UNCLASSIFIED - NO CUI

Skip to content

Implement CEL Validation Rules for Redfish with Comprehensive Testing

User Story:

As a platform engineer, I want CEL validation rules for Redfish with comprehensive testing so that complex cross-field validations are enforced at the API level.

Problem Statement:

CRDs lack advanced validation rules for complex constraints like mutual exclusivity, conditional requirements, and cross-field dependencies that cannot be expressed with basic OpenAPI schemas.

Acceptance Criteria:

  • CEL validation rules defined for network CIDR range validation
  • CEL rules for mutually exclusive field combinations
  • CEL rules for conditional field requirements
  • CEL rules for resource limit validations
  • CEL rules for string pattern matching beyond regex
  • Pass test scenarios created for all validation rules
  • Fail test scenarios demonstrating each validation error
  • Pre-commit hook validates CEL expressions syntax
  • Testing framework for CEL rule validation
  • Clear error messages defined for each CEL rule

Implementation Details:

Files to Modify:

  • containers/bigbangedge/config/crd/bases/*.yaml - Add x-kubernetes-validations sections
  • tests/cel/ - CEL validation test suite
  • tests/cel/pass/ - Valid configuration examples
  • tests/cel/fail/ - Invalid configuration examples
  • .pre-commit-config.yaml - Add CEL syntax validation
  • scripts/validate-cel.sh - CEL validation script
  • docs/cel-validation-rules.md - Documentation of all rules

Dependencies:

  • Kubernetes 1.25+ for CEL support
  • kubectl for dry-run validation testing
  • yq for YAML manipulation
  • pre-commit framework

Files:

  • containers/bigbangedge/config/crd/bases/components.bootstrap.edgecompute.platformone.io_redfish.yaml

Also, cross-reference with the corresponding files in edgeops-component-framework

Additional Notes:

CEL rules should validate: IP ranges don't overlap, resource requests don't exceed limits, required fields are present when certain features are enabled, enum values are valid for the context, and complex nested structures maintain consistency. Each rule needs pass/fail test cases and performance should be tested with large CRD instances.

NOTE: If this is selected as a candidate for development, break this story out into individual child tasks.

Edited by Lam Do

UNCLASSIFIED - NO CUI