telekom
diff --git a/‎CHANGELOG.md‎
Lines changed: 12 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎admin/api/v1/zone_types.go‎
Lines changed: 10 additions & 0 deletions b/‎admin/api/v1/zone_types.go‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎admin/config/crd/bases/admin.cp.ei.telekom.de_zones.yaml‎
Lines changed: 8 additions & 0 deletions b/‎admin/config/crd/bases/admin.cp.ei.telekom.de_zones.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎admin/internal/controller/zone_controller_test.go‎
Lines changed: 1 addition & 0 deletions b/‎admin/internal/controller/zone_controller_test.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎api/internal/controller/apiexposure_controller_test.go‎
Lines changed: 3 additions & 1 deletion b/‎api/internal/controller/apiexposure_controller_test.go‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎api/internal/handler/apisubscription/handler.go‎
Lines changed: 12 additions & 1 deletion b/‎api/internal/handler/apisubscription/handler.go‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎api/internal/handler/apisubscription/validation.go‎
Lines changed: 39 additions & 1 deletion b/‎api/internal/handler/apisubscription/validation.go‎
Lines changed: 39 additions & 1 deletion
diff --git a/‎api/internal/handler/util_proxy_route_test.go‎
Lines changed: 3 additions & 1 deletion b/‎api/internal/handler/util_proxy_route_test.go‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎application/internal/controller/application_controller_test.go‎
Lines changed: 6 additions & 2 deletions b/‎application/internal/controller/application_controller_test.go‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎common-server/helm/Chart.yaml‎
Lines changed: 2 additions & 2 deletions b/‎common-server/helm/Chart.yaml‎
Lines changed: 2 additions & 2 deletions
@@ -1,3 +1,15 @@
+# [0.6.0](https://github.com/telekom/controlplane/compare/v0.5.0...v0.6.0) (2025-07-14)
+
+
+### Bug Fixes
+
+* add update_install.sh ([#70](https://github.com/telekom/controlplane/issues/70)) ([989c9fb](https://github.com/telekom/controlplane/commit/989c9fb3d351ea83133faef066a09e87bfbf9905))
+
+
+### Features
+
+* **visibility:** add Zone visibility feature ([e24a881](https://github.com/telekom/controlplane/commit/e24a8813afc43360dcb5c3657faeb5b96cf7e236))
+
 # [0.5.0](https://github.com/telekom/controlplane/compare/v0.4.0...v0.5.0) (2025-07-03)
 
 
 
@@ -10,6 +10,13 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+type ZoneVisibility string
+
+const (
+	ZoneVisibilityWorld      ZoneVisibility = "World"
+	ZoneVisibilityEnterprise ZoneVisibility = "Enterprise"
+)
+
 type RedisConfig struct {
 	Host     string `json:"host"`
 	Port     int    `json:"port"`
@@ -54,6 +61,9 @@ type ZoneSpec struct {
 	Gateway          GatewayConfig          `json:"gateway"`
 	Redis            RedisConfig            `json:"redis"`
 	TeamApis         *TeamApiConfig         `json:"teamApis,omitempty"`
+	// +kubebuilder:validation:Enum=World;Enterprise
+	// Visibility controls what subscriptions are allowed from and to this zone. It's also relevant for features like failover
+	Visibility ZoneVisibility `json:"visibility"`
 }
 
 type Links struct {
 
@@ -117,10 +117,18 @@ spec:
                 required:
                 - apis
                 type: object
+              visibility:
+                description: Visibility controls what subscriptions are allowed from
+                  and to this zone. It's also relevant for features like failover
+                enum:
+                - World
+                - Enterprise
+                type: string
             required:
             - gateway
             - identityProvider
             - redis
+            - visibility
             type: object
           status:
             description: ZoneStatus defines the observed state of Zone
 
@@ -66,6 +66,7 @@ func NewZone(name string, namespace string) *adminv1.Zone {
 					Url:  "https://test-team-api-host.de/test-team-api-v1",
 				}},
 			},
+			Visibility: adminv1.ZoneVisibilityWorld,
 		},
 	}
 }
 
@@ -31,7 +31,9 @@ func CreateZone(name string) *adminapi.Zone {
 				config.EnvironmentLabelKey: testEnvironment,
 			},
 		},
-		Spec: adminapi.ZoneSpec{},
+		Spec: adminapi.ZoneSpec{
+			Visibility: adminapi.ZoneVisibilityWorld,
+		},
 	}
 
 	err := k8sClient.Create(ctx, zone)
 
@@ -81,9 +81,20 @@ func (h *ApiSubscriptionHandler) CreateOrUpdate(ctx context.Context, apiSub *api
 			apiSub.Spec.ApiBasePath, api.Spec.BasePath)
 	}
 
+	// - validate visibility of apiExposure (WORLD, ENTERPRISE, ZONE) depending on subscription zone
+	valid, err := ApiVisibilityMustBeValid(ctx, apiExposure, apiSub)
+	if err != nil {
+		return err
+	}
+	if !valid {
+		apiSub.SetCondition(condition.NewNotReadyCondition("VisibilityConstraintViolation", "ApiExposure and ApiSubscription visibility combination is not allowed"))
+		apiSub.SetCondition(condition.NewBlockedCondition(
+			fmt.Sprintf("ApiSubscription is blocked. Subscriptions from zone '%s' are not allowed due to exposure visiblity constraints", apiSub.Spec.Zone.GetName())))
+		return nil
+	}
+
 	// TODO: further validations (currently contained in the old code)
 	// - validate if team category allows subscription of api category
-	// - validate visibility of apiExposure (WORLD, ENTERPRISE, ZONE) depending on subscription zone
 
 	// get application from cluster and get clientId from status
 	application, err := util.GetApplication(ctx, apiSub.Spec.Requestor.Application)
 
@@ -6,8 +6,9 @@ package apisubscription
 
 import (
 	"context"
-
+	"fmt"
 	"github.com/pkg/errors"
+	adminv1 "github.com/telekom/controlplane/admin/api/v1"
 	apiapi "github.com/telekom/controlplane/api/api/v1"
 	cclient "github.com/telekom/controlplane/common/pkg/client"
 	"github.com/telekom/controlplane/common/pkg/condition"
@@ -85,3 +86,40 @@ func ApiExposureMustExist(ctx context.Context, obj types.Object) (bool, *apiapi.
 
 	return true, &apiExposureList.Items[0], nil
 }
+
+func ApiVisibilityMustBeValid(ctx context.Context, apiExposure *apiapi.ApiExposure, apiSubscription *apiapi.ApiSubscription) (bool, error) {
+	scopedClient := cclient.ClientFromContextOrDie(ctx)
+	log := log.FromContext(ctx)
+
+	exposureVisibility := apiExposure.Spec.Visibility
+
+	// any subscription is valid for a WORLD exposure
+	if exposureVisibility == apiapi.VisibilityWorld {
+		return true, nil
+	}
+
+	// get the subscription zone
+	subZone := &adminv1.Zone{}
+	err := scopedClient.Get(ctx, apiSubscription.Spec.Zone.K8s(), subZone)
+	if err != nil {
+		log.Error(err, "unable to get zone", "name", apiSubscription.Spec.Zone.K8s())
+		return false, errors.Wrapf(err, "Zone '%s' not found", apiSubscription.Spec.Zone.GetName())
+	}
+
+	// only same zone
+	if exposureVisibility == apiapi.VisibilityZone {
+		if apiExposure.Spec.Zone.GetName() != subZone.GetName() {
+			log.Info(fmt.Sprintf("Exposure visibility is ZONE and it doesnt match the subscription zone '%s'", subZone.GetName()))
+			return false, nil
+		}
+	}
+
+	// only enterprise zones
+	if exposureVisibility == apiapi.VisibilityEnterprise {
+		if subZone.Spec.Visibility != adminv1.ZoneVisibilityEnterprise {
+			log.Info(fmt.Sprintf("Api is exposed with visibility '%s', but subscriptions is from zone with visibility '%s'", apiapi.VisibilityEnterprise, subZone.Spec.Visibility))
+			return false, nil
+		}
+	}
+	return true, nil
+}
@@ -31,7 +31,9 @@ func CreateZone(name string) *adminapi.Zone {
 				config.EnvironmentLabelKey: testEnvironment,
 			},
 		},
-		Spec: adminapi.ZoneSpec{},
+		Spec: adminapi.ZoneSpec{
+			Visibility: adminapi.ZoneVisibilityWorld,
+		},
 	}
 
 	err := k8sClient.Create(ctx, zone)
 
@@ -45,7 +45,9 @@ var _ = Describe("Application Controller", func() {
 						config.EnvironmentLabelKey: testEnvironment,
 					},
 				},
-				Spec: adminv1.ZoneSpec{},
+				Spec: adminv1.ZoneSpec{
+					Visibility: adminv1.ZoneVisibilityWorld,
+				},
 			}
 			Expect(k8sClient.Create(ctx, zoneA)).To(Succeed())
 
@@ -58,7 +60,9 @@ var _ = Describe("Application Controller", func() {
 						config.EnvironmentLabelKey: testEnvironment,
 					},
 				},
-				Spec: adminv1.ZoneSpec{},
+				Spec: adminv1.ZoneSpec{
+					Visibility: adminv1.ZoneVisibilityWorld,
+				},
 			}
 			Expect(k8sClient.Create(ctx, zoneB)).To(Succeed())
 
 
@@ -3,9 +3,9 @@
 # SPDX-License-Identifier: Apache-2.0
 
 apiVersion: v2
-appVersion: 0.5.0
+appVersion: 0.6.0
 description: A helm chart to deploy a generic common-server instance
 name: common-server
 type: application
-version: 0.5.0
+version: 0.6.0
 icon: https://raw.githubusercontent.com/telekom/controlplane/refs/heads/main/docs/img/Open-Telekom-Integration-Platform_Visual.svg
Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@ func NewZone(name string, namespace string) *adminv1.Zone {`
`66`	`66`	`Url: "https://test-team-api-host.de/test-team-api-v1",`
`67`	`67`	`}},`
`68`	`68`	`},`
	`69`	`+ Visibility: adminv1.ZoneVisibilityWorld,`
`69`	`70`	`},`
`70`	`71`	`}`
`71`	`72`	`}`