Merge pull request #2370 from frankbu/listner-validate

Fix CEL validation for listener uniqueness
kubernetes-sigs · Sep 4, 2023 · 90a3c72 · 90a3c72
2 parents d031c16 + e1dd21e
commit 90a3c72
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 5 deletions.
diff --git a/apis/v1beta1/gateway_types.go b/apis/v1beta1/gateway_types.go
@@ -128,7 +128,7 @@ type GatewaySpec struct {
 	// +kubebuilder:validation:XValidation:message="tls must not be specified for protocols ['HTTP', 'TCP', 'UDP']",rule="self.all(l, l.protocol in ['HTTP', 'TCP', 'UDP'] ? !has(l.tls) : true)"
 	// +kubebuilder:validation:XValidation:message="hostname must not be specified for protocols ['TCP', 'UDP']",rule="self.all(l, l.protocol in ['TCP', 'UDP']  ? (!has(l.hostname) || l.hostname == '') : true)"
 	// +kubebuilder:validation:XValidation:message="Listener name must be unique within the Gateway",rule="self.all(l1, self.exists_one(l2, l1.name == l2.name))"
-	// +kubebuilder:validation:XValidation:message="Combination of port, protocol and hostname must be unique for each listener",rule="self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : true)))"
+	// +kubebuilder:validation:XValidation:message="Combination of port, protocol and hostname must be unique for each listener",rule="self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))"
 	Listeners []Listener `json:"listeners"`
 
 	// Addresses requested for this Gateway. This is optional and behavior can

diff --git a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml
diff --git a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml
diff --git a/pkg/test/cel/gateway_test.go b/pkg/test/cel/gateway_test.go
@@ -351,6 +351,25 @@ func TestValidateGateway(t *testing.T) {
 				}
 			},
 		},
+		{
+			desc: "one omitted hostname is unique when protocol and port are the same",
+			mutate: func(gw *gatewayv1b1.Gateway) {
+				hostnameFoo := gatewayv1b1.Hostname("foo.com")
+				gw.Spec.Listeners = []gatewayv1b1.Listener{
+					{
+						Name:     gatewayv1b1.SectionName("foo"),
+						Protocol: gatewayv1b1.HTTPProtocolType,
+						Port:     gatewayv1b1.PortNumber(80),
+						Hostname: &hostnameFoo,
+					},
+					{
+						Name:     gatewayv1b1.SectionName("bar"),
+						Protocol: gatewayv1b1.HTTPProtocolType,
+						Port:     gatewayv1b1.PortNumber(80),
+					},
+				}
+			},
+		},
 		{
 			desc: "protocol is unique when port and hostname are the same",
 			mutate: func(gw *gatewayv1b1.Gateway) {