WIP: Adding CRD validation

api/v1beta1/artifact_types.go

@@ -26,20 +26,30 @@ import (
 // Artifact represents the output of a source synchronisation.
 type Artifact struct {
 	// Path is the relative file path of this artifact.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	Path string `json:"path"`
 
 	// URL is the HTTP address of this artifact.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +required
 	URL string `json:"url"`
 
 	// Revision is a human readable identifier traceable in the origin source
 	// system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
 	// chart version, etc.
+	// +kubebuilder:validation:MaxLength=65
+	// +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$`
 	// +optional
 	Revision string `json:"revision"`
 
 	// Checksum is the SHA256 checksum of the artifact.
+	// +kubebuilder:validation:MaxLength=65
+	// +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$`
 	// +optional
 	Checksum string `json:"checksum"`
 

api/v1beta1/bucket_types.go

@@ -38,10 +38,16 @@ type BucketSpec struct {
 	Provider string `json:"provider,omitempty"`
 
 	// The bucket name.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	BucketName string `json:"bucketName"`
 
 	// The bucket endpoint address.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=250
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	Endpoint string `json:"endpoint"`
 
@@ -50,6 +56,8 @@ type BucketSpec struct {
 	Insecure bool `json:"insecure,omitempty"`
 
 	// The bucket region.
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +optional
 	Region string `json:"region,omitempty"`
 
@@ -70,6 +78,7 @@ type BucketSpec struct {
 	// Ignore overrides the set of excluded patterns in the .sourceignore format
 	// (which is the same as .gitignore). If not provided, a default will be used,
 	// consult the documentation for your version to find out what those are.
+	// +kubebuilder:validation:MaxLength=5119
 	// +optional
 	Ignore *string `json:"ignore,omitempty"`
 
@@ -99,6 +108,8 @@ type BucketStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 
 	// URL is the download link for the artifact output of the last Bucket sync.
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +optional
 	URL string `json:"url,omitempty"`
 
@@ -206,7 +217,8 @@ type Bucket struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec BucketSpec `json:"spec,omitempty"`
+	// +kubebuilder:validation:required
+	Spec BucketSpec `json:"spec"`
 	// +kubebuilder:default={"observedGeneration":-1}
 	Status BucketStatus `json:"status,omitempty"`
 }

api/v1beta1/gitrepository_types.go

@@ -37,6 +37,9 @@ const (
 // GitRepositorySpec defines the desired state of a Git repository.
 type GitRepositorySpec struct {
 	// The repository URL, can be a HTTP/S or SSH address.
+
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=2048
 	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +required
 	URL string `json:"url"`
@@ -70,6 +73,8 @@ type GitRepositorySpec struct {
 	// Ignore overrides the set of excluded patterns in the .sourceignore format
 	// (which is the same as .gitignore). If not provided, a default will be used,
 	// consult the documentation for your version to find out what those are.
+	// +kubebuilder:validation:MaxLength=5119
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +optional
 	Ignore *string `json:"ignore,omitempty"`
 
@@ -115,29 +120,41 @@ type GitRepositoryInclude struct {
 	GitRepositoryRef meta.LocalObjectReference `json:"repository"`
 
 	// The path to copy contents from, defaults to the root directory.
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +optional
 	FromPath string `json:"fromPath"`
 
 	// The path to copy contents to, defaults to the name of the source ref.
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +optional
 	ToPath string `json:"toPath"`
 }
 
 // GitRepositoryRef defines the Git ref used for pull and checkout operations.
 type GitRepositoryRef struct {
 	// The Git branch to checkout, defaults to master.
+	// +kubebuilder:validation:MaxLength=244
+	// +kubebuilder:validation:Pattern=`^[\-._a-zA-Z0-9]+$`
 	// +optional
 	Branch string `json:"branch,omitempty"`
 
 	// The Git tag to checkout, takes precedence over Branch.
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^[\-._0-9]+$`
 	// +optional
 	Tag string `json:"tag,omitempty"`
 
 	// The Git tag semver expression, takes precedence over Tag.
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`
 	// +optional
 	SemVer string `json:"semver,omitempty"`
 
 	// The Git commit SHA to checkout, if specified Tag filters will be ignored.
+	// +kubebuilder:validation:MaxLength=65
+	// +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$`
 	// +optional
 	Commit string `json:"commit,omitempty"`
 }
@@ -164,6 +181,8 @@ type GitRepositoryStatus struct {
 
 	// URL is the download link for the artifact output of the last repository
 	// sync.
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +optional
 	URL string `json:"url,omitempty"`
 
@@ -279,7 +298,8 @@ type GitRepository struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec GitRepositorySpec `json:"spec,omitempty"`
+	// +kubebuilder:validation:required
+	Spec GitRepositorySpec `json:"spec"`
 	// +kubebuilder:default={"observedGeneration":-1}
 	Status GitRepositoryStatus `json:"status,omitempty"`
 }

api/v1beta1/helmchart_types.go

@@ -30,12 +30,17 @@ const HelmChartKind = "HelmChart"
 // HelmChartSpec defines the desired state of a Helm chart.
 type HelmChartSpec struct {
 	// The name or path the Helm chart is available at in the SourceRef.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	Chart string `json:"chart"`
 
 	// The chart version semver expression, ignored for charts from GitRepository
 	// and Bucket sources. Defaults to latest when omitted.
 	// +kubebuilder:default:=*
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +optional
 	Version string `json:"version,omitempty"`
 
@@ -92,6 +97,8 @@ const (
 // the typed referenced object at namespace level.
 type LocalHelmChartSourceReference struct {
 	// APIVersion of the referent.
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +optional
 	APIVersion string `json:"apiVersion,omitempty"`
 
@@ -102,6 +109,9 @@ type LocalHelmChartSourceReference struct {
 	Kind string `json:"kind"`
 
 	// Name of the referent.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	Name string `json:"name"`
 }
@@ -117,6 +127,8 @@ type HelmChartStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 
 	// URL is the download link for the last chart pulled.
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +optional
 	URL string `json:"url,omitempty"`
 
@@ -248,7 +260,8 @@ type HelmChart struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec HelmChartSpec `json:"spec,omitempty"`
+	// +kubebuilder:validation:required
+	Spec HelmChartSpec `json:"spec"`
 	// +kubebuilder:default={"observedGeneration":-1}
 	Status HelmChartStatus `json:"status,omitempty"`
 }

api/v1beta1/helmrepository_types.go

@@ -35,6 +35,9 @@ const (
 // HelmRepositorySpec defines the reference to a Helm repository.
 type HelmRepositorySpec struct {
 	// The Helm repository URL, a valid URL contains at least a protocol and host.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +required
 	URL string `json:"url"`
 
@@ -85,6 +88,8 @@ type HelmRepositoryStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 
 	// URL is the download link for the last index fetched.
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +optional
 	URL string `json:"url,omitempty"`
 
@@ -195,7 +200,8 @@ type HelmRepository struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec HelmRepositorySpec `json:"spec,omitempty"`
+	// +kubebuilder:validation:required
+	Spec HelmRepositorySpec `json:"spec"`
 	// +kubebuilder:default={"observedGeneration":-1}
 	Status HelmRepositoryStatus `json:"status,omitempty"`
 }

api/v1beta2/artifact_types.go

@@ -28,21 +28,30 @@ type Artifact struct {
 	// Path is the relative file path of the Artifact. It can be used to locate
 	// the file in the root of the Artifact storage on the local file system of
 	// the controller managing the Source.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	Path string `json:"path"`
 
 	// URL is the HTTP address of the Artifact as exposed by the controller
 	// managing the Source. It can be used to retrieve the Artifact for
 	// consumption, e.g. by another controller applying the Artifact contents.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +required
 	URL string `json:"url"`
 
 	// Revision is a human-readable identifier traceable in the origin source
 	// system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
+	// +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$`
 	// +optional
 	Revision string `json:"revision"`
 
 	// Checksum is the SHA256 checksum of the Artifact file.
+	// +kubebuilder:validation:MaxLength=65
+	// +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$`
 	// +optional
 	Checksum string `json:"checksum"`
 

api/v1beta2/bucket_types.go

@@ -57,10 +57,16 @@ type BucketSpec struct {
 	Provider string `json:"provider,omitempty"`
 
 	// BucketName is the name of the object storage bucket.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	BucketName string `json:"bucketName"`
 
 	// Endpoint is the object storage address the BucketName is located at.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=250
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +required
 	Endpoint string `json:"endpoint"`
 
@@ -69,6 +75,8 @@ type BucketSpec struct {
 	Insecure bool `json:"insecure,omitempty"`
 
 	// Region of the Endpoint where the BucketName is located in.
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`
 	// +optional
 	Region string `json:"region,omitempty"`
 
@@ -89,6 +97,7 @@ type BucketSpec struct {
 	// Ignore overrides the set of excluded patterns in the .sourceignore format
 	// (which is the same as .gitignore). If not provided, a default will be used,
 	// consult the documentation for your version to find out what those are.
+	// +kubebuilder:validation:MaxLength=5119
 	// +optional
 	Ignore *string `json:"ignore,omitempty"`
 
@@ -117,6 +126,8 @@ type BucketStatus struct {
 	// URL is the dynamic fetch link for the latest Artifact.
 	// It is provided on a "best effort" basis, and using the precise
 	// BucketStatus.Artifact data is recommended.
+	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$"
 	// +optional
 	URL string `json:"url,omitempty"`
 
@@ -172,7 +183,8 @@ type Bucket struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec BucketSpec `json:"spec,omitempty"`
+	// +kubebuilder:validation:required
+	Spec BucketSpec `json:"spec"`
 	// +kubebuilder:default={"observedGeneration":-1}
 	Status BucketStatus `json:"status,omitempty"`
 }