Merge pull request #110330 from DangerOnTheRanger/cel-e2e

Add additional CRD validation E2E tests
2025-07-21 10:51:29 +00:00 · 2022-06-22 17:03:43 -07:00 · 2022-06-22 17:03:43 -07:00 · e64852fcad
commit e64852fcad
parent 1d81106534 192aea7119
1 changed files with 55 additions and 0 deletions
--- a/test/e2e/apimachinery/crd_validation_rules.go
+++ b/test/e2e/apimachinery/crd_validation_rules.go
@ -168,4 +168,59 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp
 			framework.Failf("expect error contains %q, got %q", expectedErrMsg, err.Error())
 		}
 	})
+
+	ginkgo.It("MUST fail create of a custom resource definition that contains an x-kubernetes-validations rule that contains a syntax error", func() {
+		ginkgo.By("Defining a custom resource definition that contains a validation rule with a syntax error")
+		var schemaWithSyntaxErrorRule = unmarshallSchema([]byte(`{
+		   "type":"object",
+		   "properties":{
+		      "spec":{
+			    "type":"object",
+				"x-kubernetes-validations":[
+				  { "rule":"self = 42" }
+				]
+			  }
+			}
+		}`))
+		crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithSyntaxErrorRule, false)
+		_, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient)
+		framework.ExpectError(err, "creating a CustomResourceDefinition with a validation rule that contains a syntax error")
+		expectedErrMsg := "Syntax error"
+		if !strings.Contains(err.Error(), expectedErrMsg) {
+			framework.Failf("expected error message to contain %q, got %q", expectedErrMsg, err.Error())
+		}
+	})
+
+	ginkgo.It("MUST fail create of a custom resource definition that contains an x-kubernetes-validations rule that exceeds the estimated cost limit", func() {
+		ginkgo.By("Defining a custom resource definition that contains a validation rule that exceeds the cost limit")
+		var schemaWithExpensiveRule = unmarshallSchema([]byte(`{
+		   "type":"object",
+		   "properties":{
+			  "spec":{
+			    "type":"object",
+			    "properties":{
+				  "x":{
+				    "type":"array",
+				    "items":{
+				      "type":"array",
+					  "items":{
+					    "type":"string"
+					  },
+					  "x-kubernetes-validations":[
+					    { "rule":"self.all(s, s == 'string constant')" }
+					  ]
+				    }
+				  }
+			    }
+			  }
+		    }
+		}`))
+		crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithExpensiveRule, false)
+		_, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient)
+		framework.ExpectError(err, "creating a CustomResourceDefinition with a validation rule that exceeds the cost limit")
+		expectedErrMsg := "exceeds budget"
+		if !strings.Contains(err.Error(), expectedErrMsg) {
+			framework.Failf("expected error message to contain %q, got %q", expectedErrMsg, err.Error())
+		}
+	})
 })