diff --git a/api/v1alpha1/conversion_hub.go b/api/v1alpha1/conversion_hub.go index 3f0c535c..e9dd23cf 100644 --- a/api/v1alpha1/conversion_hub.go +++ b/api/v1alpha1/conversion_hub.go @@ -174,7 +174,7 @@ func (t *Tenant) ConvertTo(dstRaw conversion.Hub) error { if dst.Spec.IngressOptions == nil { dst.Spec.IngressOptions = &capsulev1beta1.IngressOptions{} } - dst.Spec.IngressOptions.IngressClasses = &capsulev1beta1.AllowedListSpec{ + dst.Spec.IngressOptions.AllowedClasses = &capsulev1beta1.AllowedListSpec{ Exact: t.Spec.IngressClasses.Exact, Regex: t.Spec.IngressClasses.Regex, } @@ -183,7 +183,7 @@ func (t *Tenant) ConvertTo(dstRaw conversion.Hub) error { if dst.Spec.IngressOptions == nil { dst.Spec.IngressOptions = &capsulev1beta1.IngressOptions{} } - dst.Spec.IngressOptions.IngressHostnames = &capsulev1beta1.AllowedListSpec{ + dst.Spec.IngressOptions.AllowedHostnames = &capsulev1beta1.AllowedListSpec{ Exact: t.Spec.IngressHostnames.Exact, Regex: t.Spec.IngressHostnames.Regex, } @@ -459,16 +459,16 @@ func (t *Tenant) ConvertFrom(srcRaw conversion.Hub) error { Regex: src.Spec.StorageClasses.Regex, } } - if src.Spec.IngressOptions != nil && src.Spec.IngressOptions.IngressClasses != nil { + if src.Spec.IngressOptions != nil && src.Spec.IngressOptions.AllowedClasses != nil { t.Spec.IngressClasses = &AllowedListSpec{ - Exact: src.Spec.IngressOptions.IngressClasses.Exact, - Regex: src.Spec.IngressOptions.IngressClasses.Regex, + Exact: src.Spec.IngressOptions.AllowedClasses.Exact, + Regex: src.Spec.IngressOptions.AllowedClasses.Regex, } } - if src.Spec.IngressOptions != nil && src.Spec.IngressOptions.IngressHostnames != nil { + if src.Spec.IngressOptions != nil && src.Spec.IngressOptions.AllowedHostnames != nil { t.Spec.IngressHostnames = &AllowedListSpec{ - Exact: src.Spec.IngressOptions.IngressHostnames.Exact, - Regex: src.Spec.IngressOptions.IngressHostnames.Regex, + Exact: src.Spec.IngressOptions.AllowedHostnames.Exact, + Regex: src.Spec.IngressOptions.AllowedHostnames.Regex, } } if src.Spec.ContainerRegistries != nil { diff --git a/api/v1alpha1/conversion_hub_test.go b/api/v1alpha1/conversion_hub_test.go index 4c87629c..4fa5cb3d 100644 --- a/api/v1alpha1/conversion_hub_test.go +++ b/api/v1alpha1/conversion_hub_test.go @@ -233,8 +233,8 @@ func generateTenantsSpecs() (Tenant, capsulev1beta1.Tenant) { ServiceOptions: v1beta1ServiceOptions, StorageClasses: v1beta1AllowedListSpec, IngressOptions: &capsulev1beta1.IngressOptions{ - IngressClasses: v1beta1AllowedListSpec, - IngressHostnames: v1beta1AllowedListSpec, + AllowedClasses: v1beta1AllowedListSpec, + AllowedHostnames: v1beta1AllowedListSpec, }, ContainerRegistries: v1beta1AllowedListSpec, NodeSelector: nodeSelector, diff --git a/api/v1beta1/ingress_options.go b/api/v1beta1/ingress_options.go index fd87000f..eaa23efe 100644 --- a/api/v1beta1/ingress_options.go +++ b/api/v1beta1/ingress_options.go @@ -5,7 +5,7 @@ package v1beta1 type IngressOptions struct { // Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. Optional. - IngressClasses *AllowedListSpec `json:"ingressClasses,omitempty"` + AllowedClasses *AllowedListSpec `json:"allowedClasses,omitempty"` // Specifies the allowed hostnames in Ingresses for the given Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed hostnames. Optional. - IngressHostnames *AllowedListSpec `json:"ingressHostnames,omitempty"` + AllowedHostnames *AllowedListSpec `json:"allowedHostnames,omitempty"` } diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 4239df7d..69bf367e 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -152,13 +152,13 @@ func (in *ExternalServiceIPsSpec) DeepCopy() *ExternalServiceIPsSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressOptions) DeepCopyInto(out *IngressOptions) { *out = *in - if in.IngressClasses != nil { - in, out := &in.IngressClasses, &out.IngressClasses + if in.AllowedClasses != nil { + in, out := &in.AllowedClasses, &out.AllowedClasses *out = new(AllowedListSpec) (*in).DeepCopyInto(*out) } - if in.IngressHostnames != nil { - in, out := &in.IngressHostnames, &out.IngressHostnames + if in.AllowedHostnames != nil { + in, out := &in.AllowedHostnames, &out.AllowedHostnames *out = new(AllowedListSpec) (*in).DeepCopyInto(*out) } diff --git a/controllers/tenant/namespaces.go b/controllers/tenant/namespaces.go index 0246b77e..cfbf9a85 100644 --- a/controllers/tenant/namespaces.go +++ b/controllers/tenant/namespaces.go @@ -64,12 +64,12 @@ func (r *Manager) syncNamespaceMetadata(namespace string, tnt *capsulev1beta1.Te annotations["scheduler.alpha.kubernetes.io/node-selector"] = strings.Join(selector, ",") } - if tnt.Spec.IngressOptions != nil && tnt.Spec.IngressOptions.IngressClasses != nil { - if len(tnt.Spec.IngressOptions.IngressClasses.Exact) > 0 { - annotations[capsulev1beta1.AvailableIngressClassesAnnotation] = strings.Join(tnt.Spec.IngressOptions.IngressClasses.Exact, ",") + if tnt.Spec.IngressOptions != nil && tnt.Spec.IngressOptions.AllowedClasses != nil { + if len(tnt.Spec.IngressOptions.AllowedClasses.Exact) > 0 { + annotations[capsulev1beta1.AvailableIngressClassesAnnotation] = strings.Join(tnt.Spec.IngressOptions.AllowedClasses.Exact, ",") } - if len(tnt.Spec.IngressOptions.IngressClasses.Regex) > 0 { - annotations[capsulev1beta1.AvailableIngressClassesRegexpAnnotation] = tnt.Spec.IngressOptions.IngressClasses.Regex + if len(tnt.Spec.IngressOptions.AllowedClasses.Regex) > 0 { + annotations[capsulev1beta1.AvailableIngressClassesRegexpAnnotation] = tnt.Spec.IngressOptions.AllowedClasses.Regex } } diff --git a/pkg/indexer/tenant/hostnames.go b/pkg/indexer/tenant/hostnames.go index 4cd8a614..5e69a200 100644 --- a/pkg/indexer/tenant/hostnames.go +++ b/pkg/indexer/tenant/hostnames.go @@ -23,8 +23,8 @@ func (IngressHostnames) Field() string { func (IngressHostnames) Func() client.IndexerFunc { return func(object client.Object) (out []string) { tenant := object.(*capsulev1beta1.Tenant) - if tenant.Spec.IngressOptions != nil && tenant.Spec.IngressOptions.IngressHostnames != nil { - out = append(out, tenant.Spec.IngressOptions.IngressHostnames.Exact...) + if tenant.Spec.IngressOptions != nil && tenant.Spec.IngressOptions.AllowedHostnames != nil { + out = append(out, tenant.Spec.IngressOptions.AllowedHostnames.Exact...) } return } diff --git a/pkg/webhook/ingress/validate_class.go b/pkg/webhook/ingress/validate_class.go index 3fb73a98..58fd2449 100644 --- a/pkg/webhook/ingress/validate_class.go +++ b/pkg/webhook/ingress/validate_class.go @@ -111,23 +111,23 @@ func (r *class) OnDelete(client.Client, *admission.Decoder, record.EventRecorder } func (r *class) validateClass(tenant capsulev1beta1.Tenant, ingressClass *string) error { - if tenant.Spec.IngressOptions.IngressClasses == nil { + if tenant.Spec.IngressOptions.AllowedClasses == nil { return nil } if ingressClass == nil { - return NewIngressClassNotValid(*tenant.Spec.IngressOptions.IngressClasses) + return NewIngressClassNotValid(*tenant.Spec.IngressOptions.AllowedClasses) } var valid, matched bool - if len(tenant.Spec.IngressOptions.IngressClasses.Exact) > 0 { - valid = tenant.Spec.IngressOptions.IngressClasses.ExactMatch(*ingressClass) + if len(tenant.Spec.IngressOptions.AllowedClasses.Exact) > 0 { + valid = tenant.Spec.IngressOptions.AllowedClasses.ExactMatch(*ingressClass) } - matched = tenant.Spec.IngressOptions.IngressClasses.RegexMatch(*ingressClass) + matched = tenant.Spec.IngressOptions.AllowedClasses.RegexMatch(*ingressClass) if !valid && !matched { - return NewIngressClassForbidden(*ingressClass, *tenant.Spec.IngressOptions.IngressClasses) + return NewIngressClassForbidden(*ingressClass, *tenant.Spec.IngressOptions.AllowedClasses) } return nil diff --git a/pkg/webhook/ingress/validate_hostnames.go b/pkg/webhook/ingress/validate_hostnames.go index 5f02b7b0..31ba829e 100644 --- a/pkg/webhook/ingress/validate_hostnames.go +++ b/pkg/webhook/ingress/validate_hostnames.go @@ -104,7 +104,7 @@ func (r *hostnames) OnDelete(client.Client, *admission.Decoder, record.EventReco } func (r *hostnames) validateHostnames(tenant capsulev1beta1.Tenant, hostnames []string) error { - if tenant.Spec.IngressOptions == nil || tenant.Spec.IngressOptions.IngressHostnames == nil { + if tenant.Spec.IngressOptions == nil || tenant.Spec.IngressOptions.AllowedHostnames == nil { return nil } @@ -113,7 +113,7 @@ func (r *hostnames) validateHostnames(tenant capsulev1beta1.Tenant, hostnames [] var invalidHostnames []string if len(hostnames) > 0 { for _, currentHostname := range hostnames { - isPresent := HostnamesList(tenant.Spec.IngressOptions.IngressHostnames.Exact).IsStringInList(currentHostname) + isPresent := HostnamesList(tenant.Spec.IngressOptions.AllowedHostnames.Exact).IsStringInList(currentHostname) if !isPresent { invalidHostnames = append(invalidHostnames, currentHostname) } @@ -124,7 +124,7 @@ func (r *hostnames) validateHostnames(tenant capsulev1beta1.Tenant, hostnames [] } var notMatchingHostnames []string - allowedRegex := tenant.Spec.IngressOptions.IngressHostnames.Regex + allowedRegex := tenant.Spec.IngressOptions.AllowedHostnames.Regex if len(allowedRegex) > 0 { for _, currentHostname := range hostnames { matched, _ = regexp.MatchString(allowedRegex, currentHostname) @@ -138,7 +138,7 @@ func (r *hostnames) validateHostnames(tenant capsulev1beta1.Tenant, hostnames [] } if !valid && !matched { - return NewIngressHostnamesNotValid(invalidHostnames, notMatchingHostnames, *tenant.Spec.IngressOptions.IngressHostnames) + return NewIngressHostnamesNotValid(invalidHostnames, notMatchingHostnames, *tenant.Spec.IngressOptions.AllowedHostnames) } return nil diff --git a/pkg/webhook/tenant/hostname_regex.go b/pkg/webhook/tenant/hostname_regex.go index 6bd9758f..90048fbd 100644 --- a/pkg/webhook/tenant/hostname_regex.go +++ b/pkg/webhook/tenant/hostname_regex.go @@ -30,8 +30,8 @@ func (h *hostnameRegexHandler) validate(decoder *admission.Decoder, req admissio return utils.ErroredResponse(err) } - if tenant.Spec.IngressOptions.IngressHostnames != nil && len(tenant.Spec.IngressOptions.IngressHostnames.Regex) > 0 { - if _, err := regexp.Compile(tenant.Spec.IngressOptions.IngressHostnames.Regex); err != nil { + if tenant.Spec.IngressOptions.AllowedHostnames != nil && len(tenant.Spec.IngressOptions.AllowedHostnames.Regex) > 0 { + if _, err := regexp.Compile(tenant.Spec.IngressOptions.AllowedHostnames.Regex); err != nil { response := admission.Denied("unable to compile allowedHostnames allowedRegex") return &response diff --git a/pkg/webhook/tenant/hostnames_collision.go b/pkg/webhook/tenant/hostnames_collision.go index 9d76de7b..5c3ea3f4 100644 --- a/pkg/webhook/tenant/hostnames_collision.go +++ b/pkg/webhook/tenant/hostnames_collision.go @@ -33,8 +33,8 @@ func (h *hostnamesCollisionHandler) validateTenant(ctx context.Context, req admi return utils.ErroredResponse(err) } - if !h.configuration.AllowTenantIngressHostnamesCollision() && tenant.Spec.IngressOptions != nil && tenant.Spec.IngressOptions.IngressHostnames != nil && len(tenant.Spec.IngressOptions.IngressHostnames.Exact) > 0 { - for _, h := range tenant.Spec.IngressOptions.IngressHostnames.Exact { + if !h.configuration.AllowTenantIngressHostnamesCollision() && tenant.Spec.IngressOptions != nil && tenant.Spec.IngressOptions.AllowedHostnames != nil && len(tenant.Spec.IngressOptions.AllowedHostnames.Exact) > 0 { + for _, h := range tenant.Spec.IngressOptions.AllowedHostnames.Exact { tntList := &capsulev1beta1.TenantList{} if err := clt.List(ctx, tntList, client.MatchingFieldsSelector{ Selector: fields.OneTermEqualSelector(".spec.ingressHostnames", h), diff --git a/pkg/webhook/tenant/ingressclass_regex.go b/pkg/webhook/tenant/ingressclass_regex.go index 9a796de6..e77ab197 100644 --- a/pkg/webhook/tenant/ingressclass_regex.go +++ b/pkg/webhook/tenant/ingressclass_regex.go @@ -30,8 +30,8 @@ func (h *ingressClassRegexHandler) validate(decoder *admission.Decoder, req admi return utils.ErroredResponse(err) } - if tenant.Spec.IngressOptions != nil && tenant.Spec.IngressOptions.IngressClasses != nil && len(tenant.Spec.IngressOptions.IngressClasses.Regex) > 0 { - if _, err := regexp.Compile(tenant.Spec.IngressOptions.IngressClasses.Regex); err != nil { + if tenant.Spec.IngressOptions != nil && tenant.Spec.IngressOptions.AllowedClasses != nil && len(tenant.Spec.IngressOptions.AllowedClasses.Regex) > 0 { + if _, err := regexp.Compile(tenant.Spec.IngressOptions.AllowedClasses.Regex); err != nil { response := admission.Denied("unable to compile ingressClasses allowedRegex") return &response