planetscale
diff --git a/‎operator/CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎operator/CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎operator/api/v1beta1/lokistack_types.go
Lines changed: 3 additions & 0 deletions b/‎operator/api/v1beta1/lokistack_types.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎operator/api/v1beta1/lokistack_webhook.go
Lines changed: 103 additions & 6 deletions b/‎operator/api/v1beta1/lokistack_webhook.go
Lines changed: 103 additions & 6 deletions
diff --git a/‎operator/api/v1beta1/lokistack_webhook_test.go
Lines changed: 192 additions & 1 deletion b/‎operator/api/v1beta1/lokistack_webhook_test.go
Lines changed: 192 additions & 1 deletion
@@ -1,5 +1,6 @@
 ## Main
 
+- [6411](https://github.com/grafana/loki/pull/6411) **Red-GV**: Extend schema validation in LokiStack webhook
 - [6224](https://github.com/grafana/loki/pull/6224) **periklis**: Add support for GRPC over TLS for Loki components
 - [5952](https://github.com/grafana/loki/pull/5952) **Red-GV**: Add api to change storage schema version
 - [6363](https://github.com/grafana/loki/pull/6363) **periklis**: Allow optional installation of webhooks (Kind)
 
@@ -369,6 +369,9 @@ type ObjectStorageSecretSpec struct {
 	Name string `json:"name"`
 }
 
+// objectStorageSchemaMap defines the type for mapping a schema version with a date
+type objectStorageSchemaMap map[StorageSchemaEffectiveDate]ObjectStorageSchemaVersion
+
 // ObjectStorageSchemaVersion defines the storage schema version which will be
 // used with the Loki cluster.
 //
 
@@ -1,6 +1,11 @@
 package v1beta1
 
 import (
+	"reflect"
+	"time"
+
+	"github.com/ViaQ/logerr/v2/kverrors"
+
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -23,12 +28,17 @@ var _ webhook.Validator = &LokiStack{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
 func (s *LokiStack) ValidateCreate() error {
-	return s.validate()
+	return s.validate(nil)
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (s *LokiStack) ValidateUpdate(_ runtime.Object) error {
-	return s.validate()
+func (s *LokiStack) ValidateUpdate(old runtime.Object) error {
+	oldStack, ok := old.(*LokiStack)
+	if !ok {
+		t := reflect.TypeOf(old).String()
+		return apierrors.NewInternalError(kverrors.New("runtime object is incorrect type", "type", t))
+	}
+	return s.validate(oldStack)
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
@@ -37,12 +47,18 @@ func (s *LokiStack) ValidateDelete() error {
 	return nil
 }
 
-func (s *LokiStack) validate() error {
+// ValidateSchemas ensures that the schemas are in a valid format
+func (s *ObjectStorageSpec) ValidateSchemas(utcTime time.Time, status LokiStackStorageStatus) field.ErrorList {
 	var allErrs field.ErrorList
 
+	appliedSchemasFound := 0
+	containsValidStartDate := false
 	found := make(map[StorageSchemaEffectiveDate]bool)
 
-	for i, sc := range s.Spec.Storage.Schemas {
+	cutoff := utcTime.Add(StorageSchemaUpdateBuffer)
+	appliedSchemas := buildAppliedSchemaMap(status.Schemas, cutoff)
+
+	for i, sc := range s.Schemas {
 		if found[sc.EffectiveDate] {
 			allErrs = append(allErrs, field.Invalid(
 				field.NewPath("Spec").Child("Storage").Child("Schemas").Index(i).Child("EffectiveDate"),
@@ -53,13 +69,79 @@ func (s *LokiStack) validate() error {
 
 		found[sc.EffectiveDate] = true
 
-		if _, err := sc.EffectiveDate.UTCTime(); err != nil {
+		date, err := sc.EffectiveDate.UTCTime()
+		if err != nil {
 			allErrs = append(allErrs, field.Invalid(
 				field.NewPath("Spec").Child("Storage").Child("Schemas").Index(i).Child("EffectiveDate"),
 				sc.EffectiveDate,
 				ErrParseEffectiveDates.Error(),
 			))
 		}
+
+		if date.Before(cutoff) {
+			containsValidStartDate = true
+		}
+
+		// No statuses to compare against or this is a new schema which will be added.
+		if len(appliedSchemas) == 0 || date.After(cutoff) {
+			continue
+		}
+
+		appliedSchemaVersion, ok := appliedSchemas[sc.EffectiveDate]
+
+		if !ok {
+			allErrs = append(allErrs, field.Invalid(
+				field.NewPath("Spec").Child("Storage").Child("Schemas").Index(i),
+				sc,
+				ErrSchemaRetroactivelyAdded.Error(),
+			))
+		}
+
+		if ok && appliedSchemaVersion != sc.Version {
+			allErrs = append(allErrs, field.Invalid(
+				field.NewPath("Spec").Child("Storage").Child("Schemas").Index(i),
+				sc,
+				ErrSchemaRetroactivelyChanged.Error(),
+			))
+		}
+
+		appliedSchemasFound++
+	}
+
+	if !containsValidStartDate {
+		allErrs = append(allErrs, field.Invalid(
+			field.NewPath("Spec").Child("Storage").Child("Schemas"),
+			s.Schemas,
+			ErrMissingValidStartDate.Error(),
+		))
+	}
+
+	if appliedSchemasFound != len(appliedSchemas) {
+		allErrs = append(allErrs, field.Invalid(
+			field.NewPath("Spec").Child("Storage").Child("Schemas"),
+			s.Schemas,
+			ErrSchemaRetroactivelyRemoved.Error(),
+		))
+	}
+
+	if len(allErrs) == 0 {
+		return nil
+	}
+
+	return allErrs
+}
+
+func (s *LokiStack) validate(old *LokiStack) error {
+	var allErrs field.ErrorList
+
+	storageStatus := LokiStackStorageStatus{}
+	if old != nil {
+		storageStatus = old.Status.Storage
+	}
+
+	errors := s.Spec.Storage.ValidateSchemas(time.Now().UTC(), storageStatus)
+	if len(errors) != 0 {
+		allErrs = append(allErrs, errors...)
 	}
 
 	if len(allErrs) == 0 {
@@ -72,3 +154,18 @@ func (s *LokiStack) validate() error {
 		allErrs,
 	)
 }
+
+// buildAppliedSchemaMap creates a map of schemas which occur before the given time
+func buildAppliedSchemaMap(schemas []ObjectStorageSchema, effectiveDate time.Time) objectStorageSchemaMap {
+	appliedMap := objectStorageSchemaMap{}
+
+	for _, schema := range schemas {
+		date, err := schema.EffectiveDate.UTCTime()
+
+		if err == nil && date.Before(effectiveDate) {
+			appliedMap[schema.EffectiveDate] = schema.Version
+		}
+	}
+
+	return appliedMap
+}
@@ -18,7 +18,7 @@ var ltt = []struct {
 	err  *apierrors.StatusError
 }{
 	{
-		desc: "valid spec",
+		desc: "valid spec - no status",
 		spec: v1beta1.LokiStack{
 			Spec: v1beta1.LokiStackSpec{
 				Storage: v1beta1.ObjectStorageSpec{
@@ -36,6 +36,39 @@ var ltt = []struct {
 			},
 		},
 	},
+	{
+		desc: "valid spec - with status",
+		spec: v1beta1.LokiStack{
+			Spec: v1beta1.LokiStackSpec{
+				Storage: v1beta1.ObjectStorageSpec{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+						{
+							Version:       v1beta1.ObjectStorageSchemaV12,
+							EffectiveDate: "2020-10-13",
+						},
+					},
+				},
+			},
+			Status: v1beta1.LokiStackStatus{
+				Storage: v1beta1.LokiStackStorageStatus{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+						{
+							Version:       v1beta1.ObjectStorageSchemaV12,
+							EffectiveDate: "2020-10-13",
+						},
+					},
+				},
+			},
+		},
+	},
 	{
 		desc: "not unique schema effective dates",
 		spec: v1beta1.LokiStack{
@@ -92,6 +125,164 @@ var ltt = []struct {
 			},
 		),
 	},
+	{
+		desc: "missing valid starting date",
+		spec: v1beta1.LokiStack{
+			Spec: v1beta1.LokiStackSpec{
+				Storage: v1beta1.ObjectStorageSpec{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "9000-10-10",
+						},
+					},
+				},
+			},
+		},
+		err: apierrors.NewInvalid(
+			schema.GroupKind{Group: "loki.grafana.com", Kind: "LokiStack"},
+			"testing-stack",
+			field.ErrorList{
+				field.Invalid(
+					field.NewPath("Spec").Child("Storage").Child("Schemas"),
+					[]v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "9000-10-10",
+						},
+					},
+					v1beta1.ErrMissingValidStartDate.Error(),
+				),
+			},
+		),
+	},
+	{
+		desc: "retroactively adding schema",
+		spec: v1beta1.LokiStack{
+			Spec: v1beta1.LokiStackSpec{
+				Storage: v1beta1.ObjectStorageSpec{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+						{
+							Version:       v1beta1.ObjectStorageSchemaV12,
+							EffectiveDate: "2020-10-14",
+						},
+					},
+				},
+			},
+			Status: v1beta1.LokiStackStatus{
+				Storage: v1beta1.LokiStackStorageStatus{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+					},
+				},
+			},
+		},
+		err: apierrors.NewInvalid(
+			schema.GroupKind{Group: "loki.grafana.com", Kind: "LokiStack"},
+			"testing-stack",
+			field.ErrorList{
+				field.Invalid(
+					field.NewPath("Spec").Child("Storage").Child("Schemas"),
+					v1beta1.ObjectStorageSchema{
+						Version:       v1beta1.ObjectStorageSchemaV12,
+						EffectiveDate: "2020-10-14",
+					},
+					v1beta1.ErrSchemaRetroactivelyAdded.Error(),
+				),
+			},
+		),
+	},
+	{
+		desc: "retroactively removing schema",
+		spec: v1beta1.LokiStack{
+			Spec: v1beta1.LokiStackSpec{
+				Storage: v1beta1.ObjectStorageSpec{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+					},
+				},
+			},
+			Status: v1beta1.LokiStackStatus{
+				Storage: v1beta1.LokiStackStorageStatus{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+						{
+							Version:       v1beta1.ObjectStorageSchemaV12,
+							EffectiveDate: "2020-10-14",
+						},
+					},
+				},
+			},
+		},
+		err: apierrors.NewInvalid(
+			schema.GroupKind{Group: "loki.grafana.com", Kind: "LokiStack"},
+			"testing-stack",
+			field.ErrorList{
+				field.Invalid(
+					field.NewPath("Spec").Child("Storage").Child("Schemas"),
+					[]v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+					},
+					v1beta1.ErrSchemaRetroactivelyRemoved.Error(),
+				),
+			},
+		),
+	},
+	{
+		desc: "retroactively changing schema",
+		spec: v1beta1.LokiStack{
+			Spec: v1beta1.LokiStackSpec{
+				Storage: v1beta1.ObjectStorageSpec{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV12,
+							EffectiveDate: "2020-10-11",
+						},
+					},
+				},
+			},
+			Status: v1beta1.LokiStackStatus{
+				Storage: v1beta1.LokiStackStorageStatus{
+					Schemas: []v1beta1.ObjectStorageSchema{
+						{
+							Version:       v1beta1.ObjectStorageSchemaV11,
+							EffectiveDate: "2020-10-11",
+						},
+					},
+				},
+			},
+		},
+		err: apierrors.NewInvalid(
+			schema.GroupKind{Group: "loki.grafana.com", Kind: "LokiStack"},
+			"testing-stack",
+			field.ErrorList{
+				field.Invalid(
+					field.NewPath("Spec").Child("Storage").Child("Schemas"),
+					v1beta1.ObjectStorageSchema{
+						Version:       v1beta1.ObjectStorageSchemaV12,
+						EffectiveDate: "2020-10-11",
+					},
+					v1beta1.ErrSchemaRetroactivelyChanged.Error(),
+				),
+			},
+		),
+	},
 }
 
 func TestLokiStackValidationWebhook_ValidateCreate(t *testing.T) {
Original file line number	Diff line number	Diff line change
`@@ -369,6 +369,9 @@ type ObjectStorageSecretSpec struct {`
`369`	`369`	Name string `json:"name"`
`370`	`370`	`}`
`371`	`371`
	`372`	`+// objectStorageSchemaMap defines the type for mapping a schema version with a date`
	`373`	`+type objectStorageSchemaMap map[StorageSchemaEffectiveDate]ObjectStorageSchemaVersion`
	`374`	`+`
`372`	`375`	`// ObjectStorageSchemaVersion defines the storage schema version which will be`
`373`	`376`	`// used with the Loki cluster.`
`374`	`377`	`//`