updates from api audit

Signed-off-by: Jordan Keister <[email protected]>

Author: grokspawn

api/v1alpha1/clusterextension_types.go

@@ -25,8 +25,8 @@ import (
 var ClusterExtensionKind = "ClusterExtension"
 
 type (
-	UpgradeConstraintPolicy string
-	CRDUpgradeSafetyPolicy  string
+	UpgradeConstraintPolicy     string
+	CRDUpgradeSafetyEnforcement string
 )
 
 const (
@@ -58,6 +58,7 @@ type ClusterExtensionSpec struct {
 	//   catalog:
 	//     packageName: example-package
 	//
+	// +kubebuilder:validation:Required
 	Source SourceConfig `json:"source"`
 
 	// install is a required field used to configure the installation options
@@ -69,6 +70,7 @@ type ClusterExtensionSpec struct {
 	//    namespace: example-namespace
 	//    serviceAccount:
 	//      name: example-sa
+	// +kubebuilder:validation:Required
 	Install ClusterExtensionInstallConfig `json:"install"`
 }
 
@@ -88,6 +90,7 @@ type SourceConfig struct {
 	//
 	// +unionDiscriminator
 	// +kubebuilder:validation:Enum:="Catalog"
+	// +kubebuilder:validation:Required
 	SourceType string `json:"sourceType"`
 
 	// catalog is used to configure how information is sourced from a catalog. This field must be defined when sourceType is set to "Catalog",
@@ -130,6 +133,7 @@ type ClusterExtensionInstallConfig struct {
 	//+kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	//+kubebuilder:validation:MaxLength:=63
 	//+kubebuilder:validation:XValidation:rule="self == oldSelf",message="namespace is immutable"
+	//+kubebuilder:validation:Required
 	Namespace string `json:"namespace"`
 
 	// serviceAccount is a required reference to a ServiceAccount that exists
@@ -140,6 +144,7 @@ type ClusterExtensionInstallConfig struct {
 	// the ServiceAccount provided via this field should be configured with the
 	// appropriate permissions to perform the necessary operations on all the
 	// resources that are included in the bundle of content being applied.
+	//+kubebuilder:validation:Required
 	ServiceAccount ServiceAccountReference `json:"serviceAccount"`
 
 	// preflight is an optional field that can be used to configure the preflight checks run before installation or upgrade of the content for the package specified in the packageName field.
@@ -181,6 +186,7 @@ type CatalogSource struct {
 	//+kubebuilder:validation:MaxLength:=253
 	//+kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	//+kubebuilder:validation:XValidation:rule="self == oldSelf",message="packageName is immutable"
+	//+kubebuilder:validation:Required
 	PackageName string `json:"packageName"`
 
 	// version is an optional semver constraint (a specific version or range of versions). When unspecified, the latest version available will be installed.
@@ -258,7 +264,7 @@ type CatalogSource struct {
 	// For more information on semver, please see https://semver.org/
 	//
 	//+kubebuilder:validation:MaxLength:=64
-	//+kubebuilder:validation:Pattern=`^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$`
+	//+kubebuilder:validation.XValidation:rule="self.matches(r'^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$')"", message="invalid version expression in the catalog source"
 	//+optional
 	Version string `json:"version,omitempty"`
 
@@ -373,6 +379,7 @@ type ServiceAccountReference struct {
 	//+kubebuilder:validation:MaxLength:=253
 	//+kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	//+kubebuilder:validation:XValidation:rule="self == oldSelf",message="name is immutable"
+	//+kubebuilder:validation:Required
 	Name string `json:"name"`
 }
 
@@ -386,28 +393,30 @@ type PreflightConfig struct {
 	// consequences of upgrading a CRD, such as data loss.
 	//
 	// This field is required if the spec.install.preflight field is specified.
+	//+kubebuilder:validation:Required
 	CRDUpgradeSafety *CRDUpgradeSafetyPreflightConfig `json:"crdUpgradeSafety"`
 }
 
 // CRDUpgradeSafetyPreflightConfig is the configuration for CRD upgrade safety preflight check.
 type CRDUpgradeSafetyPreflightConfig struct {
-	// policy is used to configure the state of the CRD Upgrade Safety pre-flight check.
+	// enforcement is used to configure the state of the CRD Upgrade Safety pre-flight check.
 	//
 	// This field is required when the spec.install.preflight.crdUpgradeSafety field is
 	// specified.
 	//
-	// Allowed values are ["Enabled", "Disabled"]. The default value is "Enabled".
+	// Allowed values are ["None", "Strict"]. The default value is "Strict".
 	//
-	// When set to "Disabled", the CRD Upgrade Safety pre-flight check will be skipped
+	// When set to "None", the CRD Upgrade Safety pre-flight check will be skipped
 	// when performing an upgrade operation. This should be used with caution as
 	// unintended consequences such as data loss can occur.
 	//
-	// When set to "Enabled", the CRD Upgrade Safety pre-flight check will be run when
+	// When set to "Strict", the CRD Upgrade Safety pre-flight check will be run when
 	// performing an upgrade operation.
 	//
-	//+kubebuilder:validation:Enum:="Enabled";"Disabled"
-	//+kubebuilder:default:=Enabled
-	Policy CRDUpgradeSafetyPolicy `json:"policy"`
+	//+kubebuilder:validation:Enum:="None";"Strict"
+	//+kubebuilder:default:=Strict
+	//+kubebuilder:validation:Required
+	Enforcement CRDUpgradeSafetyEnforcement `json:"enforcement"`
 }
 
 const (
@@ -428,8 +437,10 @@ const (
 	ReasonBlocked    = "Blocked"
 	ReasonRetrying   = "Retrying"
 
-	CRDUpgradeSafetyPolicyEnabled  CRDUpgradeSafetyPolicy = "Enabled"
-	CRDUpgradeSafetyPolicyDisabled CRDUpgradeSafetyPolicy = "Disabled"
+	// None will not perform CRD upgrade safety checks.
+	CRDUpgradeSafetyEnforcementNone CRDUpgradeSafetyEnforcement = "None"
+	// Strict will enforce the CRD upgrade safety check and block the upgrade if the CRD would not pass the check.
+	CRDUpgradeSafetyEnforcementStrict CRDUpgradeSafetyEnforcement = "Strict"
 )
 
 func init() {
@@ -455,9 +466,11 @@ func init() {
 type BundleMetadata struct {
 	// name is a required field and is a reference
 	// to the name of a bundle
+	//+kubebuilder:validation:Required
 	Name string `json:"name"`
 	// version is a required field and is a reference
 	// to the version that this bundle represents
+	//+kubebuilder:validation:Required
 	Version string `json:"version"`
 }
 
@@ -496,6 +509,7 @@ type ClusterExtensionStatus struct {
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
+	// +optional
 	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
 }
 
@@ -504,6 +518,7 @@ type ClusterExtensionInstallStatus struct {
 	//
 	// A "bundle" is a versioned set of content that represents the resources that
 	// need to be applied to a cluster to install a package.
+	//+kubebuilder:validation:Required
 	Bundle BundleMetadata `json:"bundle"`
 }
 
@@ -516,7 +531,9 @@ type ClusterExtension struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   ClusterExtensionSpec   `json:"spec,omitempty"`
+	//+optional
+	Spec ClusterExtensionSpec `json:"spec,omitempty"`
+	//+optional
 	Status ClusterExtensionStatus `json:"status,omitempty"`
 }
 
@@ -525,8 +542,10 @@ type ClusterExtension struct {
 // ClusterExtensionList contains a list of ClusterExtension
 type ClusterExtensionList struct {
 	metav1.TypeMeta `json:",inline"`
+	//+optional
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []ClusterExtension `json:"items"`
+	//+kubebuilder:validation:Required
+	Items []ClusterExtension `json:"items"`
 }
 
 func init() {

config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml

@@ -102,28 +102,28 @@ spec:
 
                           This field is required if the spec.install.preflight field is specified.
                         properties:
-                          policy:
-                            default: Enabled
+                          enforcement:
+                            default: Strict
                             description: |-
-                              policy is used to configure the state of the CRD Upgrade Safety pre-flight check.
+                              enforcement is used to configure the state of the CRD Upgrade Safety pre-flight check.
 
                               This field is required when the spec.install.preflight.crdUpgradeSafety field is
                               specified.
 
-                              Allowed values are ["Enabled", "Disabled"]. The default value is "Enabled".
+                              Allowed values are ["None", "Strict"]. The default value is "Strict".
 
-                              When set to "Disabled", the CRD Upgrade Safety pre-flight check will be skipped
+                              When set to "None", the CRD Upgrade Safety pre-flight check will be skipped
                               when performing an upgrade operation. This should be used with caution as
                               unintended consequences such as data loss can occur.
 
-                              When set to "Enabled", the CRD Upgrade Safety pre-flight check will be run when
+                              When set to "Strict", the CRD Upgrade Safety pre-flight check will be run when
                               performing an upgrade operation.
                             enum:
-                            - Enabled
-                            - Disabled
+                            - None
+                            - Strict
                             type: string
                         required:
-                        - policy
+                        - enforcement
                         type: object
                     required:
                     - crdUpgradeSafety
@@ -433,7 +433,6 @@ spec:
 
                           For more information on semver, please see https://semver.org/
                         maxLength: 64
-                        pattern: ^(\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|[x|X|\*])(\.(0|[1-9]\d*|x|X|\*]))?(\.(0|[1-9]\d*|x|X|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+|,\s*|\s*\|\|\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\^)\s*(v?(0|[1-9]\d*|x|X|\*])(\.(0|[1-9]\d*|x|X|\*))?(\.(0|[1-9]\d*|x|X|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$
                         type: string
                     required:
                     - packageName