Addressing the feedback and making more CEL changes

Signed-off-by: Yetkin Timocin <ytimocin@microsoft.com>

Author: ytimocin

apis/placement/v1/clusterresourceplacement_types.go

@@ -171,10 +171,12 @@ type ResourceSelectorTerm struct {
 	// Group name of the resource to be selected.
 	// Use an empty string to select resources under the core API group (e.g., namespaces).
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=253
 	Group string `json:"group"`
 
 	// Version of the resource to be selected.
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=63
 	Version string `json:"version"`
 
 	// Kind of the resource to be selected.
@@ -187,13 +189,15 @@ type ResourceSelectorTerm struct {
 	// - NamespaceWithResources: The namespace AND all resources within it (default)
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=63
 	Kind string `json:"kind"`
 
 	// You can only specify at most one of the following two fields: Name and LabelSelector.
 	// If none is specified, all resources with the given group, version, and kind are selected.
 
 	// Name of the resource to be selected.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MaxLength=253
 	Name string `json:"name,omitempty"`
 
 	// A label query over all the resources to be selected. Resources matching the query are selected.

apis/placement/v1/override_types.go

@@ -44,6 +44,9 @@ type ClusterResourceOverride struct {
 // If the resource is selected by both ClusterResourceOverride and ResourceOverride, ResourceOverride will win when resolving
 // conflicts.
 // +kubebuilder:validation:XValidation:rule="(has(oldSelf.placement) && has(self.placement) && oldSelf.placement == self.placement) || (!has(oldSelf.placement) && !has(self.placement))",message="The placement field is immutable"
+// +kubebuilder:validation:XValidation:rule="self.clusterResourceSelectors.all(s, !has(s.labelSelector))",message="labelSelector is not supported for cluster resource override selectors"
+// +kubebuilder:validation:XValidation:rule="self.clusterResourceSelectors.all(s, s.name.size() > 0)",message="resource name is required for cluster resource override selectors"
+// +kubebuilder:validation:XValidation:rule="self.clusterResourceSelectors.all(x, self.clusterResourceSelectors.exists_one(y, x.group == y.group && x.version == y.version && x.kind == y.kind && x.name == y.name))",message="cluster resource override selectors must be unique"
 type ClusterResourceOverrideSpec struct {
 	// Placement defines whether the override is applied to a specific placement or not.
 	// If set, the override will trigger the placement rollout immediately when the rollout strategy type is RollingUpdate.
@@ -111,8 +114,10 @@ type OverridePolicy struct {
 }
 
 // OverrideRule defines how to override the selected resources on the target clusters.
-// +kubebuilder:validation:XValidation:rule="self.overrideType != 'Delete' || !has(self.jsonPatchOverrides) || size(self.jsonPatchOverrides) == 0",message="jsonPatchOverrides must be empty when overrideType is Delete"
+// +kubebuilder:validation:XValidation:rule="self.overrideType != 'Delete' || !has(self.jsonPatchOverrides) || size(self.jsonPatchOverrides) == 0",message="jsonPatchOverrides must not be set when overrideType is Delete"
 // +kubebuilder:validation:XValidation:rule="self.overrideType != 'JSONPatch' || (has(self.jsonPatchOverrides) && size(self.jsonPatchOverrides) > 0)",message="jsonPatchOverrides must not be empty when overrideType is JSONPatch"
+// +kubebuilder:validation:XValidation:rule="!has(self.clusterSelector) || !has(self.clusterSelector.clusterSelectorTerms) || self.clusterSelector.clusterSelectorTerms.all(t, !has(t.propertySelector) && !has(t.propertySorter))",message="only labelSelector is supported for override cluster selectors"
+// +kubebuilder:validation:XValidation:rule="!has(self.clusterSelector) || !has(self.clusterSelector.clusterSelectorTerms) || self.clusterSelector.clusterSelectorTerms.all(t, has(t.labelSelector))",message="labelSelector is required for override cluster selector terms"
 type OverrideRule struct {
 	// ClusterSelectors selects the target clusters.
 	// The resources will be overridden before applying to the matching clusters.
@@ -130,7 +135,6 @@ type OverrideRule struct {
 
 	// JSONPatchOverrides defines a list of JSON patch override rules.
 	// This field is only allowed when OverrideType is JSONPatch.
-	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=20
 	// +optional
 	JSONPatchOverrides []JSONPatchOverride `json:"jsonPatchOverrides,omitempty"`
@@ -169,6 +173,7 @@ type ResourceOverride struct {
 // If the resource is selected by both ClusterResourceOverride and ResourceOverride, ResourceOverride will win when resolving
 // conflicts.
 // +kubebuilder:validation:XValidation:rule="(has(oldSelf.placement) && has(self.placement) && oldSelf.placement == self.placement) || (!has(oldSelf.placement) && !has(self.placement))",message="The placement field is immutable"
+// +kubebuilder:validation:XValidation:rule="self.resourceSelectors.all(x, self.resourceSelectors.exists_one(y, x.group == y.group && x.version == y.version && x.kind == y.kind && x.name == y.name))",message="resource override selectors must be unique"
 type ResourceOverrideSpec struct {
 	// Placement defines whether the override is applied to a specific placement or not.
 	// If set, the override will trigger the placement rollout immediately when the rollout strategy type is RollingUpdate.
@@ -196,18 +201,22 @@ type ResourceOverrideSpec struct {
 type ResourceSelector struct {
 	// Group name of the namespace-scoped resource.
 	// Use an empty string to select resources under the core API group (e.g., services).
+	// +kubebuilder:validation:MaxLength=253
 	// +required
 	Group string `json:"group"`
 
 	// Version of the namespace-scoped resource.
+	// +kubebuilder:validation:MaxLength=63
 	// +required
 	Version string `json:"version"`
 
 	// Kind of the namespace-scoped resource.
+	// +kubebuilder:validation:MaxLength=63
 	// +required
 	Kind string `json:"kind"`
 
 	// Name of the namespace-scoped resource.
+	// +kubebuilder:validation:MaxLength=253
 	// +required
 	Name string `json:"name"`
 }

apis/placement/v1beta1/clusterresourceplacement_types.go

@@ -181,10 +181,12 @@ type ResourceSelectorTerm struct {
 	// Group name of the be selected resource.
 	// Use an empty string to select resources under the core API group (e.g., namespaces).
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=253
 	Group string `json:"group"`
 
 	// Version of the to be selected resource.
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=63
 	Version string `json:"version"`
 
 	// Kind of the to be selected resource.
@@ -215,13 +217,15 @@ type ResourceSelectorTerm struct {
 	// This selects: the "prod" namespace, all Deployments with label app=frontend in "prod", and the "admin" ClusterRole.
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=63
 	Kind string `json:"kind"`
 
 	// You can only specify at most one of the following two fields: Name and LabelSelector.
 	// If none is specified, all the be selected resources with the given group, version and kind are selected.
 
 	// Name of the be selected  resource.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MaxLength=253
 	Name string `json:"name,omitempty"`
 
 	// A label query over all the be selected  resources. Resources matching the query are selected.

apis/placement/v1beta1/override_types.go

@@ -45,6 +45,9 @@ type ClusterResourceOverride struct {
 // If the resource is selected by both ClusterResourceOverride and ResourceOverride, ResourceOverride will win when resolving
 // conflicts.
 // +kubebuilder:validation:XValidation:rule="(has(oldSelf.placement) && has(self.placement) && oldSelf.placement == self.placement) || (!has(oldSelf.placement) && !has(self.placement))",message="The placement field is immutable"
+// +kubebuilder:validation:XValidation:rule="self.clusterResourceSelectors.all(s, !has(s.labelSelector))",message="labelSelector is not supported for cluster resource override selectors"
+// +kubebuilder:validation:XValidation:rule="self.clusterResourceSelectors.all(s, s.name.size() > 0)",message="resource name is required for cluster resource override selectors"
+// +kubebuilder:validation:XValidation:rule="self.clusterResourceSelectors.all(x, self.clusterResourceSelectors.exists_one(y, x.group == y.group && x.version == y.version && x.kind == y.kind && x.name == y.name))",message="cluster resource override selectors must be unique"
 type ClusterResourceOverrideSpec struct {
 	// Placement defines whether the override is applied to a specific placement or not.
 	// If set, the override will trigger the placement rollout immediately when the rollout strategy type is RollingUpdate.
@@ -112,8 +115,10 @@ type OverridePolicy struct {
 }
 
 // OverrideRule defines how to override the selected resources on the target clusters.
-// +kubebuilder:validation:XValidation:rule="self.overrideType != 'Delete' || !has(self.jsonPatchOverrides) || size(self.jsonPatchOverrides) == 0",message="jsonPatchOverrides must be empty when overrideType is Delete"
+// +kubebuilder:validation:XValidation:rule="self.overrideType != 'Delete' || !has(self.jsonPatchOverrides) || size(self.jsonPatchOverrides) == 0",message="jsonPatchOverrides must not be set when overrideType is Delete"
 // +kubebuilder:validation:XValidation:rule="self.overrideType != 'JSONPatch' || (has(self.jsonPatchOverrides) && size(self.jsonPatchOverrides) > 0)",message="jsonPatchOverrides must not be empty when overrideType is JSONPatch"
+// +kubebuilder:validation:XValidation:rule="!has(self.clusterSelector) || !has(self.clusterSelector.clusterSelectorTerms) || self.clusterSelector.clusterSelectorTerms.all(t, !has(t.propertySelector) && !has(t.propertySorter))",message="only labelSelector is supported for override cluster selectors"
+// +kubebuilder:validation:XValidation:rule="!has(self.clusterSelector) || !has(self.clusterSelector.clusterSelectorTerms) || self.clusterSelector.clusterSelectorTerms.all(t, has(t.labelSelector))",message="labelSelector is required for override cluster selector terms"
 type OverrideRule struct {
 	// ClusterSelectors selects the target clusters.
 	// The resources will be overridden before applying to the matching clusters.
@@ -131,7 +136,6 @@ type OverrideRule struct {
 
 	// JSONPatchOverrides defines a list of JSON patch override rules.
 	// This field is only allowed when OverrideType is JSONPatch.
-	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=20
 	// +optional
 	JSONPatchOverrides []JSONPatchOverride `json:"jsonPatchOverrides,omitempty"`
@@ -171,6 +175,7 @@ type ResourceOverride struct {
 // If the resource is selected by both ClusterResourceOverride and ResourceOverride, ResourceOverride will win when resolving
 // conflicts.
 // +kubebuilder:validation:XValidation:rule="(has(oldSelf.placement) && has(self.placement) && oldSelf.placement == self.placement) || (!has(oldSelf.placement) && !has(self.placement))",message="The placement field is immutable"
+// +kubebuilder:validation:XValidation:rule="self.resourceSelectors.all(x, self.resourceSelectors.exists_one(y, x.group == y.group && x.version == y.version && x.kind == y.kind && x.name == y.name))",message="resource override selectors must be unique"
 type ResourceOverrideSpec struct {
 	// Placement defines whether the override is applied to a specific placement or not.
 	// If set, the override will trigger the placement rollout immediately when the rollout strategy type is RollingUpdate.
@@ -198,18 +203,22 @@ type ResourceOverrideSpec struct {
 type ResourceSelector struct {
 	// Group name of the namespace-scoped resource.
 	// Use an empty string to select resources under the core API group (e.g., services).
+	// +kubebuilder:validation:MaxLength=253
 	// +required
 	Group string `json:"group"`
 
 	// Version of the namespace-scoped resource.
+	// +kubebuilder:validation:MaxLength=63
 	// +required
 	Version string `json:"version"`
 
 	// Kind of the namespace-scoped resource.
+	// +kubebuilder:validation:MaxLength=63
 	// +required
 	Kind string `json:"kind"`
 
 	// Name of the namespace-scoped resource.
+	// +kubebuilder:validation:MaxLength=253
 	// +required
 	Name string `json:"name"`
 }