From e1aa39efbd314326ce7c8e368efaf6bb3dad8405 Mon Sep 17 00:00:00 2001 From: Jack Francis Date: Fri, 2 Sep 2022 16:10:02 -0700 Subject: [PATCH] fix missing AzureManagedMachinePool webhooks, standardize --- exp/api/v1beta1/azuremachinepool_webhook.go | 17 +++++++------- .../v1beta1/azuremanagedcluster_webhook.go | 9 ++++---- .../azuremanagedmachinepool_webhook.go | 17 ++++++++++++++ main.go | 22 +++++++++++++------ 4 files changed, 44 insertions(+), 21 deletions(-) diff --git a/exp/api/v1beta1/azuremachinepool_webhook.go b/exp/api/v1beta1/azuremachinepool_webhook.go index 368012a1c755..2ea7dd26d9d3 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook.go +++ b/exp/api/v1beta1/azuremachinepool_webhook.go @@ -57,6 +57,14 @@ var _ webhook.Validator = &AzureMachinePool{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (amp *AzureMachinePool) ValidateCreate() error { + // NOTE: AzureMachinePool is behind MachinePool feature gate flag; the web hook + // must prevent creating new objects new case the feature flag is disabled. + if !feature.Gates.Enabled(capifeature.MachinePool) { + return field.Forbidden( + field.NewPath("spec"), + "can be set only if the MachinePool feature flag is enabled", + ) + } return amp.Validate(nil) } @@ -72,15 +80,6 @@ func (amp *AzureMachinePool) ValidateDelete() error { // Validate the Azure Machine Pool and return an aggregate error. func (amp *AzureMachinePool) Validate(old runtime.Object) error { - // NOTE: AzureMachinePool is behind MachinePool feature gate flag; the web hook - // must prevent creating new objects new case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return field.Forbidden( - field.NewPath("spec"), - "can be set only if the MachinePool feature flag is enabled", - ) - } - validators := []func() error{ amp.ValidateImage, amp.ValidateTerminateNotificationTimeout, diff --git a/exp/api/v1beta1/azuremanagedcluster_webhook.go b/exp/api/v1beta1/azuremanagedcluster_webhook.go index e8e8cd8a826d..badc5e46dad4 100644 --- a/exp/api/v1beta1/azuremanagedcluster_webhook.go +++ b/exp/api/v1beta1/azuremanagedcluster_webhook.go @@ -43,11 +43,6 @@ var _ webhook.Validator = &AzureManagedCluster{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (r *AzureManagedCluster) ValidateCreate() error { - return nil -} - -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (r *AzureManagedCluster) ValidateUpdate(oldRaw runtime.Object) error { // NOTE: AzureManagedCluster is behind AKS feature gate flag; the web hook // must prevent creating new objects new case the feature flag is disabled. if !feature.Gates.Enabled(feature.AKS) { @@ -56,7 +51,11 @@ func (r *AzureManagedCluster) ValidateUpdate(oldRaw runtime.Object) error { "can be set only if the AKS feature flag is enabled", ) } + return nil +} +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. +func (r *AzureManagedCluster) ValidateUpdate(oldRaw runtime.Object) error { old := oldRaw.(*AzureManagedCluster) var allErrs field.ErrorList diff --git a/exp/api/v1beta1/azuremanagedmachinepool_webhook.go b/exp/api/v1beta1/azuremanagedmachinepool_webhook.go index a08ca79c88b8..0f87174dedfb 100644 --- a/exp/api/v1beta1/azuremanagedmachinepool_webhook.go +++ b/exp/api/v1beta1/azuremanagedmachinepool_webhook.go @@ -28,11 +28,20 @@ import ( kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation/field" "sigs.k8s.io/cluster-api-provider-azure/azure" + "sigs.k8s.io/cluster-api-provider-azure/feature" "sigs.k8s.io/cluster-api-provider-azure/util/maps" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" ) +// SetupWebhookWithManager sets up and registers the webhook with the manager. +func (m *AzureManagedMachinePool) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(m). + Complete() +} + //+kubebuilder:webhook:path=/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedmachinepools,verbs=create;update,versions=v1beta1,name=default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // Default implements webhook.Defaulter so a webhook will be registered for the type. @@ -55,6 +64,14 @@ func (m *AzureManagedMachinePool) Default(client client.Client) { // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (m *AzureManagedMachinePool) ValidateCreate(client client.Client) error { + // NOTE: AzureManagedMachinePool is behind AKS feature gate flag; the web hook + // must prevent creating new objects new case the feature flag is disabled. + if !feature.Gates.Enabled(feature.AKS) { + return field.Forbidden( + field.NewPath("spec"), + "can be set only if the AKS feature flag is enabled", + ) + } validators := []func() error{ m.validateMaxPods, m.validateOSType, diff --git a/main.go b/main.go index 494c86fdb28d..5cc0ac438845 100644 --- a/main.go +++ b/main.go @@ -516,13 +516,6 @@ func registerWebhooks(mgr manager.Manager) { os.Exit(1) } - // NOTE: AzureManagedCluster is behind AKS feature gate flag; the webhook - // is going to prevent creating or updating new objects in case the feature flag is disabled - if err := (&infrav1exp.AzureManagedCluster{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedCluster") - os.Exit(1) - } - if feature.Gates.Enabled(feature.AKS) { hookServer := mgr.GetWebhookServer() hookServer.Register("/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool", webhook.NewMutatingWebhook( @@ -539,6 +532,21 @@ func registerWebhooks(mgr manager.Manager) { )) } + // NOTE: AzureManagedCluster,AzureManagedControlPlane, and AzureManagedMachinePool are behind AKS feature gate flag; + // the webhook is going to prevent creating or updating new objects in case the feature flag is disabled + if err := (&infrav1exp.AzureManagedCluster{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedCluster") + os.Exit(1) + } + if err := (&infrav1exp.AzureManagedMachinePool{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedMachinePool") + os.Exit(1) + } + if err := (&infrav1exp.AzureManagedControlPlane{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedControlPlane") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil { setupLog.Error(err, "unable to create ready check") os.Exit(1)