upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-06-10 01:14:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg/apis/core/validation
History
Jaegoo 2a0a95c811
Migrate secret type immutable (#136886) 
* Wire up Secret for declarative validation

* Migrate Secret.Type to declarative immutable validation

* Add +k8s:optional tag to Secret.Type field

* Add TestDeclarativeValidate test for CREATE flow

* Add immutability test cases for unset->set and set->unset

* Fix ValidateDeclarativelyWithMigrationChecks call to include DeclarativeValidationConfig

* Fix double declarative validation by removing manual ValidateDeclarativelyWithMigrationChecks calls

The secret strategy embedded rest.DeclarativeValidation (which implements
DeclarativeValidationStrategy) but also called ValidateDeclarativelyWithMigrationChecks
directly inside Validate and ValidateUpdate. The REST handler and test framework
call ValidateDeclaratively separately after Validate/ValidateUpdate, causing
double execution that broke the AllDeclarativeEnforced test scenario.

Fix by returning only handwritten errors from Validate/ValidateUpdate, matching
the pattern used by csiDriverStrategy and other correctly-migrated strategies.

* Use alpha stability level for +k8s:immutable on Secret.Type

The validation-gen tool enforces that Beta-level tags cannot be used in
Stable validation. Change +k8s:immutable to
+k8s:alpha(since: "1.36")=+k8s:immutable to match other stable-API fields.
Regenerate zz_generated.validations.go and update test expected errors
with .MarkAlpha() accordingly.

* Update alpha stability level version from 1.36 to 1.37

Update +k8s:alpha(since: "1.36") annotations to 1.37 in types.go
and generated.proto for Secret.Type immutability and ReplicationController
declarative validation tags.

* Regenerate zz_generated.validations.go after rebase

Rebase onto latest master brought in validation-gen changes that add
.MarkShortCircuit() to immutable and optional field validations.

* Add generated declarative validation test files for Secret

validation-gen generates test/declarative_validation/core/secret/
as part of Secret declarative validation wiring.

* Add declarative validation coverage test for Secret.type immutability

The coverage checker requires all registered validation rules to be
exercised by tests. Add a test that triggers the immutable validation
error for Secret.type to satisfy coverage for the generated rule:
  v1, Kind=Secret: type FieldValueInvalid origin="immutable"

* Move Secret declarative validation tests to test/declarative_validation

Move all test cases from pkg/registry/core/secret/declarative_validation_test.go
to test/declarative_validation/core/secret/declarative_validation_test.go
per #138872, and remove the original file.

* Revert ReplicationController alpha tags from 1.37 back to 1.36

The since: "1.36" tags on ReplicationController fields track when those
tags were originally added (v1.36) and should not have been changed.
Only the newly added Secret.Type immutable tag targets 1.37.
2026-06-10 05:59:45 +05:30
..
doc.go remove import doc comments 2024-12-02 16:59:34 +01:00
events.go Tolerate sub-microsecond eventTime changes on update 2022-09-01 15:47:37 -04:00
events_test.go Tolerate sub-microsecond eventTime changes on update 2022-09-01 15:47:37 -04:00
names.go Pod Certificates: Basic implementation 2025-07-21 21:49:57 +00:00
names_test.go Pod Certificates: Basic implementation 2025-07-21 21:49:57 +00:00
OWNERS lavalamp is taking a long break 2023-05-11 16:43:38 +00:00
validation.go Migrate secret type immutable (#136886) 2026-06-10 05:59:45 +05:30
validation_test.go KEP-4427: Remove RelaxedDNSSearchValidation feature gate 2026-05-24 10:21:22 +02:00