Merge pull request #2197 from shiftstack/image-api

🌱 image: Fix various immutability validations

Author: k8s-ci-robot

internal/controllers/image/reconcile.go

@@ -321,7 +321,10 @@ func getGlanceImage(ctx context.Context, orcImage *orcv1alpha1.Image, imageClien
 
 // getImageName returns the name of the glance image we should use.
 func getImageName(orcImage *orcv1alpha1.Image) string {
-	return ptr.Deref(orcImage.Spec.Resource.Name, orcImage.Name)
+	if orcImage.Spec.Resource.Name != "" {
+		return orcImage.Spec.Resource.Name
+	}
+	return orcImage.Name
 }
 
 func listOptsFromImportFilter(filter *orcv1alpha1.ImageFilter) images.ListOptsBuilder {

orc/api/v1alpha1/image_types.go

@@ -218,21 +218,18 @@ type ImageContent struct {
 	// ContainerFormat is the format of the image container.
 	// qcow2 and raw images do not usually have a container. This is specified as "bare", which is also the default.
 	// Permitted values are ami, ari, aki, bare, ovf, ova, and docker.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="containerFormat is immutable"
 	// +kubebuilder:default:=bare
 	// +optional
 	ContainerFormat ImageContainerFormat `json:"containerFormat,omitempty"`
 
 	// DiskFormat is the format of the disk image.
 	// Normal values are "qcow2", or "raw". Glance may be configured to support others.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="diskFormat is immutable"
 	// +kubebuilder:validation:Required
 	DiskFormat ImageDiskFormat `json:"diskFormat"`
 
 	// Download describes how to obtain image data by downloading it from a URL.
 	// Must be set when creating a managed image.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="download is immutable"
-	// +unionMember
+	// +kubebuilder:validation:Required
 	Download *ImageContentSourceDownload `json:"download,omitempty"`
 }
 
@@ -273,21 +270,25 @@ type ImageHash struct {
 }
 
 // ImageResourceSpec contains the desired state of a Glance image
+// +kubebuilder:validation:XValidation:rule="has(self.name) ? self.name == oldSelf.name : !has(oldSelf.name)",message="name is immutable"
+// +kubebuilder:validation:XValidation:rule="has(self.protected) ? self.protected == oldSelf.protected : !has(oldSelf.protected)",message="name is immutable"
+// +kubebuilder:validation:XValidation:rule="has(self.tags) ? self.tags == oldSelf.tags : !has(oldSelf.tags)",message="tags is immutable"
+// +kubebuilder:validation:XValidation:rule="has(self.visibility) ? self.visibility == oldSelf.visibility : !has(oldSelf.visibility)",message="visibility is immutable"
+// +kubebuilder:validation:XValidation:rule="has(self.properties) ? self.properties == oldSelf.properties : !has(oldSelf.properties)",message="properties is immutable"
 type ImageResourceSpec struct {
 	// Name will be the name of the created Glance image. If not specified, the
 	// name of the Image object will be used.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="imageName is immutable"
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=1000
 	// +optional
-	Name *string `json:"name,omitempty"`
+	Name string `json:"name,omitempty"`
 
 	// Protected specifies that the image is protected from deletion.
 	// If not specified, the default is false.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="protected is immutable"
 	// +optional
 	Protected *bool `json:"protected,omitempty"`
 
 	// Tags is a list of tags which will be applied to the image. A tag has a maximum length of 255 characters.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="tags is immutable"
 	// +listType=set
 	// +optional
 	Tags []ImageTag `json:"tags,omitempty"`
@@ -298,7 +299,6 @@ type ImageResourceSpec struct {
 	Visibility *ImageVisibility `json:"visibility,omitempty"`
 
 	// Properties is metadata available to consumers of the image
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="properties is immutable"
 	// +optional
 	Properties *ImageProperties `json:"properties,omitempty"`
 

orc/api/v1alpha1/zz_generated.deepcopy.go

@@ -163,9 +163,6 @@ spec:
                         - ova
                         - docker
                         type: string
-                        x-kubernetes-validations:
-                        - message: containerFormat is immutable
-                          rule: self == oldSelf
                       diskFormat:
                         description: |-
                           DiskFormat is the format of the disk image.
@@ -183,9 +180,6 @@ spec:
                         - ploop
                         - iso
                         type: string
-                        x-kubernetes-validations:
-                        - message: diskFormat is immutable
-                          rule: self == oldSelf
                       download:
                         description: |-
                           Download describes how to obtain image data by downloading it from a URL.
@@ -241,11 +235,9 @@ spec:
                         required:
                         - url
                         type: object
-                        x-kubernetes-validations:
-                        - message: download is immutable
-                          rule: self == oldSelf
                     required:
                     - diskFormat
+                    - download
                     type: object
                     x-kubernetes-validations:
                     - message: content is immutable
@@ -254,10 +246,9 @@ spec:
                     description: |-
                       Name will be the name of the created Glance image. If not specified, the
                       name of the Image object will be used.
+                    maxLength: 1000
+                    minLength: 1
                     type: string
-                    x-kubernetes-validations:
-                    - message: imageName is immutable
-                      rule: self == oldSelf
                   properties:
                     description: Properties is metadata available to consumers of
                       the image
@@ -402,17 +393,11 @@ spec:
                         minimum: 1
                         type: integer
                     type: object
-                    x-kubernetes-validations:
-                    - message: properties is immutable
-                      rule: self == oldSelf
                   protected:
                     description: |-
                       Protected specifies that the image is protected from deletion.
                       If not specified, the default is false.
                     type: boolean
-                    x-kubernetes-validations:
-                    - message: protected is immutable
-                      rule: self == oldSelf
                   tags:
                     description: Tags is a list of tags which will be applied to the
                       image. A tag has a maximum length of 255 characters.
@@ -422,9 +407,6 @@ spec:
                       type: string
                     type: array
                     x-kubernetes-list-type: set
-                    x-kubernetes-validations:
-                    - message: tags is immutable
-                      rule: self == oldSelf
                   visibility:
                     description: Visibility of the image
                     enum:
@@ -437,6 +419,20 @@ spec:
                     - message: visibility is immutable
                       rule: self == oldSelf
                 type: object
+                x-kubernetes-validations:
+                - message: name is immutable
+                  rule: 'has(self.name) ? self.name == oldSelf.name : !has(oldSelf.name)'
+                - message: name is immutable
+                  rule: 'has(self.protected) ? self.protected == oldSelf.protected
+                    : !has(oldSelf.protected)'
+                - message: tags is immutable
+                  rule: 'has(self.tags) ? self.tags == oldSelf.tags : !has(oldSelf.tags)'
+                - message: visibility is immutable
+                  rule: 'has(self.visibility) ? self.visibility == oldSelf.visibility
+                    : !has(oldSelf.visibility)'
+                - message: properties is immutable
+                  rule: 'has(self.properties) ? self.properties == oldSelf.properties
+                    : !has(oldSelf.properties)'
             required:
             - cloudCredentialsRef
             type: object