diff --git a/pkg/core/resources/apis/mesh/validators.go b/pkg/core/resources/apis/mesh/validators.go index 0e7c9c46e0be..77aecf5acd0b 100644 --- a/pkg/core/resources/apis/mesh/validators.go +++ b/pkg/core/resources/apis/mesh/validators.go @@ -13,7 +13,6 @@ import ( common_api "github.com/kumahq/kuma/api/common/v1alpha1" mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" - core_model "github.com/kumahq/kuma/pkg/core/resources/model" "github.com/kumahq/kuma/pkg/core/validators" util_proto "github.com/kumahq/kuma/pkg/util/proto" ) @@ -65,7 +64,7 @@ type ValidateTargetRefOpts struct { // includes a forward slash, but it's allowed as an exception to // handle unresolved references. AllowedInvalidNames []string - Descriptor core_model.ResourceTypeDescriptor + IsInboundPolicy bool } func ValidateSelectors(path validators.PathBuilder, sources []*mesh_proto.Selector, opts ValidateSelectorsOpts) validators.ValidationError { @@ -385,7 +384,7 @@ func ValidateTargetRef( if len(ref.Labels) > 0 && (ref.Name != "" || ref.Namespace != "") { err.AddViolation("labels", "either labels or name and namespace must be specified") } - if !opts.Descriptor.HasFromTargetRef && !opts.Descriptor.HasRulesTargetRef && ref.SectionName != "" { + if !opts.IsInboundPolicy && ref.SectionName != "" { err.AddViolation("sectionName", "can only be used with inbound policies") } case common_api.MeshSubset: diff --git a/pkg/core/resources/apis/mesh/validators_test.go b/pkg/core/resources/apis/mesh/validators_test.go index 6f0668273d00..5b5153a13354 100644 --- a/pkg/core/resources/apis/mesh/validators_test.go +++ b/pkg/core/resources/apis/mesh/validators_test.go @@ -7,7 +7,6 @@ import ( common_api "github.com/kumahq/kuma/api/common/v1alpha1" . "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" - "github.com/kumahq/kuma/pkg/core/resources/model" "github.com/kumahq/kuma/pkg/core/validators" ) @@ -208,9 +207,7 @@ sectionName: http-port SupportedKinds: []common_api.TargetRefKind{ common_api.Dataplane, }, - Descriptor: model.ResourceTypeDescriptor{ - HasRulesTargetRef: true, - }, + IsInboundPolicy: true, }, }), Entry("MeshGateway", testCase{ diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go index ad353631d4ca..082bf67f8577 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/validator.go @@ -13,7 +13,7 @@ import ( func (r *MeshAccessLogResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") - verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.GetTargetRef())) + verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.GetTargetRef(), len(r.Spec.From) > 0)) if len(r.Spec.To) == 0 && len(r.Spec.From) == 0 { verr.AddViolationAt(path, "at least one of 'from', 'to' has to be defined") } @@ -22,7 +22,7 @@ func (r *MeshAccessLogResource) validate() error { return verr.OrNil() } -func (r *MeshAccessLogResource) validateTop(targetRef common_api.TargetRef) validators.ValidationError { +func (r *MeshAccessLogResource) validateTop(targetRef common_api.TargetRef, isInboundPolicy bool) validators.ValidationError { targetRefErr := mesh.ValidateTargetRef(targetRef, &mesh.ValidateTargetRefOpts{ SupportedKinds: []common_api.TargetRefKind{ common_api.Mesh, @@ -33,7 +33,7 @@ func (r *MeshAccessLogResource) validateTop(targetRef common_api.TargetRef) vali common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) return targetRefErr } diff --git a/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/validator.go b/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/validator.go index e4b7dc230cbb..d8ae37f74e8b 100644 --- a/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/validator.go @@ -12,7 +12,7 @@ import ( func (r *MeshCircuitBreakerResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") - verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef)) + verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef, len(r.Spec.From) > 0)) if len(r.Spec.To) == 0 && len(r.Spec.From) == 0 { verr.AddViolationAt(path, "at least one of 'from', 'to' has to be defined") } @@ -21,7 +21,7 @@ func (r *MeshCircuitBreakerResource) validate() error { return verr.OrNil() } -func (r *MeshCircuitBreakerResource) validateTop(targetRef *common_api.TargetRef) validators.ValidationError { +func (r *MeshCircuitBreakerResource) validateTop(targetRef *common_api.TargetRef, isInboundPolicy bool) validators.ValidationError { if targetRef == nil { return validators.ValidationError{} } @@ -35,7 +35,7 @@ func (r *MeshCircuitBreakerResource) validateTop(targetRef *common_api.TargetRef common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) return targetRefErr } diff --git a/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/validator.go b/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/validator.go index fbdc717c38a5..8335f9a0082e 100644 --- a/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/validator.go @@ -12,14 +12,14 @@ import ( func (r *MeshFaultInjectionResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") - verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef)) + verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef, len(r.Spec.From) > 0)) topLevel := pointer.DerefOr(r.Spec.TargetRef, common_api.TargetRef{Kind: common_api.Mesh}) verr.AddErrorAt(path, validateFrom(topLevel, r.Spec.From)) verr.AddErrorAt(path, validateTo(topLevel, r.Spec.To)) return verr.OrNil() } -func (r *MeshFaultInjectionResource) validateTop(targetRef *common_api.TargetRef) validators.ValidationError { +func (r *MeshFaultInjectionResource) validateTop(targetRef *common_api.TargetRef, isInboundPolicy bool) validators.ValidationError { if targetRef == nil { return validators.ValidationError{} } @@ -35,7 +35,7 @@ func (r *MeshFaultInjectionResource) validateTop(targetRef *common_api.TargetRef common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -46,7 +46,7 @@ func (r *MeshFaultInjectionResource) validateTop(targetRef *common_api.TargetRef common_api.MeshServiceSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) } } diff --git a/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/validator.go b/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/validator.go index c194fe46b4ec..ab3fa670db38 100644 --- a/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/validator.go @@ -29,7 +29,6 @@ func (r *MeshHealthCheckResource) validateTop(targetRef *common_api.TargetRef) v common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), }) return targetRefErr } diff --git a/pkg/plugins/policies/meshhttproute/api/v1alpha1/validation.go b/pkg/plugins/policies/meshhttproute/api/v1alpha1/validation.go index 33a7ac7a9c12..1691605880d4 100644 --- a/pkg/plugins/policies/meshhttproute/api/v1alpha1/validation.go +++ b/pkg/plugins/policies/meshhttproute/api/v1alpha1/validation.go @@ -41,7 +41,6 @@ func (r *MeshHTTPRouteResource) validateTop(targetRef *common_api.TargetRef) val common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -52,7 +51,6 @@ func (r *MeshHTTPRouteResource) validateTop(targetRef *common_api.TargetRef) val common_api.MeshServiceSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), }) } } diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/validator.go b/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/validator.go index 22d41fb36a98..c2655b1e76da 100644 --- a/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/validator.go @@ -36,7 +36,6 @@ func (r *MeshLoadBalancingStrategyResource) validateTop(targetRef *common_api.Ta common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), }) return targetRefErr } diff --git a/pkg/plugins/policies/meshmetric/api/v1alpha1/validator.go b/pkg/plugins/policies/meshmetric/api/v1alpha1/validator.go index d155c92409f2..8dfa5e52f8bf 100644 --- a/pkg/plugins/policies/meshmetric/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshmetric/api/v1alpha1/validator.go @@ -38,7 +38,6 @@ func (r *MeshMetricResource) validateTop(targetRef *common_api.TargetRef) valida common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -49,7 +48,6 @@ func (r *MeshMetricResource) validateTop(targetRef *common_api.TargetRef) valida common_api.Dataplane, common_api.MeshServiceSubset, }, - Descriptor: r.Descriptor(), }) } } diff --git a/pkg/plugins/policies/meshpassthrough/api/v1alpha1/validator.go b/pkg/plugins/policies/meshpassthrough/api/v1alpha1/validator.go index c736d60a89a9..6254ff0d1d21 100644 --- a/pkg/plugins/policies/meshpassthrough/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshpassthrough/api/v1alpha1/validator.go @@ -39,7 +39,6 @@ func (r *MeshPassthroughResource) validateTop(targetRef *common_api.TargetRef) v common_api.MeshSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), }) return targetRefErr } diff --git a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go index 2ad7185a245a..c2f9d5af985f 100644 --- a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go @@ -47,7 +47,6 @@ func (r *MeshProxyPatchResource) validateTop(targetRef *common_api.TargetRef) va common_api.Dataplane, }, GatewayListenerTagsAllowed: false, - Descriptor: r.Descriptor(), }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -58,7 +57,6 @@ func (r *MeshProxyPatchResource) validateTop(targetRef *common_api.TargetRef) va common_api.MeshService, common_api.MeshServiceSubset, }, - Descriptor: r.Descriptor(), }) } } diff --git a/pkg/plugins/policies/meshratelimit/api/v1alpha1/validator.go b/pkg/plugins/policies/meshratelimit/api/v1alpha1/validator.go index 6b52c0f9d4ca..682306a091c8 100644 --- a/pkg/plugins/policies/meshratelimit/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshratelimit/api/v1alpha1/validator.go @@ -14,14 +14,14 @@ import ( func (r *MeshRateLimitResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") - verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef)) + verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef, len(r.Spec.From) > 0)) topLevel := pointer.DerefOr(r.Spec.TargetRef, common_api.TargetRef{Kind: common_api.Mesh}) verr.AddErrorAt(path, validateFrom(topLevel, r.Spec.From)) verr.AddErrorAt(path, validateTo(topLevel, r.Spec.To)) return verr.OrNil() } -func (r *MeshRateLimitResource) validateTop(targetRef *common_api.TargetRef) validators.ValidationError { +func (r *MeshRateLimitResource) validateTop(targetRef *common_api.TargetRef, isInboundPolicy bool) validators.ValidationError { if targetRef == nil { return validators.ValidationError{} } @@ -38,7 +38,7 @@ func (r *MeshRateLimitResource) validateTop(targetRef *common_api.TargetRef) val common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -49,7 +49,7 @@ func (r *MeshRateLimitResource) validateTop(targetRef *common_api.TargetRef) val common_api.MeshServiceSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) } } diff --git a/pkg/plugins/policies/meshretry/api/v1alpha1/validator.go b/pkg/plugins/policies/meshretry/api/v1alpha1/validator.go index f8bf38d74554..75c5fc66b5ec 100644 --- a/pkg/plugins/policies/meshretry/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshretry/api/v1alpha1/validator.go @@ -41,7 +41,6 @@ func (r *MeshRetryResource) validateTop(targetRef *common_api.TargetRef) validat common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -52,7 +51,6 @@ func (r *MeshRetryResource) validateTop(targetRef *common_api.TargetRef) validat common_api.MeshServiceSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), }) } } diff --git a/pkg/plugins/policies/meshtcproute/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtcproute/api/v1alpha1/validator.go index 69640291ce0e..3a6cd746a69e 100644 --- a/pkg/plugins/policies/meshtcproute/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtcproute/api/v1alpha1/validator.go @@ -36,7 +36,6 @@ func (r *MeshTCPRouteResource) validateTop(targetRef *common_api.TargetRef) vali common_api.Dataplane, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -47,7 +46,6 @@ func (r *MeshTCPRouteResource) validateTop(targetRef *common_api.TargetRef) vali common_api.MeshServiceSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), }) } } diff --git a/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go index 41264141ca5c..9313127c3e29 100644 --- a/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtimeout/api/v1alpha1/validator.go @@ -12,7 +12,7 @@ import ( func (r *MeshTimeoutResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") - verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef)) + verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef, len(r.Spec.From) > 0)) if len(r.Spec.Rules) > 0 && (len(r.Spec.To) > 0 || len(r.Spec.From) > 0) { verr.AddViolationAt(path, "fields 'to' and 'from' must be empty when 'rules' is defined") } @@ -25,7 +25,7 @@ func (r *MeshTimeoutResource) validate() error { return verr.OrNil() } -func (r *MeshTimeoutResource) validateTop(targetRef *common_api.TargetRef) validators.ValidationError { +func (r *MeshTimeoutResource) validateTop(targetRef *common_api.TargetRef, isInboundPolicy bool) validators.ValidationError { if targetRef == nil { return validators.ValidationError{} } @@ -42,7 +42,7 @@ func (r *MeshTimeoutResource) validateTop(targetRef *common_api.TargetRef) valid common_api.MeshHTTPRoute, }, GatewayListenerTagsAllowed: true, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -53,7 +53,7 @@ func (r *MeshTimeoutResource) validateTop(targetRef *common_api.TargetRef) valid common_api.MeshService, common_api.MeshServiceSubset, }, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) } } diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go index 9c3c2e5a2498..5f4c69ba96ad 100644 --- a/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go @@ -13,13 +13,13 @@ import ( func (r *MeshTLSResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") - verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef)) + verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef, len(r.Spec.From) > 0)) topLevel := pointer.DerefOr(r.Spec.TargetRef, common_api.TargetRef{Kind: common_api.Mesh, UsesSyntacticSugar: true}) verr.AddErrorAt(path.Field("from"), validateFrom(r.Spec.From, topLevel.Kind)) return verr.OrNil() } -func (r *MeshTLSResource) validateTop(targetRef *common_api.TargetRef) validators.ValidationError { +func (r *MeshTLSResource) validateTop(targetRef *common_api.TargetRef, isInboundPolicy bool) validators.ValidationError { if targetRef == nil { return validators.ValidationError{} } @@ -29,7 +29,7 @@ func (r *MeshTLSResource) validateTop(targetRef *common_api.TargetRef) validator common_api.MeshSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) return targetRefErr } diff --git a/pkg/plugins/policies/meshtrace/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtrace/api/v1alpha1/validator.go index 3e51e3ebd39a..7eb5b3f1f14e 100644 --- a/pkg/plugins/policies/meshtrace/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtrace/api/v1alpha1/validator.go @@ -39,9 +39,9 @@ func (r *MeshTraceResource) validateTop(targetRef *common_api.TargetRef) validat common_api.MeshGateway, common_api.MeshService, common_api.MeshServiceSubset, + common_api.Dataplane, }, GatewayListenerTagsAllowed: false, - Descriptor: r.Descriptor(), }) default: return mesh.ValidateTargetRef(*targetRef, &mesh.ValidateTargetRefOpts{ @@ -50,8 +50,8 @@ func (r *MeshTraceResource) validateTop(targetRef *common_api.TargetRef) validat common_api.MeshSubset, common_api.MeshService, common_api.MeshServiceSubset, + common_api.Dataplane, }, - Descriptor: r.Descriptor(), }) } } diff --git a/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go index d2f3aaee52f8..295d0c0b46fd 100644 --- a/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/validator.go @@ -9,7 +9,7 @@ import ( func (r *MeshTrafficPermissionResource) validate() error { var verr validators.ValidationError path := validators.RootedAt("spec") - verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef)) + verr.AddErrorAt(path.Field("targetRef"), r.validateTop(r.Spec.TargetRef, len(r.Spec.From) > 0)) if len(r.Spec.From) == 0 { verr.AddViolationAt(path.Field("from"), "needs at least one item") } @@ -17,7 +17,7 @@ func (r *MeshTrafficPermissionResource) validate() error { return verr.OrNil() } -func (r *MeshTrafficPermissionResource) validateTop(targetRef *common_api.TargetRef) validators.ValidationError { +func (r *MeshTrafficPermissionResource) validateTop(targetRef *common_api.TargetRef, isInboundPolicy bool) validators.ValidationError { if targetRef == nil { return validators.ValidationError{} } @@ -29,7 +29,7 @@ func (r *MeshTrafficPermissionResource) validateTop(targetRef *common_api.Target common_api.MeshServiceSubset, common_api.Dataplane, }, - Descriptor: r.Descriptor(), + IsInboundPolicy: isInboundPolicy, }) return targetRefErr }