deployment: add validation to enforce delegations is a list of objects

Fixes projectcontour#977 Also correct documentation that incorrectly stated that spec.delegations was a singular key. Signed-off-by: Dave Cheney <[email protected]>
davecheney · Apr 5, 2019 · 168f668 · 168f668
1 parent de46617
commit 168f668
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 3 deletions.
diff --git a/deployment/common/common.yaml b/deployment/common/common.yaml
@@ -161,4 +161,21 @@ spec:
   names:
     plural: tlscertificatedelegations
     kind: TLSCertificateDelegation
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            delegations:
+              type: array
+              items:
+                type: object
+                required:
+                  - secretName
+                  - targetNamespaces
+                properties:
+                  match:
+                    type: string
+                  targetNamespaces:
+                    type: array
 ---
diff --git a/deployment/render/daemonset-rbac.yaml b/deployment/render/daemonset-rbac.yaml
@@ -164,6 +164,23 @@ spec:
   names:
     plural: tlscertificatedelegations
     kind: TLSCertificateDelegation
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            delegations:
+              type: array
+              items:
+                type: object
+                required:
+                  - secretName
+                  - targetNamespaces
+                properties:
+                  match:
+                    type: string
+                  targetNamespaces:
+                    type: array
 ---
 apiVersion: extensions/v1beta1
 kind: DaemonSet

diff --git a/deployment/render/deployment-rbac.yaml b/deployment/render/deployment-rbac.yaml
@@ -164,6 +164,23 @@ spec:
   names:
     plural: tlscertificatedelegations
     kind: TLSCertificateDelegation
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            delegations:
+              type: array
+              items:
+                type: object
+                required:
+                  - secretName
+                  - targetNamespaces
+                properties:
+                  match:
+                    type: string
+                  targetNamespaces:
+                    type: array
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment

diff --git a/docs/ingressroute.md b/docs/ingressroute.md
@@ -286,9 +286,9 @@ metadata:
   namespace: www-admin
 spec:
   delegations:
-    secretName: example-com-wildcard
-    targetNamespaces:
-    - example-com
+    - secretName: example-com-wildcard
+      targetNamespaces:
+      - example-com
 ---
 apiVersion: contour.heptio.com/v1beta1
 kind: IngressRoute