diff --git a/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index 527eff466bf..831f3ba2d2d 100644 --- a/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -565,3 +565,156 @@ tests: tuningOptions: connectTimeout: "4 s" expectedError: "IngressController.operator.openshift.io \"default\" is invalid: spec.tuningOptions.connectTimeout: Invalid value: \"4 s\": spec.tuningOptions.connectTimeout in body should match '^(0|([0-9]+(\\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$'" + - name: Should be able to create an IngressController with valid domain + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "foo.com" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "foo.com" + - name: Should not be able to create an IngressController with invalid domain + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + expectedError: "domain must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters" + - name: Should not be able to create an IngressController with domain label exceeding 63 characters + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "foo.1aaaaaaaaa2bbbbbbbbb3ccccccccc4ddddddddd5eeeeeeeee6fffffffff7gggg.com" + expectedError: "domain must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters" + onUpdate: + - name: Should be able to update invalid domain to a valid domain + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/maxLength + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "123-foo.com" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "123-foo.com" + - name: Should be able to retain already invalid domain when it is not modified on update + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/maxLength + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + - name: Should not be able to update already invalid domain to another invalid domain + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/maxLength + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "foo.*.com" + expectedError: "domain must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters" + - name: Should be able to update other fields while retaining invalid domain due to ratcheting + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/domain/maxLength + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + replicas: 3 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-spec-domain-test + namespace: openshift-ingress-operator + spec: + domain: "*.foo.com" + replicas: 3 diff --git a/operator/v1/types_ingress.go b/operator/v1/types_ingress.go index 240ab12c777..2f2379bbf97 100644 --- a/operator/v1/types_ingress.go +++ b/operator/v1/types_ingress.go @@ -68,6 +68,16 @@ type IngressControllerSpec struct { // // If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. // + // The domain value must be a valid DNS name. It must consist of lowercase + // alphanumeric characters, '-' or '.', and each label must start and end + // with an alphanumeric character and not exceed 63 characters. + // + // The total length of the domain is limited to account for the router name + // prefix (e.g. "router-default.") that gets prepended when constructing + // the canonical hostname. + // + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain.validate(self).hasValue()",message="domain must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters" + // +kubebuilder:validation:MaxLength=239 // +optional Domain string `json:"domain,omitempty"` diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml index 10ca42895c3..96b7e3882ac 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml @@ -165,6 +165,11 @@ spec: If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. type: string + x-kubernetes-validations: + - message: domain must consist of lowercase alphanumeric characters, + '-' or '.', and each label must start and end with an alphanumeric + character and not exceed 63 characters + rule: (has(oldSelf) && self == oldSelf) || self.matches('^([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)'+'(\.[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)*$') endpointPublishingStrategy: description: |- endpointPublishingStrategy is used to publish the ingress controller diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index ebec90a0b4e..caf0853bab0 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -166,6 +166,11 @@ spec: If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. type: string + x-kubernetes-validations: + - message: domain must consist of lowercase alphanumeric characters, + '-' or '.', and each label must start and end with an alphanumeric + character and not exceed 63 characters + rule: (has(oldSelf) && self == oldSelf) || self.matches('^([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)'+'(\.[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)*$') endpointPublishingStrategy: description: |- endpointPublishingStrategy is used to publish the ingress controller diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml index 10a5b8a259e..13548fb9959 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml @@ -166,6 +166,11 @@ spec: If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. type: string + x-kubernetes-validations: + - message: domain must consist of lowercase alphanumeric characters, + '-' or '.', and each label must start and end with an alphanumeric + character and not exceed 63 characters + rule: (has(oldSelf) && self == oldSelf) || self.matches('^([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)'+'(\.[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)*$') endpointPublishingStrategy: description: |- endpointPublishingStrategy is used to publish the ingress controller diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController+IngressControllerLBSubnetsAWS.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController+IngressControllerLBSubnetsAWS.yaml index 713c1afbb19..3de550ddf9f 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController+IngressControllerLBSubnetsAWS.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController+IngressControllerLBSubnetsAWS.yaml @@ -167,6 +167,11 @@ spec: If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. type: string + x-kubernetes-validations: + - message: domain must consist of lowercase alphanumeric characters, + '-' or '.', and each label must start and end with an alphanumeric + character and not exceed 63 characters + rule: (has(oldSelf) && self == oldSelf) || self.matches('^([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)'+'(\.[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)*$') endpointPublishingStrategy: description: |- endpointPublishingStrategy is used to publish the ingress controller diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml index 55625cb29ae..84d5bcba500 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml @@ -166,6 +166,11 @@ spec: If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. type: string + x-kubernetes-validations: + - message: domain must consist of lowercase alphanumeric characters, + '-' or '.', and each label must start and end with an alphanumeric + character and not exceed 63 characters + rule: (has(oldSelf) && self == oldSelf) || self.matches('^([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)'+'(\.[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)*$') endpointPublishingStrategy: description: |- endpointPublishingStrategy is used to publish the ingress controller