Skip to content

Commit

Permalink
chore: Not allowing empty role to be set on EC2NodeClass (#4940)
Browse files Browse the repository at this point in the history
  • Loading branch information
engedaam authored Oct 26, 2023
1 parent 38d4c95 commit 8fd0d65
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,8 @@ spec:
profiles on an update.
type: string
x-kubernetes-validations:
- message: role cannot be empty
rule: self != ''
- message: immutable field changed
rule: self == oldSelf
securityGroupSelectorTerms:
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/v1beta1/ec2nodeclass.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ type EC2NodeClassSpec struct {
// Marking this field as immutable avoids concerns around terminating managed instance profiles from running instances.
// This field may be made mutable in the future, assuming the correct garbage collection and drift handling is implemented
// for the old instance profiles on an update.
// +kubebuilder:validation:XValidation:rule="self != ''",message="role cannot be empty"
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="immutable field changed"
// +required
Role string `json:"role"`
Expand Down
5 changes: 5 additions & 0 deletions pkg/apis/v1beta1/ec2nodeclass_validation_cel_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ var _ = Describe("CEL/Validation", func() {
nc = &v1beta1.EC2NodeClass{
ObjectMeta: metav1.ObjectMeta{Name: strings.ToLower(randomdata.SillyName())},
Spec: v1beta1.EC2NodeClassSpec{
Role: "test-role",
AMIFamily: &v1beta1.AMIFamilyAL2,
SubnetSelectorTerms: []v1beta1.SubnetSelectorTerm{
{
Expand Down Expand Up @@ -703,6 +704,10 @@ var _ = Describe("CEL/Validation", func() {
})
})
Context("Role Immutability", func() {
It("should fail if role is not defined", func() {
nc.Spec.Role = ""
Expect(env.Client.Create(ctx, nc)).ToNot(Succeed())
})
It("should fail when updating the role", func() {
nc.Spec.Role = "test-role"
Expect(env.Client.Create(ctx, nc)).To(Succeed())
Expand Down

0 comments on commit 8fd0d65

Please sign in to comment.