diff --git a/exp/api/v1beta1/azuremachinepool_webhook.go b/exp/api/v1beta1/azuremachinepool_webhook.go index 368012a1c75..1dcb692432c 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook.go +++ b/exp/api/v1beta1/azuremachinepool_webhook.go @@ -57,6 +57,14 @@ var _ webhook.Validator = &AzureMachinePool{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (amp *AzureMachinePool) ValidateCreate() error { + // NOTE: AzureMachinePool is behind MachinePool feature gate flag; the web hook + // must prevent creating new objects in case the feature flag is disabled. + if !feature.Gates.Enabled(capifeature.MachinePool) { + return field.Forbidden( + field.NewPath("spec"), + "can be set only if the MachinePool feature flag is enabled", + ) + } return amp.Validate(nil) } @@ -72,15 +80,6 @@ func (amp *AzureMachinePool) ValidateDelete() error { // Validate the Azure Machine Pool and return an aggregate error. func (amp *AzureMachinePool) Validate(old runtime.Object) error { - // NOTE: AzureMachinePool is behind MachinePool feature gate flag; the web hook - // must prevent creating new objects new case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return field.Forbidden( - field.NewPath("spec"), - "can be set only if the MachinePool feature flag is enabled", - ) - } - validators := []func() error{ amp.ValidateImage, amp.ValidateTerminateNotificationTimeout, diff --git a/exp/api/v1beta1/azuremanagedcluster_webhook.go b/exp/api/v1beta1/azuremanagedcluster_webhook.go index e8e8cd8a826..40e90146857 100644 --- a/exp/api/v1beta1/azuremanagedcluster_webhook.go +++ b/exp/api/v1beta1/azuremanagedcluster_webhook.go @@ -43,20 +43,19 @@ var _ webhook.Validator = &AzureManagedCluster{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (r *AzureManagedCluster) ValidateCreate() error { - return nil -} - -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (r *AzureManagedCluster) ValidateUpdate(oldRaw runtime.Object) error { // NOTE: AzureManagedCluster is behind AKS feature gate flag; the web hook - // must prevent creating new objects new case the feature flag is disabled. + // must prevent creating new objects in case the feature flag is disabled. if !feature.Gates.Enabled(feature.AKS) { return field.Forbidden( field.NewPath("spec"), "can be set only if the AKS feature flag is enabled", ) } + return nil +} +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. +func (r *AzureManagedCluster) ValidateUpdate(oldRaw runtime.Object) error { old := oldRaw.(*AzureManagedCluster) var allErrs field.ErrorList diff --git a/exp/api/v1beta1/azuremanagedmachinepool_webhook.go b/exp/api/v1beta1/azuremanagedmachinepool_webhook.go index a08ca79c88b..768288a857f 100644 --- a/exp/api/v1beta1/azuremanagedmachinepool_webhook.go +++ b/exp/api/v1beta1/azuremanagedmachinepool_webhook.go @@ -28,11 +28,20 @@ import ( kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation/field" "sigs.k8s.io/cluster-api-provider-azure/azure" + "sigs.k8s.io/cluster-api-provider-azure/feature" "sigs.k8s.io/cluster-api-provider-azure/util/maps" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" ) +// SetupWebhookWithManager sets up and registers the webhook with the manager. +func (m *AzureManagedMachinePool) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(m). + Complete() +} + //+kubebuilder:webhook:path=/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedmachinepools,verbs=create;update,versions=v1beta1,name=default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // Default implements webhook.Defaulter so a webhook will be registered for the type. @@ -55,6 +64,14 @@ func (m *AzureManagedMachinePool) Default(client client.Client) { // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (m *AzureManagedMachinePool) ValidateCreate(client client.Client) error { + // NOTE: AzureManagedMachinePool is behind AKS feature gate flag; the web hook + // must prevent creating new objects in case the feature flag is disabled. + if !feature.Gates.Enabled(feature.AKS) { + return field.Forbidden( + field.NewPath("spec"), + "can be set only if the AKS feature flag is enabled", + ) + } validators := []func() error{ m.validateMaxPods, m.validateOSType, diff --git a/exp/api/v1beta1/azuremanagedmachinepool_webhook_test.go b/exp/api/v1beta1/azuremanagedmachinepool_webhook_test.go index 8b708d55997..4054e21c6e1 100644 --- a/exp/api/v1beta1/azuremanagedmachinepool_webhook_test.go +++ b/exp/api/v1beta1/azuremanagedmachinepool_webhook_test.go @@ -23,7 +23,9 @@ import ( "github.com/Azure/go-autorest/autorest/to" . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + utilfeature "k8s.io/component-base/featuregate/testing" "sigs.k8s.io/cluster-api-provider-azure/azure" + "sigs.k8s.io/cluster-api-provider-azure/feature" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -478,6 +480,9 @@ func TestAzureManagedMachinePoolUpdatingWebhook(t *testing.T) { } func TestAzureManagedMachinePool_ValidateCreate(t *testing.T) { + // NOTE: AzureManagedMachinePool is behind AKS feature gate flag; the web hook + // must prevent creating new objects in case the feature flag is disabled. + defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, feature.AKS, true)() g := NewWithT(t) tests := []struct { diff --git a/main.go b/main.go index 494c86fdb28..5cc0ac43884 100644 --- a/main.go +++ b/main.go @@ -516,13 +516,6 @@ func registerWebhooks(mgr manager.Manager) { os.Exit(1) } - // NOTE: AzureManagedCluster is behind AKS feature gate flag; the webhook - // is going to prevent creating or updating new objects in case the feature flag is disabled - if err := (&infrav1exp.AzureManagedCluster{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedCluster") - os.Exit(1) - } - if feature.Gates.Enabled(feature.AKS) { hookServer := mgr.GetWebhookServer() hookServer.Register("/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool", webhook.NewMutatingWebhook( @@ -539,6 +532,21 @@ func registerWebhooks(mgr manager.Manager) { )) } + // NOTE: AzureManagedCluster,AzureManagedControlPlane, and AzureManagedMachinePool are behind AKS feature gate flag; + // the webhook is going to prevent creating or updating new objects in case the feature flag is disabled + if err := (&infrav1exp.AzureManagedCluster{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedCluster") + os.Exit(1) + } + if err := (&infrav1exp.AzureManagedMachinePool{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedMachinePool") + os.Exit(1) + } + if err := (&infrav1exp.AzureManagedControlPlane{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedControlPlane") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil { setupLog.Error(err, "unable to create ready check") os.Exit(1)