Use fieldPath and reason to provide better error output from CEL

openshift · Apr 24, 2024 · 44d5634 · 44d5634
1 parent fece3d3
commit 44d5634
Show file tree

Hide file tree

Showing 7 changed files with 65 additions and 8 deletions.
diff --git a/machine/v1beta1/manual-override-crd-manifests/machines.machine.openshift.io/AAA_ungated.yaml b/machine/v1beta1/manual-override-crd-manifests/machines.machine.openshift.io/AAA_ungated.yaml
@@ -0,0 +1,7 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    feature-gate.release.openshift.io/: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+  name: machines.machine.openshift.io
diff --git a/...eta1/manual-override-crd-manifests/machines.machine.openshift.io/MachineAPIMigration.yaml b/...eta1/manual-override-crd-manifests/machines.machine.openshift.io/MachineAPIMigration.yaml
@@ -0,0 +1,23 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    feature-gate.release.openshift.io/MachineAPIMigration: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+  name: machines.machine.openshift.io
+spec:
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          status:
+            x-kubernetes-validations:
+            - fieldPath: .synchronizedGeneration
+              message: synchronizedGeneration must not decrease unless authoritativeAPI
+                is transitioning from Migrating to another value
+              reason: FieldValueForbidden
+              rule: '!has(oldSelf.synchronizedGeneration) || (has(self.synchronizedGeneration)
+                && self.synchronizedGeneration >= oldSelf.synchronizedGeneration)
+                || (oldSelf.authoritativeAPI == ''Migrating'' && self.authoritativeAPI
+                != ''Migrating'')'
diff --git a/...1/manual-override-crd-manifests/machinesets.machine.openshift.io/MachineAPIMigration.yaml b/...1/manual-override-crd-manifests/machinesets.machine.openshift.io/MachineAPIMigration.yaml
@@ -0,0 +1,23 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    feature-gate.release.openshift.io/MachineAPIMigration: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+  name: machinesets.machine.openshift.io
+spec:
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          status:
+            x-kubernetes-validations:
+            - fieldPath: .synchronizedGeneration
+              message: synchronizedGeneration must not decrease unless authoritativeAPI
+                is transitioning from Migrating to another value
+              reason: FieldValueForbidden
+              rule: '!has(oldSelf.synchronizedGeneration) || (has(self.synchronizedGeneration)
+                && self.synchronizedGeneration >= oldSelf.synchronizedGeneration)
+                || (oldSelf.authoritativeAPI == ''Migrating'' && self.authoritativeAPI
+                != ''Migrating'')'
diff --git a/machine/v1beta1/tests/machines.machine.openshift.io/MachineAPIMigration.yaml b/machine/v1beta1/tests/machines.machine.openshift.io/MachineAPIMigration.yaml
@@ -326,7 +326,7 @@ tests:
       status:
         authoritativeAPI: MachineAPI
         synchronizedGeneration: 1
-    expectedStatusError: "status: Invalid value: \"object\": syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
+    expectedStatusError: "status.synchronizedGeneration: Forbidden: synchronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
   - name: Should not allow decreasing the synchronizedGeneration while the Authoritative API is Migrating
     initial: |
       apiVersion: machine.openshift.io/v1beta1
@@ -344,7 +344,7 @@ tests:
       status:
         authoritativeAPI: Migrating
         synchronizedGeneration: 1
-    expectedStatusError: "status: Invalid value: \"object\": syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
+    expectedStatusError: "status.synchronizedGeneration: Forbidden: syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
   - name: Should not allow decreasing the synchronizedGeneration while the Authoritative API is ClusterAPI
     initial: |
       apiVersion: machine.openshift.io/v1beta1
@@ -362,7 +362,7 @@ tests:
       status:
         authoritativeAPI: ClusterAPI
         synchronizedGeneration: 1
-    expectedStatusError: "status: Invalid value: \"object\": syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
+    expectedStatusError: "status.synchronizedGeneration: Forbidden: syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
   - name: Should allow decreasing the synchronizedGeneration while the Authoritative API is moved from Migrating to MachineAPI
     initial: |
       apiVersion: machine.openshift.io/v1beta1

diff --git a/machine/v1beta1/tests/machinesets.machine.openshift.io/MachineAPIMigration.yaml b/machine/v1beta1/tests/machinesets.machine.openshift.io/MachineAPIMigration.yaml
@@ -339,7 +339,7 @@ tests:
       status:
         authoritativeAPI: MachineAPI
         synchronizedGeneration: 1
-    expectedStatusError: "status: Invalid value: \"object\": syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
+    expectedStatusError: "status.synchronizedGeneration: Forbidden: synchronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
   - name: Should not allow decreasing the synchronizedGeneration while the Authoritative API is Migrating
     initial: |
       apiVersion: machine.openshift.io/v1beta1
@@ -357,7 +357,7 @@ tests:
       status:
         authoritativeAPI: Migrating
         synchronizedGeneration: 1
-    expectedStatusError: "status: Invalid value: \"object\": syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
+    expectedStatusError: "status.synchronizedGeneration: Forbidden: syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
   - name: Should not allow decreasing the synchronizedGeneration while the Authoritative API is ClusterAPI
     initial: |
       apiVersion: machine.openshift.io/v1beta1
@@ -375,7 +375,7 @@ tests:
       status:
         authoritativeAPI: ClusterAPI
         synchronizedGeneration: 1
-    expectedStatusError: "status: Invalid value: \"object\": syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
+    expectedStatusError: "status.synchronizedGeneration: Forbidden: syncronizedGeneration must not decrease unless authoritativeAPI is transitioning from Migrating to another value"
   - name: Should allow decreasing the synchronizedGeneration while the Authoritative API is moved from Migrating to MachineAPI
     initial: |
       apiVersion: machine.openshift.io/v1beta1

diff --git a/...beta1/zz_generated.crd-manifests/0000_10_machine-api_01_machines-CustomNoUpgrade.crd.yaml b/...beta1/zz_generated.crd-manifests/0000_10_machine-api_01_machines-CustomNoUpgrade.crd.yaml
@@ -526,8 +526,10 @@ spec:
                 type: integer
             type: object
             x-kubernetes-validations:
-            - message: synchronizedGeneration must not decrease unless authoritativeAPI
+            - fieldPath: .synchronizedGeneration
+              message: synchronizedGeneration must not decrease unless authoritativeAPI
                 is transitioning from Migrating to another value
+              reason: FieldValueForbidden
               rule: '!has(oldSelf.synchronizedGeneration) || (has(self.synchronizedGeneration)
                 && self.synchronizedGeneration >= oldSelf.synchronizedGeneration)
                 || (oldSelf.authoritativeAPI == ''Migrating'' && self.authoritativeAPI

diff --git a/...a1/zz_generated.crd-manifests/0000_10_machine-api_01_machinesets-CustomNoUpgrade.crd.yaml b/...a1/zz_generated.crd-manifests/0000_10_machine-api_01_machinesets-CustomNoUpgrade.crd.yaml
@@ -611,8 +611,10 @@ spec:
                 type: integer
             type: object
             x-kubernetes-validations:
-            - message: synchronizedGeneration must not decrease unless authoritativeAPI
+            - fieldPath: .synchronizedGeneration
+              message: synchronizedGeneration must not decrease unless authoritativeAPI
                 is transitioning from Migrating to another value
+              reason: FieldValueForbidden
               rule: '!has(oldSelf.synchronizedGeneration) || (has(self.synchronizedGeneration)
                 && self.synchronizedGeneration >= oldSelf.synchronizedGeneration)
                 || (oldSelf.authoritativeAPI == ''Migrating'' && self.authoritativeAPI