fix: use size(self.name) > 0 in CEL rule to avoid YAML quote issues

AlinsRan · AlinsRan · commit 800c57c44134 · 2026-05-09T16:46:27.000+08:00
Replace self.name != '' with size(self.name) &gt; 0 in the XValidation
rule. The trailing '' in a YAML plain scalar was being mangled by
kustomize during make install, producing an invalid rule. Using size()
avoids any string-literal quoting at line end. Update test to walk
the parsed YAML structure instead of raw substring match.
diff --git a/api/v2/apisixroute_types.go b/api/v2/apisixroute_types.go
@@ -412,7 +412,7 @@ type ApisixRouteAuthenticationLDAPAuth struct {
 }
 
 // ApisixRouteHTTPMatchExprSubject describes the subject of a route matching expression.
-// +kubebuilder:validation:XValidation:rule="self.scope == 'Path' || self.name != ''",message="name is required when scope is not Path"
+// +kubebuilder:validation:XValidation:rule="self.scope == 'Path' || size(self.name) > 0",message="name is required when scope is not Path"
 type ApisixRouteHTTPMatchExprSubject struct {
 	// Scope specifies the subject scope.
 	// Supported values: `Header`, `Query`, `Path`, `Cookie`, `Variable`, `Body`.
diff --git a/api/v2/apisixroute_types_test.go b/api/v2/apisixroute_types_test.go
@@ -31,7 +31,7 @@ func strPtr(s string) *string { return &s }
 
 // celSubjectRule is the CEL expression used in the +kubebuilder:validation:XValidation
 // marker on ApisixRouteHTTPMatchExprSubject.
-const celSubjectRule = `self.scope == 'Path' || self.name != ''`
+const celSubjectRule = `self.scope == 'Path' || size(self.name) > 0`
 
 func evalCELSubjectRule(t *testing.T, scope, name string) bool {
 	t.Helper()
@@ -74,15 +74,53 @@ func TestCEL_SubjectRule_InCRD(t *testing.T) {
 	var crd map[string]any
 	require.NoError(t, yaml.Unmarshal(data, &crd))
 
+	// Ensure no typographic/smart quotes crept in anywhere in the file.
 	raw := string(data)
-	// The CEL rule must appear with ASCII single-quotes only.
-	assert.Contains(t, raw, `self.scope == 'Path' || self.name != ''`,
-		"CRD should contain the XValidation rule with ASCII quotes")
-	// Ensure no typographic/smart quotes crept in.
 	assert.NotContains(t, raw, "\u2018", "CRD must not contain left single quotation mark \u2018")
 	assert.NotContains(t, raw, "\u2019", "CRD must not contain right single quotation mark \u2019")
 	assert.NotContains(t, raw, "\u201c", "CRD must not contain left double quotation mark \u201c")
 	assert.NotContains(t, raw, "\u201d", "CRD must not contain right double quotation mark \u201d")
+
+	// Walk the parsed CRD to extract the x-kubernetes-validations rule string directly,
+	// which is more robust than substring matching against the raw YAML (line-wrapping safe).
+	rule := extractXValidationRule(t, crd)
+	assert.Equal(t, celSubjectRule, rule,
+		"XValidation rule in CRD must match the expected CEL expression")
+}
+
+// extractXValidationRule walks the parsed CRD map to find the first
+// x-kubernetes-validations rule on the subject property of HTTP match exprs.
+func extractXValidationRule(t *testing.T, crd map[string]any) string {
+	t.Helper()
+	// Path: spec.versions[0].schema.openAPIV3Schema
+	//   .properties.spec.properties.http.items
+	//   .properties.match.properties.exprs.items
+	//   .properties.subject.x-kubernetes-validations[0].rule
+	get := func(m map[string]any, key string) map[string]any {
+		v, ok := m[key]
+		require.True(t, ok, "key %q not found", key)
+		mv, ok := v.(map[string]any)
+		require.True(t, ok, "key %q is not a map", key)
+		return mv
+	}
+	spec := get(crd, "spec")
+	versions := spec["versions"].([]any)
+	require.NotEmpty(t, versions)
+	schema := get(versions[0].(map[string]any), "schema")
+	root := get(schema, "openAPIV3Schema")
+	props := get(root, "properties")
+	specProps := get(get(props, "spec"), "properties")
+	httpItems := get(get(specProps, "http"), "items")
+	matchProps := get(get(get(httpItems, "properties"), "match"), "properties")
+	exprsItems := get(get(matchProps, "exprs"), "items")
+	subject := get(get(exprsItems, "properties"), "subject")
+	validations, ok := subject["x-kubernetes-validations"].([]any)
+	require.True(t, ok, "x-kubernetes-validations not found or not a list")
+	require.NotEmpty(t, validations)
+	first := validations[0].(map[string]any)
+	rule, ok := first["rule"].(string)
+	require.True(t, ok, "rule field not found or not a string")
+	return rule
 }
 
 func TestToVars_ScopeBody_SimpleField(t *testing.T) {
diff --git a/config/crd/bases/apisix.apache.org_apisixroutes.yaml b/config/crd/bases/apisix.apache.org_apisixroutes.yaml
@@ -232,7 +232,8 @@ spec:
                                 type: object
                                 x-kubernetes-validations:
                                 - message: name is required when scope is not Path
-                                  rule: self.scope == 'Path' || self.name != ''
+                                  rule: self.scope == 'Path' || size(self.name) >
+                                    0
                               value:
                                 description: |-
                                   Value defines a single value to compare against the subject.

Original file line number	Diff line number	Diff line change
`@@ -412,7 +412,7 @@ type ApisixRouteAuthenticationLDAPAuth struct {`
`412`	`412`	`}`
`413`	`413`
`414`	`414`	`// ApisixRouteHTTPMatchExprSubject describes the subject of a route matching expression.`
`415`		`-// +kubebuilder:validation:XValidation:rule="self.scope == 'Path' \|\| self.name != ''",message="name is required when scope is not Path"`
	`415`	`+// +kubebuilder:validation:XValidation:rule="self.scope == 'Path' \|\| size(self.name) > 0",message="name is required when scope is not Path"`
`416`	`416`	`type ApisixRouteHTTPMatchExprSubject struct {`
`417`	`417`	`// Scope specifies the subject scope.`
`418`	`418`	// Supported values: `Header`, `Query`, `Path`, `Cookie`, `Variable`, `Body`.