190 lines
6.8 KiB
Smarty
190 lines
6.8 KiB
Smarty
{{/* Ingress Validation */}}
|
|
{{/* Call this template:
|
|
{{ include "tc.v1.common.lib.ingress.validation" (dict "rootCtx" $ "objectData" $objectData) -}}
|
|
objectData:
|
|
rootCtx: The root context of the chart.
|
|
objectData: The Ingress object.
|
|
*/}}
|
|
|
|
{{- define "tc.v1.common.lib.ingress.validation" -}}
|
|
{{- $rootCtx := .rootCtx -}}
|
|
{{- $objectData := .objectData -}}
|
|
|
|
{{- if $objectData.targetSelector -}}
|
|
{{- if not (kindIs "map" $objectData.targetSelector) -}}
|
|
{{- fail (printf "Ingress - Expected [targetSelector] to be a [map], but got [%s]" (kindOf $objectData.targetSelector)) -}}
|
|
{{- end -}}
|
|
|
|
{{- $selectors := $objectData.targetSelector | keys | len -}}
|
|
{{- if (gt $selectors 1) -}}
|
|
{{ fail (printf "Ingress - Expected [targetSelector] to have exactly one key, but got [%d]" $selectors) -}}
|
|
{{- end -}}
|
|
|
|
{{- range $k, $v := $objectData.targetSelector -}}
|
|
{{- if not $v -}}
|
|
{{- fail (printf "Ingress - Expected [targetSelector.%s] to have a value" $k) -}}
|
|
{{- end -}}
|
|
|
|
{{- if not (kindIs "string" $v) -}}
|
|
{{- fail (printf "Ingress - Expected [targetSelector.%s] to be a [string], but got [%s]" $k (kindOf $v)) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{- if $objectData.ingressClassName -}}
|
|
{{- $icn := tpl $objectData.ingressClassName $rootCtx -}}
|
|
{{- if eq $icn "tc-stopped" -}}
|
|
{{- fail "Ingress - Expected [ingressClassName] to not be [tc-stopped], this is reserved for internal use" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{- if not $objectData.hosts -}}
|
|
{{- fail "Ingress - Expected non-empty [hosts]" -}}
|
|
{{- end -}}
|
|
|
|
{{- if not (kindIs "slice" $objectData.hosts) -}}
|
|
{{- fail (printf "Ingress - Expected [hosts] to be a [slice], but got [%s]" (kindOf $objectData.hosts)) -}}
|
|
{{- end -}}
|
|
|
|
{{- range $h := $objectData.hosts -}}
|
|
{{- if not $h.host -}}
|
|
{{- fail "Ingress - Expected non-empty [hosts.host]" -}}
|
|
{{- end -}}
|
|
|
|
{{- $host := tpl $h.host $rootCtx -}}
|
|
{{- if (hasPrefix "http://" $host) -}}
|
|
{{- fail (printf "Ingress - Expected [hosts.host] to not start with [http://], but got [%s]" $host) -}}
|
|
{{- end -}}
|
|
{{- if (hasPrefix "https://" $host) -}}
|
|
{{- fail (printf "Ingress - Expected [hosts.host] to not start with [https://], but got [%s]" $host) -}}
|
|
{{- end -}}
|
|
{{- if (contains ":" $host) -}}
|
|
{{- fail (printf "Ingress - Expected [hosts.host] to not contain [:], but got [%s]" $host) -}}
|
|
{{- end -}}
|
|
|
|
{{- if and $h.paths (not (kindIs "slice" $h.paths)) -}}
|
|
{{- fail (printf "Ingress - Expected [hosts.paths] to be a [slice], but got [%s]" (kindOf $h.paths)) -}}
|
|
{{- end -}}
|
|
|
|
{{- range $p := $h.paths -}}
|
|
{{- $pathType := "Prefix" -}}
|
|
{{- if $p.pathType -}}
|
|
{{- $pathType = tpl $p.pathType $rootCtx -}}
|
|
{{- end -}}
|
|
|
|
{{- $validPathTypes := (list "Prefix" "Exact" "ImplementationSpecific") -}}
|
|
{{- if not (mustHas $pathType $validPathTypes) -}}
|
|
{{- fail (printf "Ingress - Expected [hosts.paths.pathType] to be one of [%s], but got [%s]" (join ", " $validPathTypes) $pathType) -}}
|
|
{{- end -}}
|
|
|
|
{{- $path := tpl ($p.path | default "/") $rootCtx -}}
|
|
{{- $prefixSlashTypes := (list "Prefix" "Exact") -}}
|
|
{{- if (mustHas $pathType $prefixSlashTypes) -}}
|
|
{{- if and $path (not (hasPrefix "/" $path)) -}}
|
|
{{- fail (printf "Ingress - Expected [hosts.paths.path] to start with [/], but got [%s]" $path) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* If at least one thing in overrideService is defined... */}}
|
|
{{- with $p.overrideService -}}
|
|
{{- if not .name -}}
|
|
{{- fail "Ingress - Expected non-empty [hosts.paths.overrideService.name]" -}}
|
|
{{- end -}}
|
|
{{- if not .port -}}
|
|
{{- fail "Ingress - Expected non-empty [hosts.paths.overrideService.port]" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{- range $t := $objectData.tls -}}
|
|
{{- if not $t.hosts -}}
|
|
{{- fail "Ingress - Expected non-empty [tls.hosts]" -}}
|
|
{{- end -}}
|
|
|
|
{{- if not (kindIs "slice" $t.hosts) -}}
|
|
{{- fail (printf "Ingress - Expected [tls.hosts] to be a [slice], but got [%s]" (kindOf $t.hosts)) -}}
|
|
{{- end -}}
|
|
|
|
{{- range $h := $t.hosts -}}
|
|
{{- if not $h -}}
|
|
{{- fail "Ingress - Expected non-empty entry in [tls.hosts]" -}}
|
|
{{- end -}}
|
|
|
|
{{- $host := tpl $h $rootCtx -}}
|
|
{{- if (hasPrefix "http://" $host) -}}
|
|
{{- fail (printf "Ingress - Expected entry in [tls.hosts] to not start with [http://], but got [%s]" $host) -}}
|
|
{{- end -}}
|
|
{{- if (hasPrefix "https://" $host) -}}
|
|
{{- fail (printf "Ingress - Expected entry in [tls.hosts] to not start with [https://], but got [%s]" $host) -}}
|
|
{{- end -}}
|
|
{{- if (contains ":" $host) -}}
|
|
{{- fail (printf "Ingress - Expected entry in [tls.hosts] to not contain [:], but got [%s]" $host) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{- $certOptions := (list "secretName" "certificateIssuer" "clusterCertificate") -}}
|
|
{{- $optsSet := list -}}
|
|
{{- range $opt := $certOptions -}}
|
|
{{- if (get $t $opt) -}}
|
|
{{- $optsSet = mustAppend $optsSet $opt -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{- if gt ($optsSet | len) 1 -}}
|
|
{{- fail (printf "Ingress - Expected only one of [%s] to be set, but got [%s]" (join ", " $certOptions) (join ", " $optsSet)) -}}
|
|
{{- end -}}
|
|
|
|
{{- end -}}
|
|
|
|
{{- end -}}
|
|
|
|
{{/* Ingress Primary Validation */}}
|
|
{{/* Call this template:
|
|
{{ include "tc.v1.common.lib.ingress.primaryValidation" $ -}}
|
|
*/}}
|
|
{{- define "tc.v1.common.lib.ingress.primaryValidation" -}}
|
|
{{- $result := (include "tc.v1.common.lib.ingress.hasPrimary" $) | fromJson -}}
|
|
|
|
{{/* Require at least one primary ingress, if any enabled */}}
|
|
{{- if and $result.hasEnabled (not $result.hasPrimary) -}}
|
|
{{- fail "Ingress - At least one enabled ingress must be primary" -}}
|
|
{{- end -}}
|
|
|
|
{{- end -}}
|
|
|
|
{{- define "tc.v1.common.lib.ingress.hasPrimary" -}}
|
|
|
|
{{/* Initialize values */}}
|
|
{{- $hasPrimary := false -}}
|
|
{{- $hasEnabled := false -}}
|
|
|
|
{{- range $name, $ingress := $.Values.ingress -}}
|
|
|
|
{{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict
|
|
"rootCtx" $ "objectData" $ingress
|
|
"name" $name "caller" "Ingress"
|
|
"key" "ingress")) -}}
|
|
|
|
{{/* If ingress is enabled */}}
|
|
{{- if eq $enabled "true" -}}
|
|
{{- $hasEnabled = true -}}
|
|
|
|
{{/* And ingress is primary */}}
|
|
{{- if and (hasKey $ingress "primary") ($ingress.primary) -}}
|
|
{{/* Fail if there is already a primary ingress */}}
|
|
{{- if $hasPrimary -}}
|
|
{{- fail "Ingress - Only one ingress can be primary" -}}
|
|
{{- end -}}
|
|
|
|
{{- $hasPrimary = true -}}
|
|
|
|
{{- end -}}
|
|
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{- (dict "hasPrimary" $hasPrimary "hasEnabled" $hasEnabled) | toJson -}}
|
|
{{- end -}}
|