Skip to content

Commit

Permalink
Move experimental addons API v1beta1 webhooks to separate package
Browse files Browse the repository at this point in the history
  • Loading branch information
Ankitasw committed Sep 15, 2023
1 parent 034c8dd commit f4fdd0b
Show file tree
Hide file tree
Showing 12 changed files with 391 additions and 236 deletions.
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,7 @@ generate-manifests-core: $(CONTROLLER_GEN) $(KUSTOMIZE) ## Generate manifests e.
paths=./internal/webhooks/... \
paths=./$(EXP_DIR)/api/... \
paths=./$(EXP_DIR)/internal/controllers/... \
paths=./$(EXP_DIR)/addons/internal/webhooks/... \
paths=./$(EXP_DIR)/addons/api/... \
paths=./$(EXP_DIR)/addons/internal/controllers/... \
paths=./$(EXP_DIR)/ipam/api/... \
Expand Down
118 changes: 0 additions & 118 deletions exp/addons/api/v1beta1/clusterresourceset_webhook.go

This file was deleted.

79 changes: 0 additions & 79 deletions exp/addons/api/v1beta1/clusterresourcesetbinding_webhook.go

This file was deleted.

163 changes: 163 additions & 0 deletions exp/addons/internal/webhooks/clusterresourceset_webhook.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,163 @@
/*
Copyright 2021 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package webhooks

import (
"context"
"fmt"
"reflect"

apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/validation/field"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

addonsv1 "sigs.k8s.io/cluster-api/exp/addons/api/v1beta1"
"sigs.k8s.io/cluster-api/feature"
)

// ClusterResourceSet implements a validation and defaulting webhook for ClusterResourceSet.
type ClusterResourceSet struct{}

func (webhook *ClusterResourceSet) SetupWebhookWithManager(mgr ctrl.Manager) error {
return ctrl.NewWebhookManagedBy(mgr).
For(&addonsv1.ClusterResourceSet{}).
WithDefaulter(webhook).
WithValidator(webhook).
Complete()
}

// +kubebuilder:webhook:verbs=create;update,path=/validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=addons.cluster.x-k8s.io,resources=clusterresourcesets,versions=v1beta1,name=validation.clusterresourceset.addons.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
// +kubebuilder:webhook:verbs=create;update,path=/mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=addons.cluster.x-k8s.io,resources=clusterresourcesets,versions=v1beta1,name=default.clusterresourceset.addons.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1

var _ webhook.CustomDefaulter = &ClusterResourceSet{}
var _ webhook.CustomValidator = &ClusterResourceSet{}

// Default implements webhook.Defaulter so a webhook will be registered for the type.
func (webhook *ClusterResourceSet) Default(_ context.Context, oldObj runtime.Object) error {
oldCRS, ok := oldObj.(*addonsv1.ClusterResourceSet)
if !ok {
return apierrors.NewBadRequest(fmt.Sprintf("expected a ClusterResourceSet but got a %T", oldObj))
}
// ClusterResourceSet Strategy defaults to ApplyOnce.
if oldCRS.Spec.Strategy == "" {
oldCRS.Spec.Strategy = string(addonsv1.ClusterResourceSetStrategyApplyOnce)
}
return nil
}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (webhook *ClusterResourceSet) ValidateCreate(_ context.Context, oldObj runtime.Object) (admission.Warnings, error) {
oldCRS, ok := oldObj.(*addonsv1.ClusterResourceSet)
if !ok {
return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a ClusterResourceSet but got a %T", oldObj))
}
return nil, webhook.validate(oldCRS, nil)
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
func (webhook *ClusterResourceSet) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
oldCRS, ok := oldObj.(*addonsv1.ClusterResourceSet)
if !ok {
return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a ClusterResourceSet but got a %T", oldObj))
}
newCRS, ok := newObj.(*addonsv1.ClusterResourceSet)
if !ok {
return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a ClusterResourceSet but got a %T", newObj))
}
return nil, webhook.validate(oldCRS, newCRS)
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (webhook *ClusterResourceSet) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
return nil, nil
}

func (webhook *ClusterResourceSet) validate(oldCRS, newCRS *addonsv1.ClusterResourceSet) error {
// NOTE: ClusterResourceSet is behind ClusterResourceSet feature gate flag; the web hook
// must prevent creating newCRS objects when the feature flag is disabled.
if !feature.Gates.Enabled(feature.ClusterResourceSet) {
return field.Forbidden(
field.NewPath("spec"),
"can be set only if the ClusterResourceSet feature flag is enabled",
)
}
var (
allErrs field.ErrorList
selector labels.Selector
err error
)

// Validate selector parses as Selector
if newCRS != nil {
selector, err = metav1.LabelSelectorAsSelector(&newCRS.Spec.ClusterSelector)
if err != nil {
allErrs = append(
allErrs,
field.Invalid(field.NewPath("spec", "clusterSelector"), newCRS.Spec.ClusterSelector, err.Error()),
)
}
}

// Validate selector parses as Selector
if oldCRS != nil {
selector, err = metav1.LabelSelectorAsSelector(&oldCRS.Spec.ClusterSelector)
if err != nil {
allErrs = append(
allErrs,
field.Invalid(field.NewPath("spec", "clusterSelector"), oldCRS.Spec.ClusterSelector, err.Error()),
)
}
}

// Validate that the selector isn't empty as null selectors do not select any objects.
if selector != nil && selector.Empty() {
allErrs = append(
allErrs,
field.Invalid(field.NewPath("spec", "clusterSelector"), newCRS.Spec.ClusterSelector, "selector must not be empty"),
)
}

if oldCRS != nil && newCRS != nil && oldCRS.Spec.Strategy != "" && oldCRS.Spec.Strategy != newCRS.Spec.Strategy {
allErrs = append(
allErrs,
field.Invalid(field.NewPath("spec", "strategy"), newCRS.Spec.Strategy, "field is immutable"),
)
}

if oldCRS != nil && newCRS != nil && !reflect.DeepEqual(oldCRS.Spec.ClusterSelector, newCRS.Spec.ClusterSelector) {
allErrs = append(
allErrs,
field.Invalid(field.NewPath("spec", "clusterSelector"), newCRS.Spec.ClusterSelector, "field is immutable"),
)
}

if len(allErrs) == 0 {
return nil
}
if oldCRS != nil {
return apierrors.NewInvalid(addonsv1.GroupVersion.WithKind("ClusterResourceSet").GroupKind(), oldCRS.Name, allErrs)
}
if newCRS != nil {
return apierrors.NewInvalid(addonsv1.GroupVersion.WithKind("ClusterResourceSet").GroupKind(), newCRS.Name, allErrs)
}
return nil
}
Loading

0 comments on commit f4fdd0b

Please sign in to comment.