chore: kube-api-linter make maxlength validation more strict (#2742)

Author: pmalek

.golangci-kube-api.yaml

@@ -125,4 +125,10 @@ linters:
       - linters:
           - kubeapilinter
         path: api/(konnect/v1alpha(1|2)|gateway-operator/v2beta1)/.*
-        text: 'maxlength: .*'
+        text: 'maxlength: field .* must have a maximum items, add kubebuilder:validation:MaxItems marker'
+
+      # TODO: remove this.
+      - linters:
+          - kubeapilinter
+        path: api/(common/v1alpha1|konnect/v1alpha1|konnect/v1alpha2)/.*
+        text: 'maxlength: field .* must have a maximum length, add kubebuilder:validation:(items:)?MaxLength marker'

api/gateway-operator/v1beta1/controlplane_conversion.go

@@ -216,7 +216,7 @@ func (c *ControlPlaneOptions) convertTo(dst *operatorv2beta1.ControlPlaneOptions
 			return err
 		}
 
-		storageState, err := parseEnvForToggle[operatorv2beta1.ControlPlaneKonnectLicensingState](envControllerEnableKonnectLicensingStorage, containerEnvVars)
+		storageState, err := parseEnvForToggle[operatorv2beta1.ControlPlaneKonnectLicenseStorageState](envControllerEnableKonnectLicensingStorage, containerEnvVars)
 		if err != nil {
 			return err
 		}

api/gateway-operator/v2beta1/controlplane_types.go

@@ -101,6 +101,7 @@ type ControlPlaneOptions struct {
 	// If omitted, Ingress resources will not be supported by the ControlPlane.
 	//
 	// +optional
+	// +kubebuilder:validation:MaxLength=63
 	IngressClass *string `json:"ingressClass,omitempty"`
 
 	// WatchNamespaces indicates the namespaces to watch for resources.
@@ -253,6 +254,8 @@ type ControlPlaneDataPlaneSync struct {
 }
 
 // ControlPlaneReverseSyncState defines the state of the reverse sync feature.
+//
+// +kubebuilder:validation:Enum=enabled;disabled
 type ControlPlaneReverseSyncState string
 
 const (
@@ -304,6 +307,7 @@ type ControlPlaneDataPlaneTargetRef struct {
 	//
 	// +required
 	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
 	Name string `json:"name"`
 }
 
@@ -415,6 +419,7 @@ type ControlPlaneController struct {
 	//
 	// +required
 	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
 	Name string `json:"name"`
 
 	// State indicates whether the feature gate is enabled or disabled.
@@ -425,6 +430,8 @@ type ControlPlaneController struct {
 }
 
 // FeatureGateState defines the state of a feature gate.
+//
+// +kubebuilder:validation:Enum=enabled;disabled
 type FeatureGateState string
 
 const (
@@ -443,12 +450,12 @@ type ControlPlaneFeatureGate struct {
 	//
 	// +required
 	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
 	Name string `json:"name"`
 
 	// State indicates whether the feature gate is enabled or disabled.
 	//
 	// +required
-	// +kubebuilder:validation:Enum=enabled;disabled
 	State FeatureGateState `json:"state"`
 }
 
@@ -497,6 +504,7 @@ type ControlPlaneDataPlaneStatus struct {
 	//
 	// +required
 	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
 	Name string `json:"name"`
 }
 
@@ -523,7 +531,6 @@ type ControlPlaneKonnectOptions struct {
 	//
 	// +optional
 	// +kubebuilder:default=enabled
-	// +kubebuilder:validation:Enum=enabled;disabled
 	ConsumersSync *ControlPlaneKonnectConsumersSyncState `json:"consumersSync,omitempty"`
 
 	// Licensing defines the configuration for Konnect licensing.
@@ -543,6 +550,8 @@ type ControlPlaneKonnectOptions struct {
 }
 
 // ControlPlaneKonnectConsumersSyncState defines the state of consumer synchronization with Konnect.
+//
+// +kubebuilder:validation:Enum=enabled;disabled
 type ControlPlaneKonnectConsumersSyncState string
 
 const (
@@ -563,7 +572,6 @@ type ControlPlaneKonnectLicensing struct {
 	//
 	// +optional
 	// +kubebuilder:default=disabled
-	// +kubebuilder:validation:Enum=enabled;disabled
 	State *ControlPlaneKonnectLicensingState `json:"state,omitempty"`
 
 	// InitialPollingPeriod is the initial polling period for license checks.
@@ -582,11 +590,24 @@ type ControlPlaneKonnectLicensing struct {
 	//
 	// +optional
 	// +kubebuilder:default=enabled
-	// +kubebuilder:validation:Enum=enabled;disabled
-	StorageState *ControlPlaneKonnectLicensingState `json:"storageState,omitempty"`
+	StorageState *ControlPlaneKonnectLicenseStorageState `json:"storageState,omitempty"`
 }
 
+// ControlPlaneKonnectLicenseStorageState defines the state of Konnect licensing.
+//
+// +kubebuilder:validation:Enum=enabled;disabled
+type ControlPlaneKonnectLicenseStorageState string
+
+const (
+	// ControlPlaneKonnectLicenseStorageStateEnabled indicates that Konnect license storage is enabled.
+	ControlPlaneKonnectLicenseStorageStateEnabled ControlPlaneKonnectLicenseStorageState = "enabled"
+	// ControlPlaneKonnectLicenseStorageStateDisabled indicates that Konnect license storage is disabled.
+	ControlPlaneKonnectLicenseStorageStateDisabled ControlPlaneKonnectLicenseStorageState = "disabled"
+)
+
 // ControlPlaneKonnectLicensingState defines the state of Konnect licensing.
+//
+// +kubebuilder:validation:Enum=enabled;disabled
 type ControlPlaneKonnectLicensingState string
 
 const (

api/gateway-operator/v2beta1/gatewayconfiguration_types.go

@@ -155,6 +155,7 @@ type GatewayConfigDataPlaneOptions struct {
 	// use this GatewayConfig.
 	//
 	// +optional
+	// +kubebuilder:validation:MaxItems=32
 	PluginsToInstall []NamespacedName `json:"pluginsToInstall,omitempty"`
 }
 

api/gateway-operator/v2beta1/shared_types.go

@@ -71,8 +71,10 @@ type HorizontalScaling struct {
 	// increased, and vice-versa.  See the individual metric source types for
 	// more information about how each type of metric must respond.
 	// If not set, the default metric will be set to 80% average CPU utilization.
+	//
 	// +listType=atomic
 	// +optional
+	// +kubebuilder:validation:MaxItems=8
 	Metrics []autoscalingv2.MetricSpec `json:"metrics,omitempty" protobuf:"bytes,4,rep,name=metrics"`
 
 	// behavior configures the scaling behavior of the target
@@ -250,11 +252,13 @@ type NamespacedName struct {
 	//
 	// +required
 	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
 	Name string `json:"name"`
 
 	// Namespace is the namespace of the resource.
 	//
 	// +optional
+	// +kubebuilder:validation:MaxLength=63
 	Namespace string `json:"namespace"`
 }
 
@@ -288,6 +292,7 @@ type ServiceOptions struct {
 	// If Name is empty, the controller will generate a service name from the owning object.
 	//
 	// +optional
+	// +kubebuilder:validation:MaxLength=63
 	Name *string `json:"name,omitempty"`
 
 	// Annotations is an unstructured key value map stored with a resource that may be

api/gateway-operator/v2beta1/watch_namespaces_types.go

@@ -16,6 +16,8 @@ type WatchNamespaces struct {
 	// Only used when Type is set to List.
 	//
 	// +optional
+	// +kubebuilder:validation:MaxItems=64
+	// +kubebuilder:validation:items:MaxLength=64
 	List []string `json:"list,omitempty"`
 }
 

api/gateway-operator/v2beta1/zz_generated.deepcopy.go

@@ -482,7 +482,7 @@ func TestControlPlane_RoundTrip(t *testing.T) {
 							State:                lo.ToPtr(operatorv2beta1.ControlPlaneKonnectLicensingStateEnabled),
 							InitialPollingPeriod: &metav1.Duration{Duration: 10 * time.Second},
 							PollingPeriod:        &metav1.Duration{Duration: 60 * time.Second},
-							StorageState:         lo.ToPtr(operatorv2beta1.ControlPlaneKonnectLicensingStateDisabled),
+							StorageState:         lo.ToPtr(operatorv2beta1.ControlPlaneKonnectLicenseStorageStateDisabled),
 						},
 						NodeRefreshPeriod:  &metav1.Duration{Duration: 30 * time.Second},
 						ConfigUploadPeriod: &metav1.Duration{Duration: 10 * time.Second},

api/test/conversion/gateway-operator.konghq.com/v1beta1/controlplane_test.go

@@ -502,7 +502,7 @@ func TestGatewayConfiguration_RoundTrip(t *testing.T) {
 									State:                lo.ToPtr(operatorv2beta1.ControlPlaneKonnectLicensingStateEnabled),
 									InitialPollingPeriod: &metav1.Duration{Duration: 10 * time.Second},
 									PollingPeriod:        &metav1.Duration{Duration: 60 * time.Second},
-									StorageState:         lo.ToPtr(operatorv2beta1.ControlPlaneKonnectLicensingStateDisabled),
+									StorageState:         lo.ToPtr(operatorv2beta1.ControlPlaneKonnectLicenseStorageStateDisabled),
 								},
 								NodeRefreshPeriod:  &metav1.Duration{Duration: 30 * time.Second},
 								ConfigUploadPeriod: &metav1.Duration{Duration: 10 * time.Second},

api/test/conversion/gateway-operator.konghq.com/v1beta1/gatewayconfiguration_test.go

@@ -9456,6 +9456,7 @@ spec:
                   properties:
                     name:
                       description: Name is the name of the controller.
+                      maxLength: 63
                       minLength: 1
                       type: string
                     state:
@@ -9487,6 +9488,7 @@ spec:
                     properties:
                       name:
                         description: Ref is the name of the DataPlane to configure.
+                        maxLength: 63
                         minLength: 1
                         type: string
                     required:
@@ -9519,6 +9521,9 @@ spec:
                     description: |-
                       ReverseSync sends configuration to DataPlane (Kong Gateway) even if
                       the configuration checksum has not changed since previous update.
+                    enum:
+                    - enabled
+                    - disabled
                     type: string
                   timeout:
                     description: Timeout is the timeout of a single run of syncing
@@ -9580,6 +9585,7 @@ spec:
                   properties:
                     name:
                       description: Name is the name of the feature gate.
+                      maxLength: 63
                       minLength: 1
                       type: string
                     state:
@@ -9620,6 +9626,7 @@ spec:
                   which Ingress resources this ControlPlane should be responsible for.
 
                   If omitted, Ingress resources will not be supported by the ControlPlane.
+                maxLength: 63
                 type: string
               konnect:
                 description: Konnect defines the Konnect-related configuration options
@@ -9775,7 +9782,9 @@ spec:
                       List is a list of namespaces to watch for resources.
                       Only used when Type is set to List.
                     items:
+                      maxLength: 64
                       type: string
+                    maxItems: 64
                     type: array
                   type:
                     description: |-
@@ -9881,6 +9890,7 @@ spec:
                   properties:
                     name:
                       description: Name is the name of the controller.
+                      maxLength: 63
                       minLength: 1
                       type: string
                     state:
@@ -9906,6 +9916,7 @@ spec:
                 properties:
                   name:
                     description: Name is the name of the DataPlane.
+                    maxLength: 63
                     minLength: 1
                     type: string
                 required:
@@ -9921,6 +9932,7 @@ spec:
                   properties:
                     name:
                       description: Name is the name of the feature gate.
+                      maxLength: 63
                       minLength: 1
                       type: string
                     state:
@@ -38679,6 +38691,7 @@ spec:
                       properties:
                         name:
                           description: Name is the name of the controller.
+                          maxLength: 63
                           minLength: 1
                           type: string
                         state:
@@ -38710,6 +38723,9 @@ spec:
                         description: |-
                           ReverseSync sends configuration to DataPlane (Kong Gateway) even if
                           the configuration checksum has not changed since previous update.
+                        enum:
+                        - enabled
+                        - disabled
                         type: string
                       timeout:
                         description: Timeout is the timeout of a single run of syncing
@@ -38726,6 +38742,7 @@ spec:
                       properties:
                         name:
                           description: Name is the name of the feature gate.
+                          maxLength: 63
                           minLength: 1
                           type: string
                         state:
@@ -38766,6 +38783,7 @@ spec:
                       which Ingress resources this ControlPlane should be responsible for.
 
                       If omitted, Ingress resources will not be supported by the ControlPlane.
+                    maxLength: 63
                     type: string
                   konnect:
                     description: Konnect defines the Konnect-related configuration
@@ -38924,7 +38942,9 @@ spec:
                           List is a list of namespaces to watch for resources.
                           Only used when Type is set to List.
                         items:
+                          maxLength: 64
                           type: string
+                        maxItems: 64
                         type: array
                       type:
                         description: |-
@@ -48280,6 +48300,7 @@ spec:
                                   required:
                                   - type
                                   type: object
+                                maxItems: 8
                                 type: array
                                 x-kubernetes-list-type: atomic
                               minReplicas:
@@ -48353,6 +48374,7 @@ spec:
                                 description: |-
                                   Name defines the name of the service.
                                   If Name is empty, the controller will generate a service name from the owning object.
+                                maxLength: 63
                                 type: string
                               type:
                                 default: LoadBalancer
@@ -48396,14 +48418,17 @@ spec:
                       properties:
                         name:
                           description: Name is the name of the resource.
+                          maxLength: 63
                           minLength: 1
                           type: string
                         namespace:
                           description: Namespace is the namespace of the resource.
+                          maxLength: 63
                           type: string
                       required:
                       - name
                       type: object
+                    maxItems: 32
                     type: array
                   resources:
                     description: |-