Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation to ensure no duplicate TargetRefs in policies #2998

Merged
merged 1 commit into from
Jan 9, 2025
Merged

Add validation to ensure no duplicate TargetRefs in policies #2998

merged 1 commit into from
Jan 9, 2025

Conversation

bjee19
Copy link
Contributor

@bjee19 bjee19 commented Jan 9, 2025

Proposed changes

Validate that there are no duplicate TargetRefs in the UpstreamSettingsPolicy and ObservabilityPolicy. Additionally, since this change strengthens the validation rules on the ObservabilityPolicy API, we are bumping the ObservabilityPolicy API version from v1alpha1 to v1alpha2.

Problem: It's possible to create an ObservabilityPolicy or UpstreamSettingsPolicy with duplicate targetRefs. This is not a valid configuration and should be prevented.

Solution: Add CEL validation to prevent this.

Testing: Manually deployed both the UpstreamSettingsPolicy and ObservabilityPolicy and verified that duplicate targetRefs are invalid.

Closes #2923

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

Add validation to ObservabilityPolicy and UpstreamSettingsPolicy APIs to ensure no duplicate targetRefs are allowed. Also, bumped the ObservabilityPolicy API version from `v1alpha1` to `v1alpha2`.

@bjee19 bjee19 requested review from a team as code owners January 9, 2025 18:56
@github-actions github-actions bot added documentation Improvements or additions to documentation enhancement New feature or request tests Pull requests that update tests labels Jan 9, 2025
@bjee19 bjee19 mentioned this pull request Jan 9, 2025
Closed
6 tasks
ADubhlaoich
ADubhlaoich approved these changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@ADubhlaoich ADubhlaoich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs updates LGTM.

@bjee19 bjee19 force-pushed the enh/validate-duplicate-targetrefs branch from ce1cd37 to 34ad609 Compare January 9, 2025 20:10
@bjee19 bjee19 force-pushed the enh/validate-duplicate-targetrefs branch from 34ad609 to 93c6ea6 Compare January 9, 2025 23:06
@bjee19 bjee19 merged commit 2be5b0c into main Jan 9, 2025
40 checks passed
@bjee19 bjee19 deleted the enh/validate-duplicate-targetrefs branch January 9, 2025 23:27
miledxz added a commit to miledxz/nginx-gateway-fabric that referenced this pull request Jan 14, 2025
@miledxz
Add validation to ensure no duplicate TargetRefs in policies (nginx#2998
85c448e 
)

Validate that there are no duplicate TargetRefs in the UpstreamSettingsPolicy and ObservabilityPolicy. 
Additionally, since this change strengthens the validation rules on the ObservabilityPolicy API, we are bumping the ObservabilityPolicy API version from v1alpha1 to v1alpha2.

Problem: It's possible to create an ObservabilityPolicy or UpstreamSettingsPolicy with duplicate targetRefs. 
This is not a valid configuration and should be prevented.

Solution: Add CEL validation to prevent this.

Testing: Manually deployed both the UpstreamSettingsPolicy and ObservabilityPolicy and verified that duplicate targetRefs are invalid.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@salonichf5 salonichf5 salonichf5 approved these changes

@kate-osborn kate-osborn kate-osborn approved these changes

@sjberman sjberman sjberman approved these changes

@ADubhlaoich ADubhlaoich ADubhlaoich approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request tests Pull requests that update tests
Projects
NGINX Gateway Fabric
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Don't allow duplicate TargetRefs for NGF Policies
5 participants
@bjee19 @ADubhlaoich @sjberman @kate-osborn @salonichf5