require generate.apiVersion (#7080)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2023-05-03 18:33:29 +08:00 · 2023-05-03 18:33:29 +08:00 · a7900ff40c
commit a7900ff40c
parent 999efcebaf
4 changed files with 11 additions and 4 deletions
--- a/pkg/policy/generate/validate.go
+++ b/pkg/policy/generate/validate.go
@ -46,7 +46,7 @@ func (g *Generate) Validate(ctx context.Context) (string, error) {
 		return "", fmt.Errorf("only one of clone or cloneList can be specified")
 	}

-	kind, name, namespace := rule.Kind, rule.Name, rule.Namespace
+	apiVersion, kind, name, namespace := rule.ResourceSpec.GetAPIVersion(), rule.ResourceSpec.GetKind(), rule.ResourceSpec.GetName(), rule.ResourceSpec.GetNamespace()

 	if len(rule.CloneList.Kinds) == 0 {
 		if name == "" {
@ -55,6 +55,9 @@ func (g *Generate) Validate(ctx context.Context) (string, error) {
 		if kind == "" {
 			return "kind", fmt.Errorf("kind cannot be empty")
 		}
+		if apiVersion == "" {
+			return "apiVersion", fmt.Errorf("apiVersion cannot be empty")
+		}
 	} else {
 		if name != "" {
 			return "name", fmt.Errorf("with cloneList, generate.name. should not be specified")
--- a/pkg/policy/generate/validate_test.go
+++ b/pkg/policy/generate/validate_test.go
@ -35,9 +35,9 @@ func Test_Validate_Generate(t *testing.T) {
 	err := json.Unmarshal(rawGenerate, &genRule)
 	assert.NilError(t, err)
 	checker := NewFakeGenerate(genRule)
-	if _, err := checker.Validate(context.TODO()); err != nil {
+	_, err = checker.Validate(context.TODO())
+	t.Log(err)
 	assert.Assert(t, err != nil)
-	}
 }

 func Test_Validate_Generate_HasAnchors(t *testing.T) {
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml
@ -38,6 +38,7 @@ spec:
    generate:
        kind: Role
        name: ns-role
+        apiVersion: rbac.authorization.k8s.io/v1
        namespace: "{{request.object.metadata.name}}"
        synchronize: true
        clone:
@ -52,6 +53,7 @@ spec:
    generate:
        kind: RoleBinding
        name: ns-role-binding
+        apiVersion: rbac.authorization.k8s.io/v1
        namespace: "{{request.object.metadata.name}}"
        synchronize: true
        clone:
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml
@ -14,6 +14,7 @@ spec:
    generate:
        kind: Role
        name: ns-role
+        apiVersion: rbac.authorization.k8s.io/v1
        namespace: "{{request.object.metadata.name}}"
        synchronize: true
        data:
@ -30,6 +31,7 @@ spec:
    generate:
        kind: RoleBinding
        name: ns-role-binding
+        apiVersion: rbac.authorization.k8s.io/v1
        namespace: "{{request.object.metadata.name}}"
        synchronize: true
        data: