Module validate 

Cross-field validation the type system can’t express (ADR §2.2 principle 8).

These are the rules a single struct’s types can’t enforce: “field X is forbidden only when sibling Y has a particular variant,” “this string must parse as a cron,” “a discovered backup may only Retain.” They live here as pure functions so the webhook calls them at admission and the controller calls them defensively — one validator, two callers (SKILL hard-rule 4). No kube::Client, no tokio.

Fail-fast vs. accumulate (see crate::error)

Single-rule helpers return ValidationResult (fail-fast — first problem). The per-CRD aggregate validators (validate_backup_config, …) return Vec<ValidationError> so a user sees every independent problem in one apply. An empty vec means valid.

Functions

validate_backup

Validate a Backup spec for a given origin, accumulating all problems.

validate_backup_config

Validate a BackupConfig spec, accumulating all problems.

validate_backup_deletion_policy

A Backup’s deletionPolicy is legal for its origin (ADR §4.5).

validate_backup_schedule

Validate a BackupSchedule spec, accumulating all problems.

validate_cluster_repository

Validate a ClusterRepository spec, accumulating all problems (ADR §3.2).

validate_consumer_against_cluster_repo

A consumer namespace is permitted by a ClusterRepository’s tenancy gate (ADR §3.2/§4.3).

validate_cron

A cron expression parses with the same parser the controller uses at runtime, so bad expressions are rejected at apply time, not at first reconcile (ADR §4.1).

validate_maintenance

Validate a Maintenance spec, accumulating all problems (ADR §3.7).

validate_repository

Validate a Repository spec, accumulating all problems (ADR §3.1).

validate_repository_maintenance

Validate a spec.maintenance block on a Repository/ClusterRepository, accumulating problems (ADR §3.7):

validate_repository_no_inline_retention

A Repository spec does not carry kopia-side (repo-level) retention policy, which would conflict with CR-driven GFS retention (ADR §4.4 exclusivity).

validate_repository_ref

A RepositoryRef is well-formed: a ClusterRepository reference is by name only, so namespace MUST be absent (ADR §3.2/§3.3). A namespaced Repository reference may carry a namespace (cross-namespace references are allowed).

validate_restore

A Restore spec is internally consistent (ADR §3.6/§4.6).

validate_restore_spec

Validate a Restore spec, accumulating all problems (wraps the fail-fast validate_restore for caller symmetry).

validate_source

A single backup Source is well-formed: pvc and pvcSelector are mutually exclusive, and at least one must be set (ADR §3.3 — modeled as sibling Options because both forms share sourcePath* keys, so it’s a webhook check, not an enum).