From a14d924db364745ffafe5275edc3292acf4681de Mon Sep 17 00:00:00 2001
From: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Date: Wed, 9 Oct 2024 12:28:07 +0200
Subject: [PATCH] Disallow empty port list for ANP peers.

Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
---
 apis/v1alpha1/adminnetworkpolicy_types.go                       | 2 ++
 apis/v1alpha1/baselineadminnetworkpolicy_types.go               | 2 ++
 .../policy.networking.k8s.io_adminnetworkpolicies.yaml          | 2 ++
 .../policy.networking.k8s.io_baselineadminnetworkpolicies.yaml  | 2 ++
 .../standard/policy.networking.k8s.io_adminnetworkpolicies.yaml | 2 ++
 .../policy.networking.k8s.io_baselineadminnetworkpolicies.yaml  | 2 ++
 6 files changed, 12 insertions(+)

diff --git a/apis/v1alpha1/adminnetworkpolicy_types.go b/apis/v1alpha1/adminnetworkpolicy_types.go
index 24ad5e6c..97d8d438 100644
--- a/apis/v1alpha1/adminnetworkpolicy_types.go
+++ b/apis/v1alpha1/adminnetworkpolicy_types.go
@@ -155,6 +155,7 @@ type AdminNetworkPolicyIngressRule struct {
 	// Support: Core
 	//
 	// +optional
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	Ports *[]AdminNetworkPolicyPort `json:"ports,omitempty"`
 }
@@ -207,6 +208,7 @@ type AdminNetworkPolicyEgressRule struct {
 	// Support: Core
 	//
 	// +optional
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	Ports *[]AdminNetworkPolicyPort `json:"ports,omitempty"`
 }
diff --git a/apis/v1alpha1/baselineadminnetworkpolicy_types.go b/apis/v1alpha1/baselineadminnetworkpolicy_types.go
index f89dac2c..825eb9bc 100644
--- a/apis/v1alpha1/baselineadminnetworkpolicy_types.go
+++ b/apis/v1alpha1/baselineadminnetworkpolicy_types.go
@@ -136,6 +136,7 @@ type BaselineAdminNetworkPolicyIngressRule struct {
 	// Support: Core
 	//
 	// +optional
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	Ports *[]AdminNetworkPolicyPort `json:"ports,omitempty"`
 }
@@ -181,6 +182,7 @@ type BaselineAdminNetworkPolicyEgressRule struct {
 	// This field is a list of destination ports for the outgoing egress traffic.
 	// If Ports is not set then the rule does not filter traffic via port.
 	// +optional
+	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=100
 	Ports *[]AdminNetworkPolicyPort `json:"ports,omitempty"`
 }
diff --git a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
index 16a7be69..09e98b5c 100644
--- a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
+++ b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
@@ -200,6 +200,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                     to:
                       description: |-
@@ -869,6 +870,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                   required:
                   - action
diff --git a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
index 33b74fc6..ccff6946 100644
--- a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
+++ b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
@@ -190,6 +190,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                     to:
                       description: |-
@@ -808,6 +809,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                   required:
                   - action
diff --git a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml
index 7ea61075..f2b08247 100644
--- a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml
+++ b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml
@@ -190,6 +190,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                     to:
                       description: |-
@@ -704,6 +705,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                   required:
                   - action
diff --git a/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
index 34904b4a..fafbff4a 100644
--- a/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
+++ b/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
@@ -180,6 +180,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                     to:
                       description: |-
@@ -690,6 +691,7 @@ spec:
                             type: object
                         type: object
                       maxItems: 100
+                      minItems: 1
                       type: array
                   required:
                   - action