sdd: Re-implement with updated spec

This commit address the changes in the spec and implements the updated config

Signed-off-by: Vaishnavi Hire <vhire@redhat.com>
Assisted-by: Claude Opus 4.6

Author: VaishnaviHire

api/v1alpha1/llamastackdistribution_conversion.go

@@ -23,7 +23,6 @@ import (
 
 	v1alpha2 "github.com/llamastack/llama-stack-k8s-operator/api/v1alpha2"
 	corev1 "k8s.io/api/core/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 )
@@ -289,10 +288,9 @@ func convertToNetworkAccess(src *LlamaStackDistribution, n *v1alpha2.NetworkingS
 	}
 	hasContent := false
 	if src.Spec.Network.ExposeRoute {
-		if raw, err := json.Marshal(true); err == nil {
-			n.Expose = &apiextensionsv1.JSON{Raw: raw}
-			hasContent = true
-		}
+		enabled := true
+		n.Expose = &v1alpha2.ExposeConfig{Enabled: &enabled}
+		hasContent = true
 	}
 	if src.Spec.Network.AllowedFrom != nil {
 		n.AllowedFrom = &v1alpha2.AllowedFromSpec{
@@ -469,8 +467,7 @@ func convertFromNetworking(src *v1alpha2.LlamaStackDistribution, dst *LlamaStack
 	convertFromTLS(src, dst, n)
 
 	// Expose → ExposeRoute
-	expose, _ := parseExpose(n.Expose)
-	if expose {
+	if n.Expose != nil && n.Expose.Enabled != nil && *n.Expose.Enabled {
 		if dst.Spec.Network == nil {
 			dst.Spec.Network = &NetworkSpec{}
 		}
@@ -489,27 +486,6 @@ func convertFromNetworking(src *v1alpha2.LlamaStackDistribution, dst *LlamaStack
 	}
 }
 
-func parseExpose(raw *apiextensionsv1.JSON) (bool, string) {
-	if raw == nil || len(raw.Raw) == 0 {
-		return false, ""
-	}
-	var boolVal bool
-	if err := json.Unmarshal(raw.Raw, &boolVal); err == nil {
-		return boolVal, ""
-	}
-	var obj struct {
-		Enabled  *bool  `json:"enabled,omitempty"`
-		Hostname string `json:"hostname,omitempty"`
-	}
-	if err := json.Unmarshal(raw.Raw, &obj); err == nil {
-		if obj.Enabled != nil {
-			return *obj.Enabled, obj.Hostname
-		}
-		return true, obj.Hostname
-	}
-	return false, ""
-}
-
 func convertFromStatus(src *v1alpha2.LlamaStackDistribution, dst *LlamaStackDistribution) {
 	dst.Status.Phase = DistributionPhase(src.Status.Phase)
 	dst.Status.Version = VersionInfo{

api/v1alpha1/llamastackdistribution_conversion_test.go

@@ -17,7 +17,6 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"encoding/json"
 	"testing"
 
 	v1alpha2 "github.com/llamastack/llama-stack-k8s-operator/api/v1alpha2"
@@ -179,10 +178,8 @@ func TestConvertToV1Alpha2WithNetwork(t *testing.T) {
 
 	require.NotNil(t, dst.Spec.Networking)
 	require.NotNil(t, dst.Spec.Networking.Expose)
-
-	var exposed bool
-	require.NoError(t, json.Unmarshal(dst.Spec.Networking.Expose.Raw, &exposed))
-	assert.True(t, exposed)
+	require.NotNil(t, dst.Spec.Networking.Expose.Enabled)
+	assert.True(t, *dst.Spec.Networking.Expose.Enabled)
 
 	require.NotNil(t, dst.Spec.Networking.AllowedFrom)
 	assert.Equal(t, []string{"ns1", "ns2"}, dst.Spec.Networking.AllowedFrom.Namespaces)

api/v1alpha2/llamastackdistribution_types.go

@@ -18,7 +18,6 @@ package v1alpha2
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"sort"
 	"strings"
@@ -33,15 +32,23 @@ import (
 var llamastacklog = logf.Log.WithName("llamastackdistribution-webhook")
 
 // LlamaStackDistributionValidator validates LlamaStackDistribution resources.
-type LlamaStackDistributionValidator struct{}
+type LlamaStackDistributionValidator struct {
+	// EmbeddedDistributionNames is the list of known distribution names from
+	// the embedded distribution registry. Injected at setup time to avoid
+	// import cycles with pkg/config.
+	EmbeddedDistributionNames []string
+}
 
 var _ admission.CustomValidator = &LlamaStackDistributionValidator{}
 
 // SetupWebhookWithManager registers the validating webhook.
-func SetupWebhookWithManager(mgr ctrl.Manager) error {
+// embeddedDistNames should be the result of config.EmbeddedDistributionNames().
+func SetupWebhookWithManager(mgr ctrl.Manager, embeddedDistNames []string) error {
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(&LlamaStackDistribution{}).
-		WithValidator(&LlamaStackDistributionValidator{}).
+		WithValidator(&LlamaStackDistributionValidator{
+			EmbeddedDistributionNames: embeddedDistNames,
+		}).
 		Complete()
 }
 
@@ -55,7 +62,7 @@ func (v *LlamaStackDistributionValidator) ValidateCreate(_ context.Context, obj
 		return nil, fmt.Errorf("failed to validate: expected *LlamaStackDistribution, got %T", obj)
 	}
 	llamastacklog.Info("validating create", "name", r.Name)
-	return validate(r)
+	return v.validate(r)
 }
 
 // ValidateUpdate implements admission.CustomValidator.
@@ -65,65 +72,63 @@ func (v *LlamaStackDistributionValidator) ValidateUpdate(_ context.Context, _, n
 		return nil, fmt.Errorf("failed to validate: expected *LlamaStackDistribution, got %T", newObj)
 	}
 	llamastacklog.Info("validating update", "name", r.Name)
-	return validate(r)
+	return v.validate(r)
 }
 
 // ValidateDelete implements admission.CustomValidator.
 func (v *LlamaStackDistributionValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
-func validate(r *LlamaStackDistribution) (admission.Warnings, error) {
-	var allErrs field.ErrorList
-	var warnings admission.Warnings
-
-	if r.Spec.Providers != nil {
-		if errs := validateProviderIDUniqueness(r.Spec.Providers); len(errs) > 0 {
-			allErrs = append(allErrs, errs...)
-		}
+func (v *LlamaStackDistributionValidator) validate(r *LlamaStackDistribution) (admission.Warnings, error) {
+	allErrs := v.collectValidationErrors(r)
+	if len(allErrs) > 0 {
+		return nil, allErrs.ToAggregate()
 	}
+	return nil, nil
+}
 
-	if r.Spec.Resources != nil && r.Spec.Providers != nil {
-		if errs := validateProviderReferences(r.Spec.Resources, r.Spec.Providers); len(errs) > 0 {
-			allErrs = append(allErrs, errs...)
-		}
+func (v *LlamaStackDistributionValidator) collectValidationErrors(r *LlamaStackDistribution) field.ErrorList {
+	var allErrs field.ErrorList
+
+	if r.Spec.Distribution.Name != "" {
+		allErrs = append(allErrs, validateDistributionName(r.Spec.Distribution.Name, v.EmbeddedDistributionNames)...)
 	}
 
-	if len(r.Spec.Disabled) > 0 && r.Spec.Providers != nil {
-		if warns := checkDisabledConflicts(r.Spec.Disabled, r.Spec.Providers); len(warns) > 0 {
-			warnings = append(warnings, warns...)
-		}
+	if r.Spec.Providers != nil {
+		allErrs = append(allErrs, validateProviderIDUniqueness(r.Spec.Providers)...)
 	}
 
-	if len(allErrs) > 0 {
-		return warnings, allErrs.ToAggregate()
+	if r.Spec.Resources != nil && r.Spec.Providers != nil {
+		allErrs = append(allErrs, validateProviderReferences(r.Spec.Resources, r.Spec.Providers)...)
 	}
 
-	return warnings, nil
+	return allErrs
 }
 
+// validateProviderIDUniqueness ensures provider IDs are unique across all API types.
+// Per-slice uniqueness is handled by CEL; this validates cross-slice uniqueness.
 func validateProviderIDUniqueness(spec *ProvidersSpec) field.ErrorList {
 	var errs field.ErrorList
 	seenIDs := make(map[string]string)
 
 	fields := []struct {
-		name string
-		raw  []byte
+		name    string
+		configs []ProviderConfig
 	}{
-		{"inference", jsonRawBytes(spec.Inference)},
-		{"safety", jsonRawBytes(spec.Safety)},
-		{"vectorIo", jsonRawBytes(spec.VectorIo)},
-		{"toolRuntime", jsonRawBytes(spec.ToolRuntime)},
-		{"telemetry", jsonRawBytes(spec.Telemetry)},
+		{"inference", spec.Inference},
+		{"safety", spec.Safety},
+		{"vectorIo", spec.VectorIo},
+		{"toolRuntime", spec.ToolRuntime},
+		{"telemetry", spec.Telemetry},
 	}
 
 	for _, f := range fields {
-		if len(f.raw) == 0 {
-			continue
-		}
-
-		ids := extractProviderIDs(f.raw)
-		for _, id := range ids {
+		for _, pc := range f.configs {
+			id := pc.ID
+			if id == "" {
+				id = deriveProviderID(pc.Provider)
+			}
 			if existingAPI, exists := seenIDs[id]; exists {
 				errs = append(errs, field.Invalid(
 					field.NewPath("spec", "providers", f.name),
@@ -138,16 +143,13 @@ func validateProviderIDUniqueness(spec *ProvidersSpec) field.ErrorList {
 	return errs
 }
 
+// validateProviderReferences ensures model provider references point to configured providers.
 func validateProviderReferences(resources *ResourcesSpec, providers *ProvidersSpec) field.ErrorList {
 	var errs field.ErrorList
 
 	providerIDs := collectAllProviderIDs(providers)
 
-	for i, raw := range resources.Models {
-		var mc ModelConfig
-		if err := json.Unmarshal(raw.Raw, &mc); err != nil {
-			continue
-		}
+	for i, mc := range resources.Models {
 		if mc.Provider != "" {
 			if _, ok := providerIDs[mc.Provider]; !ok {
 				errs = append(errs, field.Invalid(
@@ -162,70 +164,30 @@ func validateProviderReferences(resources *ResourcesSpec, providers *ProvidersSp
 	return errs
 }
 
-func checkDisabledConflicts(disabled []string, providers *ProvidersSpec) admission.Warnings {
-	var warnings admission.Warnings
-
-	apiFieldMap := map[string][]byte{
-		"inference":    jsonRawBytes(providers.Inference),
-		"safety":       jsonRawBytes(providers.Safety),
-		"vector_io":    jsonRawBytes(providers.VectorIo),
-		"tool_runtime": jsonRawBytes(providers.ToolRuntime),
-		"telemetry":    jsonRawBytes(providers.Telemetry),
-	}
-
-	for _, api := range disabled {
-		if raw, ok := apiFieldMap[api]; ok && len(raw) > 0 {
-			warnings = append(warnings, fmt.Sprintf(
-				"API %q is disabled but has providers configured; disabled takes precedence and provider config will be ignored",
-				api,
-			))
-		}
-	}
-
-	return warnings
-}
-
-func jsonRawBytes(raw interface{ MarshalJSON() ([]byte, error) }) []byte {
-	if raw == nil {
+// validateDistributionName validates that distribution.name is in the embedded
+// distribution registry.
+func validateDistributionName(name string, knownNames []string) field.ErrorList {
+	if len(knownNames) == 0 {
 		return nil
 	}
-	b, err := json.Marshal(raw)
-	if err != nil || string(b) == "null" {
-		return nil
-	}
-	return b
-}
 
-func extractProviderIDs(raw []byte) []string {
-	var single struct {
-		ID       string `json:"id"`
-		Provider string `json:"provider"`
-	}
-	if err := json.Unmarshal(raw, &single); err == nil && single.Provider != "" {
-		id := single.ID
-		if id == "" {
-			id = deriveProviderID(single.Provider)
+	for _, n := range knownNames {
+		if n == name {
+			return nil
 		}
-		return []string{id}
 	}
 
-	var list []struct {
-		ID       string `json:"id"`
-		Provider string `json:"provider"`
-	}
-	if err := json.Unmarshal(raw, &list); err == nil {
-		var ids []string
-		for _, p := range list {
-			id := p.ID
-			if id == "" {
-				id = deriveProviderID(p.Provider)
-			}
-			ids = append(ids, id)
-		}
-		return ids
-	}
+	sorted := make([]string, len(knownNames))
+	copy(sorted, knownNames)
+	sort.Strings(sorted)
 
-	return nil
+	var errs field.ErrorList
+	errs = append(errs, field.Invalid(
+		field.NewPath("spec", "distribution", "name"),
+		name,
+		fmt.Sprintf("unknown distribution %q; available distributions: %s", name, strings.Join(sorted, ", ")),
+	))
+	return errs
 }
 
 // deriveProviderID strips a "remote::" or similar prefix from a provider type
@@ -239,14 +201,18 @@ func deriveProviderID(providerType string) string {
 
 func collectAllProviderIDs(spec *ProvidersSpec) map[string]bool {
 	ids := make(map[string]bool)
-	for _, raw := range [][]byte{
-		jsonRawBytes(spec.Inference),
-		jsonRawBytes(spec.Safety),
-		jsonRawBytes(spec.VectorIo),
-		jsonRawBytes(spec.ToolRuntime),
-		jsonRawBytes(spec.Telemetry),
+	for _, slice := range [][]ProviderConfig{
+		spec.Inference,
+		spec.Safety,
+		spec.VectorIo,
+		spec.ToolRuntime,
+		spec.Telemetry,
 	} {
-		for _, id := range extractProviderIDs(raw) {
+		for _, pc := range slice {
+			id := pc.ID
+			if id == "" {
+				id = deriveProviderID(pc.Provider)
+			}
 			ids[id] = true
 		}
 	}