Skip to content

Commit 5dd0bcf

Browse files
gcs278gcs278
committed
OCPBUGS-39148: Add Feature Gate AND on NetworkLoadBalancer CEL
Previously, the AWSNetworkLoadBalancerParameters struct had CEL that referenced both Subnets and EIPAllocations, but only was gated on the EIPAllocations feature gate. This means if the subnets feature gate was ever disabled, then the IngressController CRD would be invalid because the CEL would still be present, causing an error when installing the CRD. We are now able to add "AND" logic to the FeatureGateAwareXValidation tag which enables us to feature gate the CEL on both Subnets and EIPAllocations feature gates.
1 parent e8e07fa commit 5dd0bcf

File tree

6 files changed

+3486
-280
lines changed

6 files changed

+3486
-280
lines changed

operator/v1/tests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController+IngressControllerLBSubnetsAWS.yaml

Lines changed: 258 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,258 @@
1+
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
2+
name: "IngressController"
3+
crdName: ingresscontrollers.operator.openshift.io
4+
featureGates:
5+
- SetEIPForNLBIngressController
6+
- IngressControllerLBSubnetsAWS
7+
tests:
8+
onCreate:
9+
- name: Should be able to create a minimal IngressController
10+
initial: |
11+
apiVersion: operator.openshift.io/v1
12+
kind: IngressController
13+
spec: {} # No spec is required for a IngressController
14+
expected: |
15+
apiVersion: operator.openshift.io/v1
16+
kind: IngressController
17+
spec:
18+
httpEmptyRequestsPolicy: Respond
19+
idleConnectionTerminationPolicy: Immediate
20+
- name: Should not allow ingress controller creation if sum of number subnets name and id provided is not equal to the number of eipAllocations.
21+
initial: |
22+
apiVersion: operator.openshift.io/v1
23+
kind: IngressController
24+
metadata:
25+
name: eiptestnlb
26+
namespace: openshift-ingress-operator
27+
spec:
28+
endpointPublishingStrategy:
29+
loadBalancer:
30+
scope: External
31+
providerParameters:
32+
type: AWS
33+
aws:
34+
type: NLB
35+
networkLoadBalancer:
36+
subnets:
37+
ids:
38+
- subnet-0fcf8e0392f0910d5
39+
names:
40+
- subnetA
41+
- subnetB
42+
eipAllocations:
43+
- eipalloc-1234567890abcdefa
44+
- eipalloc-1234567890abcdefb
45+
type: LoadBalancerService
46+
expectedError: "IngressController.operator.openshift.io \"eiptestnlb\" is invalid: spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer: Invalid value: \"object\": number of subnets must be equal to number of eipAllocations"
47+
- name: Should not allow ingress controller creation if number of subnets names provided is not equal to the number of eipAllocations.
48+
initial: |
49+
apiVersion: operator.openshift.io/v1
50+
kind: IngressController
51+
metadata:
52+
name: eiptestnlb
53+
namespace: openshift-ingress-operator
54+
spec:
55+
endpointPublishingStrategy:
56+
loadBalancer:
57+
scope: External
58+
providerParameters:
59+
type: AWS
60+
aws:
61+
type: NLB
62+
networkLoadBalancer:
63+
subnets:
64+
names:
65+
- subnetA
66+
- subnetB
67+
eipAllocations:
68+
- eipalloc-1234567890abcdefa
69+
type: LoadBalancerService
70+
expectedError: "IngressController.operator.openshift.io \"eiptestnlb\" is invalid: spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer: Invalid value: \"object\": number of subnets must be equal to number of eipAllocations"
71+
- name: Should not allow ingress controller creation if number of ids provided is not equal to the number of eipAllocations.
72+
initial: |
73+
apiVersion: operator.openshift.io/v1
74+
kind: IngressController
75+
metadata:
76+
name: eiptestnlb
77+
namespace: openshift-ingress-operator
78+
spec:
79+
endpointPublishingStrategy:
80+
loadBalancer:
81+
scope: External
82+
providerParameters:
83+
type: AWS
84+
aws:
85+
type: NLB
86+
networkLoadBalancer:
87+
subnets:
88+
ids:
89+
- subnet-0fcf8e0392f0910d5
90+
eipAllocations:
91+
- eipalloc-1234567890abcdefa
92+
- eipalloc-1234567890abcdefb
93+
type: LoadBalancerService
94+
expectedError: "IngressController.operator.openshift.io \"eiptestnlb\" is invalid: spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer: Invalid value: \"object\": number of subnets must be equal to number of eipAllocations"
95+
- name: Should allow to set NLB parameters when LBType is NLB and eipAllocations are equal to the sum of subnets names and ids.
96+
initial: |
97+
apiVersion: operator.openshift.io/v1
98+
kind: IngressController
99+
metadata:
100+
name: eiptestnlb
101+
namespace: openshift-ingress-operator
102+
spec:
103+
endpointPublishingStrategy:
104+
loadBalancer:
105+
scope: External
106+
providerParameters:
107+
type: AWS
108+
aws:
109+
type: NLB
110+
networkLoadBalancer:
111+
subnets:
112+
ids:
113+
- subnet-0fcf8e0392f0910d5
114+
names:
115+
- subnetA
116+
- subnetB
117+
eipAllocations:
118+
- eipalloc-1234567890abcdefa
119+
- eipalloc-1234567890abcdefb
120+
- eipalloc-1234567890abcdefc
121+
type: LoadBalancerService
122+
expected: |
123+
apiVersion: operator.openshift.io/v1
124+
kind: IngressController
125+
metadata:
126+
name: eiptestnlb
127+
namespace: openshift-ingress-operator
128+
spec:
129+
httpEmptyRequestsPolicy: Respond
130+
idleConnectionTerminationPolicy: Immediate
131+
endpointPublishingStrategy:
132+
loadBalancer:
133+
dnsManagementPolicy: Managed
134+
scope: External
135+
providerParameters:
136+
type: AWS
137+
aws:
138+
type: NLB
139+
networkLoadBalancer:
140+
subnets:
141+
ids:
142+
- subnet-0fcf8e0392f0910d5
143+
names:
144+
- subnetA
145+
- subnetB
146+
eipAllocations:
147+
- eipalloc-1234567890abcdefa
148+
- eipalloc-1234567890abcdefb
149+
- eipalloc-1234567890abcdefc
150+
type: LoadBalancerService
151+
- name: Should allow to set NLB parameters when LBType is NLB and eipAllocations are equal to the number of subnets names.
152+
initial: |
153+
apiVersion: operator.openshift.io/v1
154+
kind: IngressController
155+
metadata:
156+
name: eiptestnlb
157+
namespace: openshift-ingress-operator
158+
spec:
159+
endpointPublishingStrategy:
160+
loadBalancer:
161+
scope: External
162+
providerParameters:
163+
type: AWS
164+
aws:
165+
type: NLB
166+
networkLoadBalancer:
167+
subnets:
168+
names:
169+
- subnetA
170+
- subnetB
171+
- subnetC
172+
eipAllocations:
173+
- eipalloc-1234567890abcdefa
174+
- eipalloc-1234567890abcdefb
175+
- eipalloc-1234567890abcdefc
176+
type: LoadBalancerService
177+
expected: |
178+
apiVersion: operator.openshift.io/v1
179+
kind: IngressController
180+
metadata:
181+
name: eiptestnlb
182+
namespace: openshift-ingress-operator
183+
spec:
184+
httpEmptyRequestsPolicy: Respond
185+
idleConnectionTerminationPolicy: Immediate
186+
endpointPublishingStrategy:
187+
loadBalancer:
188+
dnsManagementPolicy: Managed
189+
scope: External
190+
providerParameters:
191+
type: AWS
192+
aws:
193+
type: NLB
194+
networkLoadBalancer:
195+
subnets:
196+
names:
197+
- subnetA
198+
- subnetB
199+
- subnetC
200+
eipAllocations:
201+
- eipalloc-1234567890abcdefa
202+
- eipalloc-1234567890abcdefb
203+
- eipalloc-1234567890abcdefc
204+
type: LoadBalancerService
205+
- name: Should allow to set NLB parameters when LBType is NLB and eipAllocations are equal to the number of subnet ids.
206+
initial: |
207+
apiVersion: operator.openshift.io/v1
208+
kind: IngressController
209+
metadata:
210+
name: eiptestnlb
211+
namespace: openshift-ingress-operator
212+
spec:
213+
endpointPublishingStrategy:
214+
loadBalancer:
215+
scope: External
216+
providerParameters:
217+
type: AWS
218+
aws:
219+
type: NLB
220+
networkLoadBalancer:
221+
subnets:
222+
ids:
223+
- subnet-0fcf8e0392f0910d5
224+
- subnet-0fcf8e0392f0910d6
225+
- subnet-0fcf8e0392f0910d7
226+
eipAllocations:
227+
- eipalloc-1234567890abcdefa
228+
- eipalloc-1234567890abcdefb
229+
- eipalloc-1234567890abcdefc
230+
type: LoadBalancerService
231+
expected: |
232+
apiVersion: operator.openshift.io/v1
233+
kind: IngressController
234+
metadata:
235+
name: eiptestnlb
236+
namespace: openshift-ingress-operator
237+
spec:
238+
httpEmptyRequestsPolicy: Respond
239+
idleConnectionTerminationPolicy: Immediate
240+
endpointPublishingStrategy:
241+
loadBalancer:
242+
dnsManagementPolicy: Managed
243+
scope: External
244+
providerParameters:
245+
type: AWS
246+
aws:
247+
type: NLB
248+
networkLoadBalancer:
249+
subnets:
250+
ids:
251+
- subnet-0fcf8e0392f0910d5
252+
- subnet-0fcf8e0392f0910d6
253+
- subnet-0fcf8e0392f0910d7
254+
eipAllocations:
255+
- eipalloc-1234567890abcdefa
256+
- eipalloc-1234567890abcdefb
257+
- eipalloc-1234567890abcdefc
258+
type: LoadBalancerService

0 commit comments

Comments
 (0)