feat(api): label selector for storage, ingress, podpriority classes

2026-02-14 09:59:57 +00:00 · 2022-12-23 15:31:59 +01:00
parent 289b079530
commit 93fbca9b18
13 changed files with 232 additions and 42 deletions
--- a/api/v1alpha1/conversion_hub_test.go
+++ b/api/v1alpha1/conversion_hub_test.go
@@ -61,9 +61,11 @@ func generateTenantsSpecs() (Tenant, capsulev1beta1.Tenant) {
 			Allowed: []api.AllowedIP{"192.168.0.1"},
 		},
 	}
-	v1beta1AllowedListSpec := &api.AllowedListSpec{
-		Exact: []string{"foo", "bar"},
-		Regex: "^foo*",
+	v1beta2AllowedListSpec := &api.SelectorAllowedListSpec{
+		AllowedListSpec: api.AllowedListSpec{
+			Exact: []string{"foo", "bar"},
+			Regex: "^foo*",
+		},
 	}
 	networkPolicies := []networkingv1.NetworkPolicySpec{
 		{
@@ -235,13 +237,13 @@ func generateTenantsSpecs() (Tenant, capsulev1beta1.Tenant) {
 			},
 			NamespaceOptions: v1beta1NamespaceOptions,
 			ServiceOptions:   v1beta1ServiceOptions,
-			StorageClasses:   v1beta1AllowedListSpec,
+			StorageClasses:   &v1beta2AllowedListSpec.AllowedListSpec,
 			IngressOptions: capsulev1beta1.IngressOptions{
 				HostnameCollisionScope: api.HostnameCollisionScopeDisabled,
-				AllowedClasses:         v1beta1AllowedListSpec,
-				AllowedHostnames:       v1beta1AllowedListSpec,
+				AllowedClasses:         &v1beta2AllowedListSpec.AllowedListSpec,
+				AllowedHostnames:       &v1beta2AllowedListSpec.AllowedListSpec,
 			},
-			ContainerRegistries: v1beta1AllowedListSpec,
+			ContainerRegistries: &v1beta2AllowedListSpec.AllowedListSpec,
 			NodeSelector:        nodeSelector,
 			NetworkPolicies: api.NetworkPolicySpec{
 				Items: networkPolicies,
--- a/api/v1beta2/ingress_options.go
+++ b/api/v1beta2/ingress_options.go
@@ -9,7 +9,7 @@ import (

 type IngressOptions struct {
 	// Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. Optional.
-	AllowedClasses *api.AllowedListSpec `json:"allowedClasses,omitempty"`
+	AllowedClasses *api.SelectorAllowedListSpec `json:"allowedClasses,omitempty"`
 	// Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.
 	//
 	//
--- a/api/v1beta2/tenant_conversion_hub.go
+++ b/api/v1beta2/tenant_conversion_hub.go
@@ -85,7 +85,11 @@ func (in *Tenant) ConvertFrom(raw conversion.Hub) error {
 	}

 	in.Spec.ServiceOptions = src.Spec.ServiceOptions
-	in.Spec.StorageClasses = src.Spec.StorageClasses
+	if src.Spec.StorageClasses != nil {
+		in.Spec.StorageClasses = &api.SelectorAllowedListSpec{
+			AllowedListSpec: *src.Spec.StorageClasses,
+		}
+	}

 	if scope := src.Spec.IngressOptions.HostnameCollisionScope; len(scope) > 0 {
 		in.Spec.IngressOptions.HostnameCollisionScope = scope
@@ -102,7 +106,9 @@ func (in *Tenant) ConvertFrom(raw conversion.Hub) error {
 	}

 	if ingressClass := src.Spec.IngressOptions.AllowedClasses; ingressClass != nil {
-		in.Spec.IngressOptions.AllowedClasses = ingressClass
+		in.Spec.IngressOptions.AllowedClasses = &api.SelectorAllowedListSpec{
+			AllowedListSpec: *ingressClass,
+		}
 	}

 	if hostnames := src.Spec.IngressOptions.AllowedHostnames; hostnames != nil {
@@ -116,7 +122,12 @@ func (in *Tenant) ConvertFrom(raw conversion.Hub) error {
 	in.Spec.ResourceQuota = src.Spec.ResourceQuota
 	in.Spec.AdditionalRoleBindings = src.Spec.AdditionalRoleBindings
 	in.Spec.ImagePullPolicies = src.Spec.ImagePullPolicies
-	in.Spec.PriorityClasses = src.Spec.PriorityClasses
+
+	if src.Spec.PriorityClasses != nil {
+		in.Spec.PriorityClasses = &api.SelectorAllowedListSpec{
+			AllowedListSpec: *src.Spec.PriorityClasses,
+		}
+	}

 	if v, found := annotations["capsule.clastix.io/cordon"]; found {
 		value, err := strconv.ParseBool(v)
@@ -207,12 +218,14 @@ func (in *Tenant) ConvertTo(raw conversion.Hub) error {
 	}

 	dst.Spec.ServiceOptions = in.Spec.ServiceOptions
-	dst.Spec.StorageClasses = in.Spec.StorageClasses
+	if in.Spec.StorageClasses != nil {
+		dst.Spec.StorageClasses = &in.Spec.StorageClasses.AllowedListSpec
+	}

 	dst.Spec.IngressOptions.HostnameCollisionScope = in.Spec.IngressOptions.HostnameCollisionScope

 	if allowed := in.Spec.IngressOptions.AllowedClasses; allowed != nil {
-		dst.Spec.IngressOptions.AllowedClasses = allowed
+		dst.Spec.IngressOptions.AllowedClasses = &allowed.AllowedListSpec
 	}

 	if allowed := in.Spec.IngressOptions.AllowedHostnames; allowed != nil {
@@ -231,7 +244,10 @@ func (in *Tenant) ConvertTo(raw conversion.Hub) error {
 	dst.Spec.ResourceQuota = in.Spec.ResourceQuota
 	dst.Spec.AdditionalRoleBindings = in.Spec.AdditionalRoleBindings
 	dst.Spec.ImagePullPolicies = in.Spec.ImagePullPolicies
-	dst.Spec.PriorityClasses = in.Spec.PriorityClasses
+
+	if in.Spec.PriorityClasses != nil {
+		dst.Spec.PriorityClasses = &in.Spec.PriorityClasses.AllowedListSpec
+	}

 	if in.Spec.PreventDeletion {
 		annotations[api.ProtectedTenantAnnotation] = "true" //nolint:goconst
--- a/api/v1beta2/tenant_types.go
+++ b/api/v1beta2/tenant_types.go
@@ -18,7 +18,7 @@ type TenantSpec struct {
 	// Specifies options for the Service, such as additional metadata or block of certain type of Services. Optional.
 	ServiceOptions *api.ServiceOptions `json:"serviceOptions,omitempty"`
 	// Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. Optional.
-	StorageClasses *api.AllowedListSpec `json:"storageClasses,omitempty"`
+	StorageClasses *api.SelectorAllowedListSpec `json:"storageClasses,omitempty"`
 	// Specifies options for the Ingress resources, such as allowed hostnames and IngressClass. Optional.
 	IngressOptions IngressOptions `json:"ingressOptions,omitempty"`
 	// Specifies the trusted Image Registries assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed trusted registries. Optional.
@@ -36,7 +36,7 @@ type TenantSpec struct {
 	// Specify the allowed values for the imagePullPolicies option in Pod resources. Capsule assures that all Pod resources created in the Tenant can use only one of the allowed policy. Optional.
 	ImagePullPolicies []api.ImagePullPolicySpec `json:"imagePullPolicies,omitempty"`
 	// Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. Optional.
-	PriorityClasses *api.AllowedListSpec `json:"priorityClasses,omitempty"`
+	PriorityClasses *api.SelectorAllowedListSpec `json:"priorityClasses,omitempty"`
 	// Toggling the Tenant resources cordoning, when enable resources cannot be deleted.
 	Cordoned bool `json:"cordoned,omitempty"`
 	// Prevent accidental deletion of the Tenant.
--- a/api/v1beta2/zz_generated.deepcopy.go
+++ b/api/v1beta2/zz_generated.deepcopy.go
@@ -261,7 +261,7 @@ func (in *IngressOptions) DeepCopyInto(out *IngressOptions) {
 	*out = *in
 	if in.AllowedClasses != nil {
 		in, out := &in.AllowedClasses, &out.AllowedClasses
-		*out = new(api.AllowedListSpec)
+		*out = new(api.SelectorAllowedListSpec)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.AllowedHostnames != nil {
@@ -718,7 +718,7 @@ func (in *TenantSpec) DeepCopyInto(out *TenantSpec) {
 	}
 	if in.StorageClasses != nil {
 		in, out := &in.StorageClasses, &out.StorageClasses
-		*out = new(api.AllowedListSpec)
+		*out = new(api.SelectorAllowedListSpec)
 		(*in).DeepCopyInto(*out)
 	}
 	in.IngressOptions.DeepCopyInto(&out.IngressOptions)
@@ -751,7 +751,7 @@ func (in *TenantSpec) DeepCopyInto(out *TenantSpec) {
 	}
 	if in.PriorityClasses != nil {
 		in, out := &in.PriorityClasses, &out.PriorityClasses
-		*out = new(api.AllowedListSpec)
+		*out = new(api.SelectorAllowedListSpec)
 		(*in).DeepCopyInto(*out)
 	}
 }