Refactor codes

Signed-off-by: Huang Xin <[email protected]>

Author: Huang Xin

apis/v1beta1/util/validation/gateway.go

@@ -0,0 +1,41 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import gatewayv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
+
+// ContainsInProtocolSlice checks whether the provided Protocol
+// is in the target Protocol slice.
+func ContainsInProtocolSlice(items []gatewayv1b1.ProtocolType, item *gatewayv1b1.ProtocolType) bool {
+	for _, eachItem := range items {
+		if eachItem == *item {
+			return true
+		}
+	}
+	return false
+}
+
+// ContainsInPortSlice checks whether the provided Port
+// is in the target Port slice.
+func ContainsInPortSlice(items []gatewayv1b1.PortNumber, item *gatewayv1b1.PortNumber) bool {
+	for _, eachItem := range items {
+		if eachItem == *item {
+			return true
+		}
+	}
+	return false
+}

apis/v1beta1/validation/gateway.go

@@ -22,6 +22,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
 	gatewayv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
+	utils "sigs.k8s.io/gateway-api/apis/v1beta1/util/validation"
 )
 
 var (
@@ -62,6 +63,8 @@ func validateGatewayListeners(listeners []gatewayv1b1.Listener, path *field.Path
 	var errs field.ErrorList
 	errs = append(errs, validateListenerTLSConfig(listeners, path)...)
 	errs = append(errs, validateListenerHostname(listeners, path)...)
+	errs = append(errs, ValidateTLSCertificateRefs(listeners, path)...)
+	errs = append(errs, ValidateHostnameProtocolPort(listeners, path)...)
 	return errs
 }
 
@@ -91,3 +94,56 @@ func validateListenerHostname(listeners []gatewayv1b1.Listener, path *field.Path
 	}
 	return errs
 }
+
+// ValidateTLSCertificateRefs validates the certificateRefs
+// must be set and not empty when tls config is set and
+// TLSModeType is terminate
+func ValidateTLSCertificateRefs(listeners []gatewayv1b1.Listener, path *field.Path) field.ErrorList {
+	var errs field.ErrorList
+	for i, c := range listeners {
+		if isProtocolInSubset(c.Protocol, protocolsTLSRequired) && c.TLS != nil {
+			if *c.TLS.Mode == gatewayv1b1.TLSModeTerminate && len(c.TLS.CertificateRefs) == 0 {
+				errs = append(errs, field.Forbidden(path.Index(i).Child("tls").Child("certificateRefs"), fmt.Sprintln("should be set and not empty when TLSModeType is Terminate")))
+			}
+		}
+	}
+	return errs
+}
+
+
+// validateHostnameProtocolPort validates listener protocols or ports
+// must be different for the same hostname
+func ValidateHostnameProtocolPort(listeners []gatewayv1b1.Listener, path *field.Path) field.ErrorList {
+	var errs field.ErrorList
+	hostnameProtocolMap := make(map[gatewayv1b1.Hostname][]gatewayv1b1.ProtocolType)
+	hostnamePortMap := make(map[gatewayv1b1.Hostname][]gatewayv1b1.PortNumber)
+	for i, listener := range listeners {
+		targetHostname := *new(gatewayv1b1.Hostname)
+		if listener.Hostname != nil {
+			targetHostname = *listener.Hostname
+		}
+		if len(listener.Protocol) == 0 && listener.Port == 0 {
+			errs = append(errs, field.Forbidden(path.Index(i).Child("hostname"), fmt.Sprintf("Protocol and Port should not all be empty for the same Hostname: %s", targetHostname)))
+			return errs
+		}
+		if len(listener.Protocol) != 0 {
+			if protocolSlice, ok := hostnameProtocolMap[targetHostname]; ok {
+				if utils.ContainsInProtocolSlice(protocolSlice, &listener.Protocol) {
+					errs = append(errs, field.Forbidden(path.Index(i).Child("protocol"), fmt.Sprintf("must be different for the same Hostname: %s", targetHostname)))
+					return errs
+				}
+			}
+			hostnameProtocolMap[targetHostname] = append(hostnameProtocolMap[targetHostname], listener.Protocol) 
+		}
+		if listener.Port != 0 {
+			if portSlice, ok := hostnamePortMap[targetHostname]; ok {
+				if utils.ContainsInPortSlice(portSlice, &listener.Port) {
+					errs = append(errs, field.Forbidden(path.Index(i).Child("port"), fmt.Sprintf("must be different for the same Hostname: %s", targetHostname)))
+					return errs
+				}
+			}
+			hostnamePortMap[targetHostname] = append(hostnamePortMap[targetHostname], listener.Port)
+		}
+	}
+	return errs
+}

apis/v1beta1/validation/gateway_test.go

@@ -29,9 +29,6 @@ func TestValidateGateway(t *testing.T) {
 		{
 			Hostname: nil,
 		},
-		{
-			Hostname: nil,
-		},
 	}
 	addresses := []gatewayv1b1.GatewayAddress{
 		{
@@ -159,16 +156,16 @@ func TestValidateGateway(t *testing.T) {
 			expectErrsOnFields: []string{"spec.listeners[1].protocol"},
 		},
 		"port is not unique in hostname": {
+		"ports are not different for the same hostname": {
 			mutate: func(gw *gatewayv1b1.Gateway) {
-				hostname := gatewayv1b1.Hostname("foo.bar.com")
-				gw.Spec.Listeners[0].Hostname = &hostname
-				gw.Spec.Listeners[0].Protocol = gatewayv1b1.HTTPProtocolType
-				gw.Spec.Listeners[0].Port = gatewayv1b1.PortNumber(80)
-				gw.Spec.Listeners[1].Hostname = &hostname
-				gw.Spec.Listeners[1].Protocol = gatewayv1b1.HTTPSProtocolType
-				gw.Spec.Listeners[1].Port = gatewayv1b1.PortNumber(80)
+				moreListeners := []gatewayv1b1.Listener {
+					{
+						Hostname: nil,
+					},
+				}
+				gw.Spec.Listeners = append(gw.Spec.Listeners, moreListeners...)
 			},
-			expectErrsOnFields: []string{"spec.listeners[1].port"},
+			expectErrsOnFields: []string{"spec.listeners[0].hostname"},
 		},
 	}