Fix mocks function updates

Signed-off-by: melserngawy <[email protected]>

Author: serngawy

config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml

@@ -86,11 +86,11 @@ spec:
                 description: ClusterRegistryConfig represents registry config used
                   with the cluster.
                 properties:
-                  additionalTrustedCa:
+                  additionalTrustedCAs:
                     additionalProperties:
                       type: string
                     description: |-
-                      AdditionalTrustedCa containing the registry hostname as the key, and the PEM-encoded certificate as the value,
+                      AdditionalTrustedCAs containing the registry hostname as the key, and the PEM-encoded certificate as the value,
                       for each additional registry CA to trust.
                     type: object
                   allowedRegistriesForImport:
@@ -122,28 +122,30 @@ spec:
                     properties:
                       allowedRegistries:
                         description: |-
-                          AllowedRegistries: registries for which image pull and push actions are allowed.
-                          To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name.
-                          For example, *.example.com. You can specify an individual repository within a registry.
-                          For example: reg1.io/myrepo/myapp:latest. All other registries are blocked.
+                          AllowedRegistries are the registries for which image pull and push actions are allowed.
+                          To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name,
+                          For example, *.example.com.
+                          You can specify an individual repository within a registry, For example: reg1.io/myrepo/myapp:latest.
+                          All other registries are blocked.
                         items:
                           type: string
                         type: array
                       blockedRegistries:
                         description: |-
-                          BlockedRegistries: registries for which image pull and push actions are denied.
-                          To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name.
-                          For example, *.example.com. You can specify an individual repository within a registry.
-                          For example: reg1.io/myrepo/myapp:latest. All other registries are allowed.
+                          BlockedRegistries are the registries for which image pull and push actions are denied.
+                          To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name,
+                          For example, *.example.com.
+                          You can specify an individual repository within a registry, For example: reg1.io/myrepo/myapp:latest.
+                          All other registries are allowed.
                         items:
                           type: string
                         type: array
                       insecureRegistries:
                         description: |-
                           InsecureRegistries are registries which do not have a valid TLS certificate or only support HTTP connections.
-                          To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name.
-                          For example, *.example.com. You can specify an individual repository within a registry.
-                          For example: reg1.io/myrepo/myapp:latest.
+                          To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name,
+                          For example, *.example.com.
+                          You can specify an individual repository within a registry, For example: reg1.io/myrepo/myapp:latest.
                         items:
                           type: string
                         type: array

controlplane/rosa/api/v1beta2/rosacontrolplane_types.go

@@ -188,10 +188,10 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 
 // RegistryConfig for ROSA-HCP cluster
 type RegistryConfig struct {
-	// AdditionalTrustedCa containing the registry hostname as the key, and the PEM-encoded certificate as the value,
+	// AdditionalTrustedCAs containing the registry hostname as the key, and the PEM-encoded certificate as the value,
 	// for each additional registry CA to trust.
 	// +optional
-	AdditionalTrustedCa map[string]string `json:"additionalTrustedCa,omitempty"`
+	AdditionalTrustedCAs map[string]string `json:"additionalTrustedCAs,omitempty"`
 
 	// AllowedRegistriesForImport limits the container image registries that normal users may import
 	// images from. Set this list to the registries that you trust to contain valid Docker
@@ -221,24 +221,26 @@ type RegistryLocation struct {
 
 // RegistrySources contains registries configuration.
 type RegistrySources struct {
-	// AllowedRegistries: registries for which image pull and push actions are allowed.
-	// To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name.
-	// For example, *.example.com. You can specify an individual repository within a registry.
-	// For example: reg1.io/myrepo/myapp:latest. All other registries are blocked.
+	// AllowedRegistries are the registries for which image pull and push actions are allowed.
+	// To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name,
+	// For example, *.example.com.
+	// You can specify an individual repository within a registry, For example: reg1.io/myrepo/myapp:latest.
+	// All other registries are blocked.
 	// +optional
 	AllowedRegistries []string `json:"allowedRegistries,omitempty"`
 
-	// BlockedRegistries: registries for which image pull and push actions are denied.
-	// To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name.
-	// For example, *.example.com. You can specify an individual repository within a registry.
-	// For example: reg1.io/myrepo/myapp:latest. All other registries are allowed.
+	// BlockedRegistries are the registries for which image pull and push actions are denied.
+	// To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name,
+	// For example, *.example.com.
+	// You can specify an individual repository within a registry, For example: reg1.io/myrepo/myapp:latest.
+	// All other registries are allowed.
 	// +optional
 	BlockedRegistries []string `json:"blockedRegistries,omitempty"`
 
 	// InsecureRegistries are registries which do not have a valid TLS certificate or only support HTTP connections.
-	// To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name.
-	// For example, *.example.com. You can specify an individual repository within a registry.
-	// For example: reg1.io/myrepo/myapp:latest.
+	// To specify all subdomains, add the asterisk (*) wildcard character as a prefix to the domain name,
+	// For example, *.example.com.
+	// You can specify an individual repository within a registry, For example: reg1.io/myrepo/myapp:latest.
 	// +optional
 	InsecureRegistries []string `json:"insecureRegistries,omitempty"`
 }

controlplane/rosa/api/v1beta2/rosacontrolplane_webhook.go

@@ -42,6 +42,10 @@ func (r *ROSAControlPlane) ValidateCreate() (warnings admission.Warnings, err er
 		allErrs = append(allErrs, err)
 	}
 
+	if err := r.validateClusterRegistryConfig(); err != nil {
+		allErrs = append(allErrs, err)
+	}
+
 	allErrs = append(allErrs, r.validateNetwork()...)
 	allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)
 
@@ -56,6 +60,18 @@ func (r *ROSAControlPlane) ValidateCreate() (warnings admission.Warnings, err er
 	)
 }
 
+func (r *ROSAControlPlane) validateClusterRegistryConfig() *field.Error {
+	if r.Spec.ClusterRegistryConfig != nil {
+		if r.Spec.ClusterRegistryConfig.RegistrySources != nil {
+			if len(r.Spec.ClusterRegistryConfig.RegistrySources.AllowedRegistries) > 0 && len(r.Spec.ClusterRegistryConfig.RegistrySources.BlockedRegistries) > 0 {
+				return field.Invalid(field.NewPath("spec.clusterRegistryConfig.registrySources"), r.Spec.ClusterRegistryConfig.RegistrySources, "allowedRegistries and blockedRegistries are mutually exclusive fields")
+			}
+		}
+	}
+
+	return nil
+}
+
 // ValidateUpdate implements admission.Validator.
 func (r *ROSAControlPlane) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error) {
 	var allErrs field.ErrorList

controlplane/rosa/api/v1beta2/zz_generated.deepcopy.go

@@ -476,7 +476,7 @@ func (r *ROSAControlPlaneReconciler) updateOCMClusterSpec(rosaControlPlane *rosa
 		RegistrySources: &rosacontrolplanev1.RegistrySources{},
 	}
 	if rosaControlPlane.Spec.ClusterRegistryConfig != nil {
-		regConfig.AdditionalTrustedCa = rosaControlPlane.Spec.ClusterRegistryConfig.AdditionalTrustedCa
+		regConfig.AdditionalTrustedCAs = rosaControlPlane.Spec.ClusterRegistryConfig.AdditionalTrustedCAs
 		regConfig.AllowedRegistriesForImport = rosaControlPlane.Spec.ClusterRegistryConfig.AllowedRegistriesForImport
 
 		if rosaControlPlane.Spec.ClusterRegistryConfig.RegistrySources != nil {
@@ -485,8 +485,8 @@ func (r *ROSAControlPlaneReconciler) updateOCMClusterSpec(rosaControlPlane *rosa
 			regConfig.RegistrySources.InsecureRegistries = rosaControlPlane.Spec.ClusterRegistryConfig.RegistrySources.InsecureRegistries
 		}
 	}
-	if !reflect.DeepEqual(regConfig.AdditionalTrustedCa, cluster.RegistryConfig().AdditionalTrustedCa()) {
-		ocmClusterSpec.AdditionalTrustedCa = regConfig.AdditionalTrustedCa
+	if !reflect.DeepEqual(regConfig.AdditionalTrustedCAs, cluster.RegistryConfig().AdditionalTrustedCa()) {
+		ocmClusterSpec.AdditionalTrustedCa = regConfig.AdditionalTrustedCAs
 		updated = true
 	}
 	if !reflect.DeepEqual(regConfig.RegistrySources.AllowedRegistries, cluster.RegistryConfig().RegistrySources().AllowedRegistries()) {
@@ -502,21 +502,21 @@ func (r *ROSAControlPlaneReconciler) updateOCMClusterSpec(rosaControlPlane *rosa
 		updated = true
 	}
 
-	var newAllowedRegisters, oldAllowedRegisters []string
+	var newAllowedRegistries, oldAllowedRegistries []string
 	if len(regConfig.AllowedRegistriesForImport) > 0 {
 		for id := range regConfig.AllowedRegistriesForImport {
-			newAllowedRegisters = append(newAllowedRegisters, regConfig.AllowedRegistriesForImport[id].DomainName+":"+
+			newAllowedRegistries = append(newAllowedRegistries, regConfig.AllowedRegistriesForImport[id].DomainName+":"+
 				strconv.FormatBool(regConfig.AllowedRegistriesForImport[id].Insecure))
 		}
 	}
 	if len(cluster.RegistryConfig().AllowedRegistriesForImport()) > 0 {
 		for id := range cluster.RegistryConfig().AllowedRegistriesForImport() {
-			oldAllowedRegisters = append(oldAllowedRegisters, cluster.RegistryConfig().AllowedRegistriesForImport()[id].DomainName()+":"+
+			oldAllowedRegistries = append(oldAllowedRegistries, cluster.RegistryConfig().AllowedRegistriesForImport()[id].DomainName()+":"+
 				strconv.FormatBool(cluster.RegistryConfig().AllowedRegistriesForImport()[id].Insecure()))
 		}
 	}
-	if !reflect.DeepEqual(newAllowedRegisters, oldAllowedRegisters) {
-		ocmClusterSpec.AllowedRegistriesForImport = strings.Join(newAllowedRegisters, ",")
+	if !reflect.DeepEqual(newAllowedRegistries, oldAllowedRegistries) {
+		ocmClusterSpec.AllowedRegistriesForImport = strings.Join(newAllowedRegistries, ",")
 		updated = true
 	}
 
@@ -955,8 +955,8 @@ func buildOCMClusterSpec(controlPlaneSpec rosacontrolplanev1.RosaControlPlaneSpe
 
 	// Set the cluster registry config.
 	if controlPlaneSpec.ClusterRegistryConfig != nil {
-		if len(controlPlaneSpec.ClusterRegistryConfig.AdditionalTrustedCa) > 0 {
-			ocmClusterSpec.AdditionalTrustedCa = controlPlaneSpec.ClusterRegistryConfig.AdditionalTrustedCa
+		if len(controlPlaneSpec.ClusterRegistryConfig.AdditionalTrustedCAs) > 0 {
+			ocmClusterSpec.AdditionalTrustedCa = controlPlaneSpec.ClusterRegistryConfig.AdditionalTrustedCAs
 		}
 
 		if len(controlPlaneSpec.ClusterRegistryConfig.AllowedRegistriesForImport) > 0 {

controlplane/rosa/controllers/rosacontrolplane_controller.go

@@ -36,7 +36,7 @@ func TestUpdateOCMClusterSpec(t *testing.T) {
 			Spec: rosacontrolplanev1.RosaControlPlaneSpec{
 				AuditLogRoleARN: "arn:aws:iam::123456789012:role/AuditLogRole",
 				ClusterRegistryConfig: &rosacontrolplanev1.RegistryConfig{
-					AdditionalTrustedCa: map[string]string{"trusted-ca": "-----BEGIN CERTIFICATE----- testcert -----END CERTIFICATE-----"},
+					AdditionalTrustedCAs: map[string]string{"trusted-ca": "-----BEGIN CERTIFICATE----- testcert -----END CERTIFICATE-----"},
 					AllowedRegistriesForImport: []rosacontrolplanev1.RegistryLocation{
 						{DomainName: "registry1.com", Insecure: false},
 					},
@@ -91,7 +91,7 @@ func TestUpdateOCMClusterSpec(t *testing.T) {
 		rosaControlPlane := &rosacontrolplanev1.ROSAControlPlane{
 			Spec: rosacontrolplanev1.RosaControlPlaneSpec{
 				ClusterRegistryConfig: &rosacontrolplanev1.RegistryConfig{
-					AdditionalTrustedCa: map[string]string{"trusted-ca": "-----BEGIN CERTIFICATE----- testcert -----END CERTIFICATE-----"},
+					AdditionalTrustedCAs: map[string]string{"trusted-ca": "-----BEGIN CERTIFICATE----- testcert -----END CERTIFICATE-----"},
 					AllowedRegistriesForImport: []rosacontrolplanev1.RegistryLocation{
 						{DomainName: "new-registry.com", Insecure: true},
 					},
@@ -111,7 +111,7 @@ func TestUpdateOCMClusterSpec(t *testing.T) {
 			Build()
 
 		expectedOCMSpec := ocm.Spec{
-			AdditionalTrustedCa:        rosaControlPlane.Spec.ClusterRegistryConfig.AdditionalTrustedCa,
+			AdditionalTrustedCa:        rosaControlPlane.Spec.ClusterRegistryConfig.AdditionalTrustedCAs,
 			AllowedRegistriesForImport: "new-registry.com:true",
 			AllowedRegistries:          rosaControlPlane.Spec.ClusterRegistryConfig.RegistrySources.AllowedRegistries,
 		}