feat: update refreshInterval in globalcontext CRD to use a duration (k…

…yverno#9615)

api/kyverno/v2alpha1/global_context_entry_types.go

@@ -16,6 +16,8 @@ limitations under the License.
 package v2alpha1
 
 import (
+	"time"
+
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -78,7 +80,10 @@ func (c *GlobalContextEntrySpec) IsResource() bool {
 // Validate implements programmatic validation
 func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorList) {
 	if c.IsResource() && c.IsAPICall() {
-		errs = append(errs, field.Forbidden(path.Child("resource"), "An External API Call entry requires a url"))
+		errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should be either have KubernetesResource or APICall"))
+	}
+	if !c.IsResource() && !c.IsAPICall() {
+		errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should be either have KubernetesResource or APICall"))
 	}
 	if c.IsResource() {
 		errs = append(errs, c.KubernetesResource.Validate(path.Child("resource"))...)
@@ -115,32 +120,33 @@ type KubernetesResource struct {
 // Validate implements programmatic validation
 func (k *KubernetesResource) Validate(path *field.Path) (errs field.ErrorList) {
 	if k.Group == "" {
-		errs = append(errs, field.Required(path.Child("group"), "An Resource entry requires a group"))
+		errs = append(errs, field.Required(path.Child("group"), "A Resource entry requires a group"))
 	}
 	if k.Version == "" {
-		errs = append(errs, field.Required(path.Child("version"), "An Resource entry requires a version"))
+		errs = append(errs, field.Required(path.Child("version"), "A Resource entry requires a version"))
 	}
 	if k.Resource == "" {
-		errs = append(errs, field.Required(path.Child("resource"), "An Resource entry requires a resource"))
+		errs = append(errs, field.Required(path.Child("resource"), "A Resource entry requires a resource"))
 	}
 	return errs
 }
 
 // ExternalAPICall stores infos about API call that should be cached
 type ExternalAPICall struct {
 	kyvernov1.APICall `json:",inline,omitempty"`
-	// RefreshIntervalSeconds defines the interval at which to poll the APICall
-	// +kubebuilder:default=0
-	RefreshIntervalSeconds int64 `json:"refreshIntervalSeconds,omitempty"`
+	// RefreshInterval defines the interval in duration at which to poll the APICall
+	// +kubebuilder:validation:Format=duration
+	// +kubebuilder:default=`10m`
+	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`
 }
 
 // Validate implements programmatic validation
 func (e *ExternalAPICall) Validate(path *field.Path) (errs field.ErrorList) {
 	if e.Service.URL == "" {
 		errs = append(errs, field.Required(path.Child("url"), "An External API Call entry requires a url"))
 	}
-	if e.RefreshIntervalSeconds <= 0 {
-		errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "An Resource entry requires a refresh interval greater than 0 seconds"))
+	if e.RefreshInterval.Duration == 0*time.Second {
+		errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "A Resource entry requires a refresh interval greater than 0 seconds"))
 	}
 	return errs
 }

charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_globalcontextentries.yaml

@@ -77,12 +77,12 @@ spec:
                     - GET
                     - POST
                     type: string
-                  refreshIntervalSeconds:
-                    default: 0
-                    description: RefreshIntervalSeconds defines the interval at which
-                      to poll the APICall
-                    format: int64
-                    type: integer
+                  refreshInterval:
+                    default: 10m
+                    description: RefreshInterval defines the interval in duration
+                      at which to poll the APICall
+                    format: duration
+                    type: string
                   service:
                     description: Service is an API call to a JSON web service
                     properties:

config/crds/kyverno/kyverno.io_globalcontextentries.yaml

@@ -71,12 +71,12 @@ spec:
                     - GET
                     - POST
                     type: string
-                  refreshIntervalSeconds:
-                    default: 0
-                    description: RefreshIntervalSeconds defines the interval at which
-                      to poll the APICall
-                    format: int64
-                    type: integer
+                  refreshInterval:
+                    default: 10m
+                    description: RefreshInterval defines the interval in duration
+                      at which to poll the APICall
+                    format: duration
+                    type: string
                   service:
                     description: Service is an API call to a JSON web service
                     properties:

config/install-latest-testing.yaml

@@ -28218,12 +28218,12 @@ spec:
                     - GET
                     - POST
                     type: string
-                  refreshIntervalSeconds:
-                    default: 0
-                    description: RefreshIntervalSeconds defines the interval at which
-                      to poll the APICall
-                    format: int64
-                    type: integer
+                  refreshInterval:
+                    default: 10m
+                    description: RefreshInterval defines the interval in duration
+                      at which to poll the APICall
+                    format: duration
+                    type: string
                   service:
                     description: Service is an API call to a JSON web service
                     properties:

docs/user/crd/index.html

@@ -8011,13 +8011,15 @@ <h3 id="kyverno.io/v2alpha1.ExternalAPICall">ExternalAPICall
 </tr>
 <tr>
 <td>
-<code>refreshIntervalSeconds</code><br/>
+<code>refreshInterval</code><br/>
 <em>
-int64
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
 </em>
 </td>
 <td>
-<p>RefreshIntervalSeconds defines the interval at which to poll the APICall</p>
+<p>RefreshInterval defines the interval in duration at which to poll the APICall</p>
 </td>
 </tr>
 </tbody>

pkg/controllers/globalcontext/controller.go

@@ -2,7 +2,6 @@ package globalcontext
 
 import (
 	"context"
-	"errors"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -88,12 +87,8 @@ func (c *controller) getEntry(name string) (*kyvernov2alpha1.GlobalContextEntry,
 
 func (c *controller) makeStoreEntry(ctx context.Context, gce *kyvernov2alpha1.GlobalContextEntry) (store.Entry, error) {
 	// TODO: should be done at validation time
-	if gce.Spec.KubernetesResource == nil && gce.Spec.APICall == nil {
-		return nil, errors.New("global context entry neither has K8sResource nor APICall")
-	}
-	// TODO: should be done at validation time
-	if gce.Spec.KubernetesResource != nil && gce.Spec.APICall != nil {
-		return nil, errors.New("global context entry has both K8sResource and APICall")
+	if err := gce.Validate(); err != nil {
+		return nil, err.ToAggregate()
 	}
 	if gce.Spec.KubernetesResource != nil {
 		gvr := schema.GroupVersionResource{
@@ -103,5 +98,5 @@ func (c *controller) makeStoreEntry(ctx context.Context, gce *kyvernov2alpha1.Gl
 		}
 		return k8sresource.New(ctx, c.dclient.GetDynamicInterface(), gvr, gce.Spec.KubernetesResource.Namespace)
 	}
-	return externalapi.New(ctx, logger, adapters.Client(c.dclient), gce.Spec.APICall.APICall, time.Duration(gce.Spec.APICall.RefreshIntervalSeconds))
+	return externalapi.New(ctx, logger, adapters.Client(c.dclient), gce.Spec.APICall.APICall, gce.Spec.APICall.RefreshInterval.Duration)
 }