From 83157e5f0dee798657c7db128c6d914fb1ac6186 Mon Sep 17 00:00:00 2001 From: enxebre Date: Tue, 27 May 2025 13:58:53 +0200 Subject: [PATCH] Add max length validation for apiserver namedCertificates The addition of maxLength check is a fix itself. In addition this will help hcp validations to contain cel validation budget --- .../APIServerServingCerts.yaml | 1675 +++++++++++++++++ config/v1/types_apiserver.go | 2 + ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 2 + ...ig-operator_01_apiservers-Default.crd.yaml | 2 + ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 2 + ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 2 + .../AAA_ungated.yaml | 2 + .../KMSEncryptionProvider.yaml | 2 + ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 2 + ...ig-operator_01_apiservers-Default.crd.yaml | 2 + ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 2 + ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 2 + 12 files changed, 1697 insertions(+) create mode 100644 config/v1/tests/apiservers.config.openshift.io/APIServerServingCerts.yaml diff --git a/config/v1/tests/apiservers.config.openshift.io/APIServerServingCerts.yaml b/config/v1/tests/apiservers.config.openshift.io/APIServerServingCerts.yaml new file mode 100644 index 00000000000..c4bbeba0cbd --- /dev/null +++ b/config/v1/tests/apiservers.config.openshift.io/APIServerServingCerts.yaml @@ -0,0 +1,1675 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "APIServer" +crdName: apiservers.config.openshift.io +tests: + onUpdate: + - name: Should update other fields when an invalid persisted namedCertificates in spec + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/servingCerts/properties/namedCertificates/maxItems + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/servingCerts/properties/namedCertificates/items/properties/names/maxItems + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "32.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - "65.kas.same-names-entry.com" + updated: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + additionalCORSAllowedOrigins: + - "foo" + - "bar" + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "32.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - "65.kas.same-names-entry.com" + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + additionalCORSAllowedOrigins: + - "foo" + - "bar" + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "32.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - "65.kas.same-names-entry.com" + - name: Should fail when an invalid persisted namedCertificates in spec is updated to another invalid value + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/servingCerts/properties/namedCertificates/maxItems + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/servingCerts/properties/namedCertificates/items/properties/names/maxItems + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "32.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - "65.kas.same-names-entry.com" + updated: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + additionalCORSAllowedOrigins: + - "foo" + - "bar" + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "32.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - "65.kas.same-names-entry.com" + - "additional.kas.same-names-entry.com" + expectedError: "Too many: 66: must have at most 64 items" + - name: Should update invalid persisted namedCertificates in spec to a valid value + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/servingCerts/properties/namedCertificates/maxItems + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/servingCerts/properties/namedCertificates/items/properties/names/maxItems + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "32.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - "65.kas.same-names-entry.com" + updated: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + additionalCORSAllowedOrigins: + - "foo" + - "bar" + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + additionalCORSAllowedOrigins: + - "foo" + - "bar" + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + onCreate: + - name: Should create when namedCertificates and namedCertificates.names is below max allowed + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - name: Should fail when namedCertificates is beyond max allowed + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "32.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + expectedError: "spec.servingCerts.namedCertificates: Too many: 33: must have at most 32 items" + - name: Should fail when namedCertificates.names is beyond max allowed + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + servingCerts: + namedCertificates: + - names: + - "1.kas.example.com" + - names: + - "2.kas.example.com" + - names: + - "3.kas.example.com" + - names: + - "4.kas.example.com" + - names: + - "5.kas.example.com" + - names: + - "6.kas.example.com" + - names: + - "7.kas.example.com" + - names: + - "8.kas.example.com" + - names: + - "9.kas.example.com" + - names: + - "10.kas.example.com" + - names: + - "11.kas.example.com" + - names: + - "12.kas.example.com" + - names: + - "13.kas.example.com" + - names: + - "14.kas.example.com" + - names: + - "15.kas.example.com" + - names: + - "16.kas.example.com" + - names: + - "17.kas.example.com" + - names: + - "18.kas.example.com" + - names: + - "19.kas.example.com" + - names: + - "20.kas.example.com" + - names: + - "21.kas.example.com" + - names: + - "22.kas.example.com" + - names: + - "23.kas.example.com" + - names: + - "24.kas.example.com" + - names: + - "25.kas.example.com" + - names: + - "26.kas.example.com" + - names: + - "27.kas.example.com" + - names: + - "28.kas.example.com" + - names: + - "29.kas.example.com" + - names: + - "30.kas.example.com" + - names: + - "31.kas.example.com" + - names: + - "1.kas.same-names-entry.com" + - "2.kas.same-names-entry.com" + - "3.kas.same-names-entry.com" + - "4.kas.same-names-entry.com" + - "5.kas.same-names-entry.com" + - "6.kas.same-names-entry.com" + - "7.kas.same-names-entry.com" + - "8.kas.same-names-entry.com" + - "9.kas.same-names-entry.com" + - "10.kas.same-names-entry.com" + - "11.kas.same-names-entry.com" + - "12.kas.same-names-entry.com" + - "13.kas.same-names-entry.com" + - "14.kas.same-names-entry.com" + - "15.kas.same-names-entry.com" + - "16.kas.same-names-entry.com" + - "17.kas.same-names-entry.com" + - "18.kas.same-names-entry.com" + - "19.kas.same-names-entry.com" + - "20.kas.same-names-entry.com" + - "21.kas.same-names-entry.com" + - "22.kas.same-names-entry.com" + - "23.kas.same-names-entry.com" + - "24.kas.same-names-entry.com" + - "25.kas.same-names-entry.com" + - "26.kas.same-names-entry.com" + - "27.kas.same-names-entry.com" + - "28.kas.same-names-entry.com" + - "29.kas.same-names-entry.com" + - "30.kas.same-names-entry.com" + - "31.kas.same-names-entry.com" + - "32.kas.same-names-entry.com" + - "33.kas.same-names-entry.com" + - "34.kas.same-names-entry.com" + - "35.kas.same-names-entry.com" + - "36.kas.same-names-entry.com" + - "37.kas.same-names-entry.com" + - "38.kas.same-names-entry.com" + - "39.kas.same-names-entry.com" + - "40.kas.same-names-entry.com" + - "41.kas.same-names-entry.com" + - "42.kas.same-names-entry.com" + - "43.kas.same-names-entry.com" + - "44.kas.same-names-entry.com" + - "45.kas.same-names-entry.com" + - "46.kas.same-names-entry.com" + - "47.kas.same-names-entry.com" + - "48.kas.same-names-entry.com" + - "49.kas.same-names-entry.com" + - "50.kas.same-names-entry.com" + - "51.kas.same-names-entry.com" + - "52.kas.same-names-entry.com" + - "53.kas.same-names-entry.com" + - "54.kas.same-names-entry.com" + - "55.kas.same-names-entry.com" + - "56.kas.same-names-entry.com" + - "57.kas.same-names-entry.com" + - "58.kas.same-names-entry.com" + - "59.kas.same-names-entry.com" + - "60.kas.same-names-entry.com" + - "61.kas.same-names-entry.com" + - "62.kas.same-names-entry.com" + - "63.kas.same-names-entry.com" + - "64.kas.same-names-entry.com" + - "65.kas.same-names-entry.com" + expectedError: "names: Too many: 65: must have at most 64 items" diff --git a/config/v1/types_apiserver.go b/config/v1/types_apiserver.go index 38322b95d54..327ce13da38 100644 --- a/config/v1/types_apiserver.go +++ b/config/v1/types_apiserver.go @@ -155,6 +155,7 @@ type APIServerServingCerts struct { // the defaultServingCertificate will be used. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=32 NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"` } @@ -165,6 +166,7 @@ type APIServerNamedServingCert struct { // Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=64 Names []string `json:"names,omitempty"` // servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. // The secret must exist in the openshift-config namespace and contain the following required fields: diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index cac1477ec3e..b10b46c6fbe 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -270,6 +270,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -287,6 +288,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml index c5206c23cbf..44dc2924aae 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -201,6 +201,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -218,6 +219,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 894faf8468e..843984380b1 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -270,6 +270,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -287,6 +288,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 54fdb0b0551..808e11aac3f 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -270,6 +270,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -287,6 +288,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml index 1f338ed9f02..d129fc8d46b 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml @@ -201,6 +201,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -218,6 +219,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index ea605f1dc0e..a4d7c024ae7 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -270,6 +270,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -287,6 +288,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index cac1477ec3e..b10b46c6fbe 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -270,6 +270,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -287,6 +288,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml index c5206c23cbf..44dc2924aae 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -201,6 +201,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -218,6 +219,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 894faf8468e..843984380b1 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -270,6 +270,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -287,6 +288,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 54fdb0b0551..808e11aac3f 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -270,6 +270,7 @@ spec: Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. items: type: string + maxItems: 64 type: array x-kubernetes-list-type: atomic servingCertificate: @@ -287,6 +288,7 @@ spec: - name type: object type: object + maxItems: 32 type: array x-kubernetes-list-type: atomic type: object