From a45ef798b1d604a933c9048a52d79f9575430627 Mon Sep 17 00:00:00 2001
From: Harold Ozouf <harold.ozouf@gmail.com>
Date: Tue, 30 Apr 2024 16:16:04 +0200
Subject: [PATCH] fix: rename trustedDomains into trustedURLs

---
 pkg/apis/hub/v1alpha1/api_portal.go           |  7 ++--
 .../crd/hub.traefik.io_apiportals.yaml        | 13 ++++---
 .../hub/v1alpha1/zz_generated.deepcopy.go     |  4 +--
 pkg/validation/v1alpha1/portal_test.go        | 34 +++++++++++++------
 4 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/pkg/apis/hub/v1alpha1/api_portal.go b/pkg/apis/hub/v1alpha1/api_portal.go
index 6ba6216..a11a38c 100644
--- a/pkg/apis/hub/v1alpha1/api_portal.go
+++ b/pkg/apis/hub/v1alpha1/api_portal.go
@@ -49,10 +49,11 @@ type APIPortalSpec struct {
 	// +optional
 	Description string `json:"description,omitempty"`
 
-	// TrustedDomains are the domains that are trusted by the OAuth 2.0 authorization server.
+	// TrustedURLs are the urls that are trusted by the OAuth 2.0 authorization server.
 	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=20
-	TrustedDomains []string `json:"trustedDomains"`
+	// +kubebuilder:validation:MaxItems=1
+	// +kubebuilder:validation:XValidation:message="must be a valid URLs",rule="self.all(x, isURL(x))"
+	TrustedURLs []string `json:"trustedUrls"`
 
 	// UI holds the UI customization options.
 	// +optional
diff --git a/pkg/apis/hub/v1alpha1/crd/hub.traefik.io_apiportals.yaml b/pkg/apis/hub/v1alpha1/crd/hub.traefik.io_apiportals.yaml
index e04bb19..8a82367 100644
--- a/pkg/apis/hub/v1alpha1/crd/hub.traefik.io_apiportals.yaml
+++ b/pkg/apis/hub/v1alpha1/crd/hub.traefik.io_apiportals.yaml
@@ -45,14 +45,17 @@ spec:
               title:
                 description: Title is the public facing name of the APIPortal.
                 type: string
-              trustedDomains:
-                description: TrustedDomains are the domains that are trusted by the
-                  OAuth 2.0 authorization server.
+              trustedUrls:
+                description: TrustedURLs are the urls that are trusted by the OAuth
+                  2.0 authorization server.
                 items:
                   type: string
-                maxItems: 20
+                maxItems: 1
                 minItems: 1
                 type: array
+                x-kubernetes-validations:
+                - message: must be a valid URLs
+                  rule: self.all(x, isURL(x))
               ui:
                 description: UI holds the UI customization options.
                 properties:
@@ -61,7 +64,7 @@ spec:
                     type: string
                 type: object
             required:
-            - trustedDomains
+            - trustedUrls
             type: object
           status:
             description: The current status of this APIPortal.
diff --git a/pkg/apis/hub/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/hub/v1alpha1/zz_generated.deepcopy.go
index 4b67bda..de299b0 100644
--- a/pkg/apis/hub/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/hub/v1alpha1/zz_generated.deepcopy.go
@@ -272,8 +272,8 @@ func (in *APIPortalList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *APIPortalSpec) DeepCopyInto(out *APIPortalSpec) {
 	*out = *in
-	if in.TrustedDomains != nil {
-		in, out := &in.TrustedDomains, &out.TrustedDomains
+	if in.TrustedURLs != nil {
+		in, out := &in.TrustedURLs, &out.TrustedURLs
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
diff --git a/pkg/validation/v1alpha1/portal_test.go b/pkg/validation/v1alpha1/portal_test.go
index 97e3a52..acd18bf 100644
--- a/pkg/validation/v1alpha1/portal_test.go
+++ b/pkg/validation/v1alpha1/portal_test.go
@@ -36,7 +36,7 @@ metadata:
   name: my-portal
   namespace: default
 spec:
-  trustedDomains: ["example.com"]`),
+  trustedUrls: ["https://example.com"]`),
 		},
 		{
 			desc: "valid: full",
@@ -49,7 +49,7 @@ metadata:
 spec:
   title: title
   description: description
-  trustedDomains: ["example.com"]
+  trustedUrls: ["https://example.com"]
   ui:
     logoUrl: https://example.com/logo.png
   `),
@@ -62,7 +62,7 @@ kind: APIPortal
 metadata:
   name: my-portal
 spec:
-  trustedDomains: ["example.com"]`),
+  trustedUrls: ["https://example.com"]`),
 			wantErrs: field.ErrorList{{Type: field.ErrorTypeRequired, Field: "metadata.namespace", BadValue: ""}},
 		},
 		{
@@ -74,7 +74,7 @@ metadata:
   name: .non-dns-compliant-portal
   namespace: default
 spec:
-  trustedDomains: ["example.com"]`),
+  trustedUrls: ["https://example.com"]`),
 			wantErrs: field.ErrorList{{Type: field.ErrorTypeInvalid, Field: "metadata.name", BadValue: ".non-dns-compliant-portal", Detail: "a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')"}},
 		},
 		{
@@ -86,7 +86,7 @@ metadata:
   name: ""
   namespace: default
 spec:
-  trustedDomains: ["example.com"]`),
+  trustedUrls: ["https://example.com"]`),
 			wantErrs: field.ErrorList{{Type: field.ErrorTypeRequired, Field: "metadata.name", BadValue: "", Detail: "name or generateName is required"}},
 		},
 		{
@@ -98,11 +98,11 @@ metadata:
   name: portal-with-a-way-toooooooooooooooooooooooooooooooooooooo-long-name
   namespace: default
 spec:
-  trustedDomains: ["example.com"]`),
+  trustedUrls: ["https://example.com"]`),
 			wantErrs: field.ErrorList{{Type: field.ErrorTypeInvalid, Field: "metadata.name", BadValue: "portal-with-a-way-toooooooooooooooooooooooooooooooooooooo-long-name", Detail: "must be no more than 63 characters"}},
 		},
 		{
-			desc: "missing trustedDomains",
+			desc: "missing trustedUrls",
 			manifest: []byte(`
 apiVersion: hub.traefik.io/v1alpha1
 kind: APIPortal
@@ -110,10 +110,10 @@ metadata:
   name: my-portal
   namespace: default
 spec: {}`),
-			wantErrs: field.ErrorList{{Type: field.ErrorTypeRequired, Field: "spec.trustedDomains", BadValue: ""}},
+			wantErrs: field.ErrorList{{Type: field.ErrorTypeRequired, Field: "spec.trustedUrls", BadValue: ""}},
 		},
 		{
-			desc: "empty trustedDomains",
+			desc: "empty trustedUrls",
 			manifest: []byte(`
 apiVersion: hub.traefik.io/v1alpha1
 kind: APIPortal
@@ -121,8 +121,20 @@ metadata:
   name: my-portal
   namespace: default
 spec:
-  trustedDomains: []`),
-			wantErrs: field.ErrorList{{Type: field.ErrorTypeInvalid, Field: "spec.trustedDomains", BadValue: int64(0), Detail: "spec.trustedDomains in body should have at least 1 items"}},
+  trustedUrls: []`),
+			wantErrs: field.ErrorList{{Type: field.ErrorTypeInvalid, Field: "spec.trustedUrls", BadValue: int64(0), Detail: "spec.trustedUrls in body should have at least 1 items"}},
+		},
+		{
+			desc: "too many trustedUrls",
+			manifest: []byte(`
+apiVersion: hub.traefik.io/v1alpha1
+kind: APIPortal
+metadata:
+  name: my-portal
+  namespace: default
+spec:
+  trustedUrls: ["https://example.com", https://another.example.com]`),
+			wantErrs: field.ErrorList{{Type: field.ErrorTypeTooMany, Field: "spec.trustedUrls", BadValue: 2, Detail: "must have at most 1 items"}},
 		},
 	}