⚠️ Add additional MinProperties & MinItems validation across multiple APIs (#12538)

* More validation rules

* Fix linter

Author: fabriziopandini

api/addons/v1beta2/clusterresourceset_types.go

@@ -61,10 +61,11 @@ type ClusterResourceSetSpec struct {
 	ClusterSelector metav1.LabelSelector `json:"clusterSelector"`
 
 	// resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters.
-	// +optional
+	// +required
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
-	Resources []ResourceRef `json:"resources,omitempty"`
+	Resources []ResourceRef `json:"resources"`
 
 	// strategy is the strategy to be used during applying resources. Defaults to ApplyOnce. This field is immutable.
 	// +kubebuilder:validation:Enum=ApplyOnce;Reconcile

api/bootstrap/kubeadm/v1beta2/kubeadm_types.go

@@ -78,6 +78,7 @@ type InitConfiguration struct {
 	// This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	BootstrapTokens []BootstrapToken `json:"bootstrapTokens,omitempty"`
 
@@ -101,6 +102,7 @@ type InitConfiguration struct {
 	// This option takes effect only on Kubernetes >=1.22.0.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=50
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=256
@@ -202,6 +204,7 @@ type APIServer struct {
 	// extraVolumes is an extra set of host volumes, mounted to the control plane component.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	ExtraVolumes []HostPathMount `json:"extraVolumes,omitempty"`
 
@@ -210,12 +213,14 @@ type APIServer struct {
 	// This option takes effect only on Kubernetes >=1.31.0.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	ExtraEnvs []EnvVar `json:"extraEnvs,omitempty"`
 
 	// certSANs sets extra Subject Alternative Names for the API Server signing cert.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=253
@@ -240,6 +245,7 @@ type ControllerManager struct {
 	// extraVolumes is an extra set of host volumes, mounted to the control plane component.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	ExtraVolumes []HostPathMount `json:"extraVolumes,omitempty"`
 
@@ -248,6 +254,7 @@ type ControllerManager struct {
 	// This option takes effect only on Kubernetes >=1.31.0.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	ExtraEnvs []EnvVar `json:"extraEnvs,omitempty"`
 }
@@ -270,6 +277,7 @@ type Scheduler struct {
 	// extraVolumes is an extra set of host volumes, mounted to the control plane component.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	ExtraVolumes []HostPathMount `json:"extraVolumes,omitempty"`
 
@@ -278,6 +286,7 @@ type Scheduler struct {
 	// This option takes effect only on Kubernetes >=1.31.0.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	ExtraEnvs []EnvVar `json:"extraEnvs,omitempty"`
 }
@@ -367,6 +376,7 @@ type NodeRegistrationOptions struct {
 	// Value 'all' ignores errors from all checks.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=50
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=512
@@ -416,6 +426,7 @@ type BootstrapToken struct {
 	// for establishing bidirectional trust, but that can be changed here.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=256
@@ -425,6 +436,7 @@ type BootstrapToken struct {
 	// used for authentication
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=256
@@ -446,6 +458,7 @@ type Etcd struct {
 }
 
 // LocalEtcd describes that kubeadm should run an etcd cluster locally.
+// +kubebuilder:validation:MinProperties=1
 type LocalEtcd struct {
 	// ImageMeta allows to customize the container used for etcd
 	ImageMeta `json:",inline"`
@@ -474,12 +487,14 @@ type LocalEtcd struct {
 	// This option takes effect only on Kubernetes >=1.31.0.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	ExtraEnvs []EnvVar `json:"extraEnvs,omitempty"`
 
 	// serverCertSANs sets extra Subject Alternative Names for the etcd server signing cert.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=253
@@ -488,6 +503,7 @@ type LocalEtcd struct {
 	// peerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=253
@@ -560,6 +576,7 @@ type JoinConfiguration struct {
 	// This option takes effect only on Kubernetes >=1.22.0.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=50
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=256
@@ -605,6 +622,7 @@ type Discovery struct {
 }
 
 // BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery.
+// +kubebuilder:validation:MinProperties=1
 type BootstrapTokenDiscovery struct {
 	// token is a token used to validate cluster information
 	// fetched from the control-plane.
@@ -629,6 +647,7 @@ type BootstrapTokenDiscovery struct {
 	// openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=512
@@ -678,6 +697,7 @@ type FileDiscoveryKubeConfig struct {
 // KubeConfigCluster contains information about how to communicate with a kubernetes cluster.
 //
 // Adapted from clientcmdv1.Cluster.
+// +kubebuilder:validation:MinProperties=1
 type KubeConfigCluster struct {
 	// server is the address of the kubernetes cluster (https://hostname:port).
 	//
@@ -729,6 +749,7 @@ type KubeConfigCluster struct {
 // Either authProvider or exec must be filled.
 //
 // Adapted from clientcmdv1.AuthInfo.
+// +kubebuilder:validation:MinProperties=1
 type KubeConfigUser struct {
 	// authProvider specifies a custom authentication plugin for the kubernetes cluster.
 	// +optional
@@ -767,6 +788,7 @@ type KubeConfigAuthExec struct {
 	// args is the arguments to pass to the command when executing it.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=512
@@ -777,6 +799,7 @@ type KubeConfigAuthExec struct {
 	// to pass argument to the plugin.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	Env []KubeConfigAuthExecEnv `json:"env,omitempty"`
 
@@ -897,6 +920,7 @@ func NewBootstrapTokenString(token string) (*BootstrapTokenString, error) {
 }
 
 // Patches contains options related to applying patches to components deployed by kubeadm.
+// +kubebuilder:validation:MinProperties=1
 type Patches struct {
 	// directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
 	// For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
@@ -935,6 +959,7 @@ type EnvVar struct {
 }
 
 // Timeouts holds various timeouts that apply to kubeadm commands.
+// +kubebuilder:validation:MinProperties=1
 type Timeouts struct {
 	// controlPlaneComponentHealthCheckSeconds is the amount of time to wait for a control plane
 	// component, such as the API server, to be healthy during "kubeadm init" and "kubeadm join".

api/bootstrap/kubeadm/v1beta2/kubeadmconfig_types.go

@@ -67,6 +67,7 @@ type KubeadmConfigSpec struct {
 	// files specifies extra files to be passed to user_data upon creation.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=200
 	Files []File `json:"files,omitempty"`
 
@@ -77,6 +78,7 @@ type KubeadmConfigSpec struct {
 	// mounts specifies a list of mount points to be setup.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	Mounts []MountPoints `json:"mounts,omitempty"`
 
@@ -85,6 +87,7 @@ type KubeadmConfigSpec struct {
 	// once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=1000
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=10240
@@ -95,6 +98,7 @@ type KubeadmConfigSpec struct {
 	// the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=1000
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=10240
@@ -105,6 +109,7 @@ type KubeadmConfigSpec struct {
 	// the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=1000
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=10240
@@ -113,6 +118,7 @@ type KubeadmConfigSpec struct {
 	// users specifies extra users to add
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	Users []User `json:"users,omitempty"`
 
@@ -411,6 +417,7 @@ func (c *KubeadmConfigSpec) validateIgnition(pathPrefix *field.Path) field.Error
 }
 
 // IgnitionSpec contains Ignition specific configuration.
+// +kubebuilder:validation:MinProperties=1
 type IgnitionSpec struct {
 	// containerLinuxConfig contains CLC specific configuration.
 	// +optional
@@ -420,6 +427,7 @@ type IgnitionSpec struct {
 // ContainerLinuxConfig contains CLC-specific configuration.
 //
 // We use a structured type here to allow adding additional fields, for example 'version'.
+// +kubebuilder:validation:MinProperties=1
 type ContainerLinuxConfig struct {
 	// additionalConfig contains additional configuration to be merged with the Ignition
 	// configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
@@ -762,6 +770,7 @@ type User struct {
 }
 
 // NTP defines input for generated ntp in cloud-init.
+// +kubebuilder:validation:MinProperties=1
 type NTP struct {
 	// servers specifies which NTP servers to use
 	// +optional
@@ -777,6 +786,7 @@ type NTP struct {
 }
 
 // DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.
+// +kubebuilder:validation:MinProperties=1
 type DiskSetup struct {
 	// partitions specifies the list of the partitions to setup.
 	// +optional
@@ -863,6 +873,8 @@ type Filesystem struct {
 }
 
 // MountPoints defines input for generated mounts in cloud-init.
+// +kubebuilder:validation:MinItems=1
+// +kubebuilder:validation:MaxItems=100
 // +kubebuilder:validation:items:MinLength=1
 // +kubebuilder:validation:items:MaxLength=512
 type MountPoints []string

api/core/v1beta2/clusterclass_types.go

@@ -123,6 +123,7 @@ type ClusterClassSpec struct {
 	// in the Cluster topology and are then used in patches.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=1000
 	Variables []ClusterClassVariable `json:"variables,omitempty"`
 
@@ -131,6 +132,7 @@ type ClusterClassSpec struct {
 	// Note: Patches will be applied in the order of the array.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=1000
 	Patches []ClusterClassPatch `json:"patches,omitempty"`
 }
@@ -374,6 +376,7 @@ type WorkersClass struct {
 	// +optional
 	// +listType=map
 	// +listMapKey=class
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	MachineDeployments []MachineDeploymentClass `json:"machineDeployments,omitempty"`
 
@@ -382,6 +385,7 @@ type WorkersClass struct {
 	// +optional
 	// +listType=map
 	// +listMapKey=class
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	MachinePools []MachinePoolClass `json:"machinePools,omitempty"`
 }
@@ -852,6 +856,7 @@ type VariableSchema struct {
 // JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/).
 // This struct has been initially copied from apiextensionsv1.JSONSchemaProps, but all fields
 // which are not supported in CAPI have been removed.
+// +kubebuilder:validation:MinProperties=1
 type JSONSchemaProps struct {
 	// description is a human-readable description of this variable.
 	// +optional
@@ -903,6 +908,7 @@ type JSONSchemaProps struct {
 	// NOTE: Can only be set if type is object.
 	// +optional
 	// +listType=atomic
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=1000
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=256
@@ -1004,6 +1010,7 @@ type JSONSchemaProps struct {
 	// +optional
 	// +listType=map
 	// +listMapKey=rule
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	XValidations []ValidationRule `json:"x-kubernetes-validations,omitempty"`
 
@@ -1063,6 +1070,7 @@ type JSONSchemaProps struct {
 
 // VariableSchemaMetadata is the metadata of a variable or a nested field within a variable.
 // It can be used to add additional data for higher level tools.
+// +kubebuilder:validation:MinProperties=1
 type VariableSchemaMetadata struct {
 	// labels is a map of string keys and values that can be used to organize and categorize
 	// (scope and select) variables.