homelab/traefik
1
0
Fork 0
Code Activity

Fix CEL validation for RootCA in ServersTransport

Browse source 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
This commit is contained in:
Romain 2025-05-23 11:34:05 +02:00 committed by GitHub
parent 06b02bcd95
commit 76153acac6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

@ -2273,7 +2273,7 @@ spec:
type: object type: object
x-kubernetes-validations: x-kubernetes-validations:
- message: RootCA cannot have both Secret and ConfigMap defined. - message: RootCA cannot have both Secret and ConfigMap defined.
rule: has(self.secret) && has(self.configMap) rule: '!has(self.secret) || !has(self.configMap)'
type: array type: array
rootCAsSecrets: rootCAsSecrets:
description: |- description: |-
@ -2418,7 +2418,7 @@ spec:
type: object type: object
x-kubernetes-validations: x-kubernetes-validations:
- message: RootCA cannot have both Secret and ConfigMap defined. - message: RootCA cannot have both Secret and ConfigMap defined.
rule: has(self.secret) && has(self.configMap) rule: '!has(self.secret) || !has(self.configMap)'
type: array type: array
rootCAsSecrets: rootCAsSecrets:
description: |- description: |-

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View file

@ -134,7 +134,7 @@ spec:
type: object type: object
x-kubernetes-validations: x-kubernetes-validations:
- message: RootCA cannot have both Secret and ConfigMap defined. - message: RootCA cannot have both Secret and ConfigMap defined.
rule: has(self.secret) && has(self.configMap) rule: '!has(self.secret) || !has(self.configMap)'
type: array type: array
rootCAsSecrets: rootCAsSecrets:
description: |- description: |-

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View file

@ -110,7 +110,7 @@ spec:
type: object type: object
x-kubernetes-validations: x-kubernetes-validations:
- message: RootCA cannot have both Secret and ConfigMap defined. - message: RootCA cannot have both Secret and ConfigMap defined.
rule: has(self.secret) && has(self.configMap) rule: '!has(self.secret) || !has(self.configMap)'
type: array type: array
rootCAsSecrets: rootCAsSecrets:
description: |- description: |-

4
integration/fixtures/k8s/01-traefik-crd.yml
View file

@ -2273,7 +2273,7 @@ spec:
type: object type: object
x-kubernetes-validations: x-kubernetes-validations:
- message: RootCA cannot have both Secret and ConfigMap defined. - message: RootCA cannot have both Secret and ConfigMap defined.
rule: has(self.secret) && has(self.configMap) rule: '!has(self.secret) || !has(self.configMap)'
type: array type: array
rootCAsSecrets: rootCAsSecrets:
description: |- description: |-
@ -2418,7 +2418,7 @@ spec:
type: object type: object
x-kubernetes-validations: x-kubernetes-validations:
- message: RootCA cannot have both Secret and ConfigMap defined. - message: RootCA cannot have both Secret and ConfigMap defined.
rule: has(self.secret) && has(self.configMap) rule: '!has(self.secret) || !has(self.configMap)'
type: array type: array
rootCAsSecrets: rootCAsSecrets:
description: |- description: |-

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go
View file

@ -81,7 +81,7 @@ type ForwardingTimeouts struct {
// RootCA defines a reference to a Secret or a ConfigMap that holds a CA certificate. // RootCA defines a reference to a Secret or a ConfigMap that holds a CA certificate.
// If both a Secret and a ConfigMap reference are defined, the Secret reference takes precedence. // If both a Secret and a ConfigMap reference are defined, the Secret reference takes precedence.
// +kubebuilder:validation:XValidation:rule="has(self.secret) && has(self.configMap)",message="RootCA cannot have both Secret and ConfigMap defined." // +kubebuilder:validation:XValidation:rule="!has(self.secret) || !has(self.configMap)",message="RootCA cannot have both Secret and ConfigMap defined."
type RootCA struct { type RootCA struct {
// Secret defines the name of a Secret that holds a CA certificate. // Secret defines the name of a Secret that holds a CA certificate.
// The referenced Secret must contain a certificate under either a tls.ca or a ca.crt key. // The referenced Secret must contain a certificate under either a tls.ca or a ca.crt key.