From 2e863ab765d160242afbcaa614e550cab3cc7d2c Mon Sep 17 00:00:00 2001
From: Kensei Nakada <handbomusic@gmail.com>
Date: Wed, 24 Jul 2024 16:42:49 +0900
Subject: [PATCH] fix: allow the header based session persistence not to have
 AbsoluteTimeout

---
 apis/v1/shared_types.go                                   | 2 +-
 .../gateway.networking.k8s.io_backendlbpolicies.yaml      | 4 ++--
 .../gateway.networking.k8s.io_grpcroutes.yaml             | 8 ++++----
 .../gateway.networking.k8s.io_httproutes.yaml             | 8 ++++----
 geps/gep-1619/index.md                                    | 2 +-
 pkg/test/cel/backendlbpolicy_test.go                      | 8 ++++++++
 6 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/apis/v1/shared_types.go b/apis/v1/shared_types.go
index bed2cc8b8e..954c605428 100644
--- a/apis/v1/shared_types.go
+++ b/apis/v1/shared_types.go
@@ -745,7 +745,7 @@ const (
 )
 
 // SessionPersistence defines the desired state of SessionPersistence.
-// +kubebuilder:validation:XValidation:message="AbsoluteTimeout must be specified when cookie lifetimeType is Permanent",rule="!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)"
+// +kubebuilder:validation:XValidation:message="AbsoluteTimeout must be specified when cookie lifetimeType is Permanent",rule="!has(self.cookieConfig) || !has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)"
 type SessionPersistence struct {
 	// SessionName defines the name of the persistent session token
 	// which may be reflected in the cookie or the header. Users
diff --git a/config/crd/experimental/gateway.networking.k8s.io_backendlbpolicies.yaml b/config/crd/experimental/gateway.networking.k8s.io_backendlbpolicies.yaml
index e92593fbd3..5cc7aecb94 100644
--- a/config/crd/experimental/gateway.networking.k8s.io_backendlbpolicies.yaml
+++ b/config/crd/experimental/gateway.networking.k8s.io_backendlbpolicies.yaml
@@ -149,8 +149,8 @@ spec:
                 x-kubernetes-validations:
                 - message: AbsoluteTimeout must be specified when cookie lifetimeType
                     is Permanent
-                  rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
-                    != ''Permanent'' || has(self.absoluteTimeout)'
+                  rule: self.type == 'Header' || !has(self.cookieConfig.lifetimeType)
+                    || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)
               targetRefs:
                 description: |-
                   TargetRef identifies an API object to apply policy to.
diff --git a/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml
index a72329aa2b..1faba927c8 100644
--- a/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml
+++ b/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml
@@ -2025,8 +2025,8 @@ spec:
                       x-kubernetes-validations:
                       - message: AbsoluteTimeout must be specified when cookie lifetimeType
                           is Permanent
-                        rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
-                          != ''Permanent'' || has(self.absoluteTimeout)'
+                        rule: self.type == 'Header' || !has(self.cookieConfig.lifetimeType)
+                          || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)
                   type: object
                 maxItems: 16
                 type: array
@@ -4352,8 +4352,8 @@ spec:
                       x-kubernetes-validations:
                       - message: AbsoluteTimeout must be specified when cookie lifetimeType
                           is Permanent
-                        rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
-                          != ''Permanent'' || has(self.absoluteTimeout)'
+                        rule: self.type == 'Header' || !has(self.cookieConfig.lifetimeType)
+                          || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)
                   type: object
                 maxItems: 16
                 type: array
diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml
index 88609d2e72..f709f0e1e1 100644
--- a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml
+++ b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml
@@ -2812,8 +2812,8 @@ spec:
                       x-kubernetes-validations:
                       - message: AbsoluteTimeout must be specified when cookie lifetimeType
                           is Permanent
-                        rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
-                          != ''Permanent'' || has(self.absoluteTimeout)'
+                        rule: self.type == 'Header' || !has(self.cookieConfig.lifetimeType)
+                          || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)
                     timeouts:
                       description: |+
                         Timeouts defines the timeouts that can be configured for an HTTP request.
@@ -6043,8 +6043,8 @@ spec:
                       x-kubernetes-validations:
                       - message: AbsoluteTimeout must be specified when cookie lifetimeType
                           is Permanent
-                        rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
-                          != ''Permanent'' || has(self.absoluteTimeout)'
+                        rule: self.type == 'Header' || !has(self.cookieConfig.lifetimeType)
+                          || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)
                     timeouts:
                       description: |+
                         Timeouts defines the timeouts that can be configured for an HTTP request.
diff --git a/geps/gep-1619/index.md b/geps/gep-1619/index.md
index 52096b7752..389d0a72cf 100644
--- a/geps/gep-1619/index.md
+++ b/geps/gep-1619/index.md
@@ -487,7 +487,7 @@ type BackendLBPolicySpec struct {
 
 // SessionPersistence defines the desired state of
 // SessionPersistence.
-// +kubebuilder:validation:XValidation:rule="!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)",message="AbsoluteTimeout must be specified when cookie lifetimeType is Permanent"
+// +kubebuilder:validation:XValidation:message="AbsoluteTimeout must be specified when cookie lifetimeType is Permanent",rule="!has(self.cookieConfig) || !has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType != 'Permanent' || has(self.absoluteTimeout)"
 type SessionPersistence struct {
     // SessionName defines the name of the persistent session token
     // which may be reflected in the cookie or the header. Users
diff --git a/pkg/test/cel/backendlbpolicy_test.go b/pkg/test/cel/backendlbpolicy_test.go
index 10a1c08441..ed83b2e7f3 100644
--- a/pkg/test/cel/backendlbpolicy_test.go
+++ b/pkg/test/cel/backendlbpolicy_test.go
@@ -80,6 +80,14 @@ func TestBackendLBPolicyConfig(t *testing.T) {
 			},
 			wantErrors: []string{},
 		},
+		{
+			name: "valid BackendLBPolicyConfig header-based session persistence",
+			sessionPersistence: gatewayv1a2.SessionPersistence{
+				SessionName: ptrTo("foo"),
+				Type:        ptrTo(gatewayv1.HeaderBasedSessionPersistence),
+			},
+			wantErrors: []string{},
+		},
 	}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {