Fix webhook validation for nested fields

Author: jotak

apis/flowmetrics/v1alpha1/flowmetric_webhook.go

@@ -80,17 +80,17 @@ func checkFlowMetricCartinality(fMetric *FlowMetric) admission.Warnings {
 }
 
 func validateFlowMetric(_ context.Context, fMetric *FlowMetric) (admission.Warnings, error) {
-	var str []string
+	var fields []string
 	var allErrs field.ErrorList
 
 	for _, f := range fMetric.Spec.Filters {
-		str = append(str, f.Field)
+		fields = append(fields, f.Field)
 	}
 
-	if len(str) != 0 {
-		if !helper.FindFields(str, false) {
-			allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "filters"), str,
-				fmt.Sprintf("invalid filter field: %s", str)))
+	if len(fields) != 0 {
+		if !helper.FindFields(fields, false) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "filters"), fields,
+				fmt.Sprintf("invalid filter field: %s", fields)))
 		}
 	}
 
@@ -119,17 +119,11 @@ func validateFlowMetric(_ context.Context, fMetric *FlowMetric) (admission.Warni
 			}
 		}
 
-		// Only fields defined as Labels are valid for flattening
+		// Check for valid fields
 		if len(fMetric.Spec.Flatten) != 0 {
-			var invalidFlatten []string
-			for _, toFlatten := range fMetric.Spec.Flatten {
-				if _, ok := labelsMap[toFlatten]; !ok {
-					invalidFlatten = append(invalidFlatten, toFlatten)
-				}
-			}
-			if len(invalidFlatten) > 0 {
+			if !helper.FindFields(fMetric.Spec.Flatten, false) {
 				allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "flatten"), fMetric.Spec.Flatten,
-					fmt.Sprintf("some fields defined for flattening are not defined as labels: %v", invalidFlatten)))
+					fmt.Sprintf("invalid fields to flatten: %s", fMetric.Spec.Flatten)))
 			}
 		}
 	}

apis/flowmetrics/v1alpha1/flowmetric_webhook_test.go

@@ -105,6 +105,27 @@ func TestFlowMetric(t *testing.T) {
 			},
 			expectedError: "invalid value field",
 		},
+		{
+			desc: "Valid nested fields",
+			m: &FlowMetric{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test1",
+					Namespace: "test-namespace",
+				},
+				Spec: FlowMetricSpec{
+					Labels:  []string{"NetworkEvents>Name"},
+					Flatten: []string{"NetworkEvents"},
+					Filters: []MetricFilter{
+						{
+							Field: "NetworkEvents>Type",
+							Value: "acl",
+						},
+					},
+					Remap: map[string]string{"NetworkEvents>Name": "name"},
+				},
+			},
+			expectedError: "",
+		},
 	}
 
 	for _, test := range tests {

config/samples/flowmetrics/network-policies.yaml

@@ -0,0 +1,21 @@
+# Count network policy events
+# More examples in https://github.com/netobserv/network-observability-operator/tree/main/config/samples/flowmetrics
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowMetric
+metadata:
+  name: network-policy-events
+  namespace: netobserv
+spec:
+  metricName: network_policy_events_total
+  type: Counter
+  labels: [NetworkEvents>Type, NetworkEvents>Namespace, NetworkEvents>Name, NetworkEvents>Action, NetworkEvents>Direction]
+  filters:
+  - field: NetworkEvents>Feature
+    value: acl
+  flatten: [NetworkEvents]
+  remap:
+    "NetworkEvents>Type": type
+    "NetworkEvents>Namespace": namespace
+    "NetworkEvents>Name": name
+    "NetworkEvents>Action": action
+    "NetworkEvents>Direction": direction

pkg/helper/helpers.go

@@ -114,6 +114,9 @@ func FindFields(labels []string, isNumber bool) bool {
 	}
 
 	for _, l := range labels {
+		// Split field for nesting, e.g. "NetworkEvents>Name" (and we don't verify the nested part)
+		parts := strings.Split(l, ">")
+		l = parts[0]
 		if ok := labelMap[l].exists; !ok {
 			return false
 		}