngress func(ingress *networking.Ingress)
|
||||
expectedErrs field.ErrorList
|
||||
}{
|
||||
@@ -950,33 +933,18 @@ func TestValidateIngressCreate(t *testing.T) {
|
||||
},
|
||||
expectedErrs: field.ErrorList{},
|
||||
},
|
||||
"v1: valid secret": {
|
||||
groupVersion: &networkingv1.SchemeGroupVersion,
|
||||
"valid secret": {
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
},
|
||||
},
|
||||
"v1: invalid secret": {
|
||||
groupVersion: &networkingv1.SchemeGroupVersion,
|
||||
"invalid secret": {
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name"}}
|
||||
},
|
||||
expectedErrs: field.ErrorList{field.Invalid(field.NewPath("spec").Child("tls").Index(0).Child("secretName"), "invalid name", `a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')`)},
|
||||
},
|
||||
"v1beta1: valid secret": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
},
|
||||
},
|
||||
"v1beta1: invalid secret": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 1"}}
|
||||
},
|
||||
},
|
||||
"v1: valid rules with wildcard host": {
|
||||
groupVersion: &networkingv1.SchemeGroupVersion,
|
||||
"valid rules with wildcard host": {
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
ingress.Spec.Rules = []networking.IngressRule{{
|
||||
@@ -993,8 +961,7 @@ func TestValidateIngressCreate(t *testing.T) {
|
||||
}}
|
||||
},
|
||||
},
|
||||
"v1: invalid rules with wildcard host": {
|
||||
groupVersion: &networkingv1.SchemeGroupVersion,
|
||||
"invalid rules with wildcard host": {
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
ingress.Spec.Rules = []networking.IngressRule{{
|
||||
@@ -1012,53 +979,13 @@ func TestValidateIngressCreate(t *testing.T) {
|
||||
},
|
||||
expectedErrs: field.ErrorList{field.Invalid(field.NewPath("spec").Child("rules").Index(0).Child("http").Child("paths").Index(0).Child("path"), "foo", `must be an absolute path`)},
|
||||
},
|
||||
"v1beta1: valid rules with wildcard host": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
ingress.Spec.Rules = []networking.IngressRule{{
|
||||
Host: "*.foo.com",
|
||||
IngressRuleValue: networking.IngressRuleValue{
|
||||
HTTP: &networking.HTTPIngressRuleValue{
|
||||
Paths: []networking.HTTPIngressPath{{
|
||||
Path: "/foo",
|
||||
PathType: &exactPathType,
|
||||
Backend: defaultBackend,
|
||||
}},
|
||||
},
|
||||
},
|
||||
}}
|
||||
},
|
||||
},
|
||||
"v1beta1: invalid rules with wildcard host": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
ingress.Spec.Rules = []networking.IngressRule{{
|
||||
Host: "*.foo.com",
|
||||
IngressRuleValue: networking.IngressRuleValue{
|
||||
HTTP: &networking.HTTPIngressRuleValue{
|
||||
Paths: []networking.HTTPIngressPath{{
|
||||
Path: "foo",
|
||||
PathType: &exactPathType,
|
||||
Backend: defaultBackend,
|
||||
}},
|
||||
},
|
||||
},
|
||||
}}
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, testCase := range testCases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
newIngress := baseIngress.DeepCopy()
|
||||
testCase.tweakIngress(newIngress)
|
||||
gv := testCase.groupVersion
|
||||
if gv == nil {
|
||||
gv = &networkingv1.SchemeGroupVersion
|
||||
}
|
||||
errs := ValidateIngressCreate(newIngress, *gv)
|
||||
errs := ValidateIngressCreate(newIngress)
|
||||
if len(errs) != len(testCase.expectedErrs) {
|
||||
t.Fatalf("Expected %d errors, got %d (%+v)", len(testCase.expectedErrs), len(errs), errs)
|
||||
}
|
||||
@@ -1101,7 +1028,6 @@ func TestValidateIngressUpdate(t *testing.T) {
|
||||
}
|
||||
|
||||
testCases := map[string]struct {
|
||||
gv schema.GroupVersion
|
||||
tweakIngresses func(newIngress, oldIngress *networking.Ingress)
|
||||
expectedErrs field.ErrorList
|
||||
}{
|
||||
@@ -1385,37 +1311,20 @@ func TestValidateIngressUpdate(t *testing.T) {
|
||||
},
|
||||
expectedErrs: field.ErrorList{},
|
||||
},
|
||||
"v1: change valid secret -> invalid secret": {
|
||||
gv: networkingv1.SchemeGroupVersion,
|
||||
"change valid secret -> invalid secret": {
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name"}}
|
||||
},
|
||||
expectedErrs: field.ErrorList{field.Invalid(field.NewPath("spec").Child("tls").Index(0).Child("secretName"), "invalid name", `a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')`)},
|
||||
},
|
||||
"v1: change invalid secret -> invalid secret": {
|
||||
gv: networkingv1.SchemeGroupVersion,
|
||||
"change invalid secret -> invalid secret": {
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 1"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 2"}}
|
||||
},
|
||||
},
|
||||
"v1beta1: change valid secret -> invalid secret": {
|
||||
gv: networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name"}}
|
||||
},
|
||||
},
|
||||
"v1beta1: change invalid secret -> invalid secret": {
|
||||
gv: networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 1"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 2"}}
|
||||
},
|
||||
},
|
||||
"v1: change valid rules with wildcard host -> invalid rules": {
|
||||
gv: networkingv1.SchemeGroupVersion,
|
||||
"change valid rules with wildcard host -> invalid rules": {
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
oldIngress.Spec.Rules = []networking.IngressRule{{
|
||||
@@ -1446,70 +1355,7 @@ func TestValidateIngressUpdate(t *testing.T) {
|
||||
},
|
||||
expectedErrs: field.ErrorList{field.Invalid(field.NewPath("spec").Child("rules").Index(0).Child("http").Child("paths").Index(0).Child("path"), "foo", `must be an absolute path`)},
|
||||
},
|
||||
"v1: change invalid rules with wildcard host -> invalid rules": {
|
||||
gv: networkingv1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
oldIngress.Spec.Rules = []networking.IngressRule{{
|
||||
Host: "*.foo.com",
|
||||
IngressRuleValue: networking.IngressRuleValue{
|
||||
HTTP: &networking.HTTPIngressRuleValue{
|
||||
Paths: []networking.HTTPIngressPath{{
|
||||
Path: "foo",
|
||||
PathType: &exactPathType,
|
||||
Backend: defaultBackend,
|
||||
}},
|
||||
},
|
||||
},
|
||||
}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
newIngress.Spec.Rules = []networking.IngressRule{{
|
||||
Host: "*.foo.com",
|
||||
IngressRuleValue: networking.IngressRuleValue{
|
||||
HTTP: &networking.HTTPIngressRuleValue{
|
||||
Paths: []networking.HTTPIngressPath{{
|
||||
Path: "bar",
|
||||
PathType: &exactPathType,
|
||||
Backend: defaultBackend,
|
||||
}},
|
||||
},
|
||||
},
|
||||
}}
|
||||
},
|
||||
},
|
||||
"v1beta1: change valid rules with wildcard host -> invalid rules": {
|
||||
gv: networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
oldIngress.Spec.Rules = []networking.IngressRule{{
|
||||
Host: "*.foo.com",
|
||||
IngressRuleValue: networking.IngressRuleValue{
|
||||
HTTP: &networking.HTTPIngressRuleValue{
|
||||
Paths: []networking.HTTPIngressPath{{
|
||||
Path: "/foo",
|
||||
PathType: &exactPathType,
|
||||
Backend: defaultBackend,
|
||||
}},
|
||||
},
|
||||
},
|
||||
}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
newIngress.Spec.Rules = []networking.IngressRule{{
|
||||
Host: "*.foo.com",
|
||||
IngressRuleValue: networking.IngressRuleValue{
|
||||
HTTP: &networking.HTTPIngressRuleValue{
|
||||
Paths: []networking.HTTPIngressPath{{
|
||||
Path: "foo",
|
||||
PathType: &exactPathType,
|
||||
Backend: defaultBackend,
|
||||
}},
|
||||
},
|
||||
},
|
||||
}}
|
||||
},
|
||||
},
|
||||
"v1beta1: change invalid rules with wildcard host -> invalid rules": {
|
||||
gv: networkingv1beta1.SchemeGroupVersion,
|
||||
"change invalid rules with wildcard host -> invalid rules": {
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{Hosts: []string{"*.bar.com"}}}
|
||||
oldIngress.Spec.Rules = []networking.IngressRule{{
|
||||
@@ -1547,11 +1393,7 @@ func TestValidateIngressUpdate(t *testing.T) {
|
||||
oldIngress := baseIngress.DeepCopy()
|
||||
testCase.tweakIngresses(newIngress, oldIngress)
|
||||
|
||||
gv := testCase.gv
|
||||
if gv.Empty() {
|
||||
gv = networkingv1beta1.SchemeGroupVersion
|
||||
}
|
||||
errs := ValidateIngressUpdate(newIngress, oldIngress, gv)
|
||||
errs := ValidateIngressUpdate(newIngress, oldIngress)
|
||||
|
||||
if len(errs) != len(testCase.expectedErrs) {
|
||||
t.Fatalf("Expected %d errors, got %d (%+v)", len(testCase.expectedErrs), len(errs), errs)
|
||||
@@ -1861,7 +1703,7 @@ func TestValidateIngressTLS(t *testing.T) {
|
||||
errorCases[badWildcardTLSErr] = badWildcardTLS
|
||||
|
||||
for k, v := range errorCases {
|
||||
errs := validateIngress(&v, IngressValidationOptions{}, networkingv1beta1.SchemeGroupVersion)
|
||||
errs := validateIngress(&v, IngressValidationOptions{})
|
||||
if len(errs) == 0 {
|
||||
t.Errorf("expected failure for %q", k)
|
||||
} else {
|
||||
@@ -1885,7 +1727,7 @@ func TestValidateIngressTLS(t *testing.T) {
|
||||
}
|
||||
validCases[fmt.Sprintf("spec.tls[0].hosts: Valid value: '%v'", wildHost)] = goodWildcardTLS
|
||||
for k, v := range validCases {
|
||||
errs := validateIngress(&v, IngressValidationOptions{}, networkingv1beta1.SchemeGroupVersion)
|
||||
errs := validateIngress(&v, IngressValidationOptions{})
|
||||
if len(errs) != 0 {
|
||||
t.Errorf("expected success for %q", k)
|
||||
}
|
||||
@@ -1946,7 +1788,7 @@ func TestValidateEmptyIngressTLS(t *testing.T) {
|
||||
}
|
||||
validCases[fmt.Sprintf("spec.tls[0]: Valid value: %v", goodEmptyHosts.Spec.TLS[0])] = goodEmptyHosts
|
||||
for k, v := range validCases {
|
||||
errs := validateIngress(&v, IngressValidationOptions{}, networkingv1beta1.SchemeGroupVersion)
|
||||
errs := validateIngress(&v, IngressValidationOptions{})
|
||||
if len(errs) != 0 {
|
||||
t.Errorf("expected success for %q", k)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user