(feature): Add nullable property validation

[stas17]

Issue: #28

What this PR does

This PR adds validation for tracking changes to nullable fields in CRDs. The validation checks for two scenarios:

1. When a field becomes nullable (adding nullable: true property)
2. When a field stops being nullable (removing nullable: true property or setting it to false)

Rationale

Similar to type changes, modifying the nullable property of a field is a potentially breaking change for existing users of the CRD. This change can affect validating webhooks, controllers, and other components that depend on the CRD schema.

Changes

• Added new nullable validation in pkg/validations/property/nullable.go
• Implemented tests for the validation in pkg/validations/property/nullable_test.go
• Added validation registration to the default registry
• Added e2e tests:
  • test/nullablefieldadded - verifies transition from non-nullable to nullable field
  • test/nullablefieldremoved - verifies transition from nullable to non-nullable field

Configuration

The validation supports a toNullablePolicy:

• Disallow (default) - any change to nullable will be flagged as an error
• Allow - permits making fields nullable

Example configuration:

validations:
- name: nullable
  enforcement: Error
  configuration:
    toNullablePolicy: Allow

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: stas17 / name: stas (62d22ef)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: stas17
Once this PR has been reviewed and has the lgtm label, please assign jpbetz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Welcome @stas17!

It looks like this is your first PR to kubernetes-sigs/crdify 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/crdify has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[everettraven]

Thanks @stas17 for taking this work on and creating this PR!

Overall this looks pretty good to me - just a couple comments.

[everettraven]

This description makes it sound like there are a lot of potential changes that can be made to the nullable constraint of a property, where a majority of those are likely non-breaking, which doesn't seem to be true here.

As far as I know, a property is either nullable or it is not nullable. The change from non-nullable -> nullable is probably OK as it is less restrictive (maybe @JoelSpeed has some thoughts here?), but nullable -> non-nullable is a more restrictive change and is breaking (any clients that expect to be able to set the value of the property to null no longer can).

[everettraven]

What do you think of making this something like nullableChangePolicy with the only allowed values being None and AllowChangeToNullable?

I think this might get us a bit more descriptive options than Allow and Disallow that can be used here.

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle stale
• Close this PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale