Define strategy to provide value for bundleLookupTag in Cluster Template

PROJECT

@@ -32,6 +32,10 @@ resources:
   kind: ByoCluster
   path: github.com/vmware-tanzu/cluster-api-provider-bringyourownhost/apis/infrastructure/v1beta1
   version: v1beta1
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
 - api:
     crdVersion: v1
     namespaced: true

apis/infrastructure/v1beta1/byocluster_webhook.go

@@ -0,0 +1,73 @@
+// Copyright 2021 VMware, Inc. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1beta1
+
+import (
+	"errors"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	ctrl "sigs.k8s.io/controller-runtime"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+)
+
+// log is for logging in this package.
+var byoclusterlog = logf.Log.WithName("byocluster-resource")
+
+func (r *ByoCluster) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(r).
+		Complete()
+}
+
+// TODO(user): EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+
+//+kubebuilder:webhook:path=/mutate-infrastructure-cluster-x-k8s-io-v1beta1-byocluster,mutating=true,failurePolicy=fail,sideEffects=None,groups=infrastructure.cluster.x-k8s.io,resources=byoclusters,verbs=create;update,versions=v1beta1,name=mbyocluster.kb.io,admissionReviewVersions=v1
+
+var _ webhook.Defaulter = &ByoCluster{}
+
+// Default implements webhook.Defaulter so a webhook will be registered for the type
+// nolint: stylecheck
+func (r *ByoCluster) Default() {
+	byoclusterlog.Info("default", "name", r.Name)
+}
+
+// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
+//+kubebuilder:webhook:path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-byocluster,mutating=false,failurePolicy=fail,sideEffects=None,groups=infrastructure.cluster.x-k8s.io,resources=byoclusters,verbs=create;update,versions=v1beta1,name=vbyocluster.kb.io,admissionReviewVersions=v1
+
+var _ webhook.Validator = &ByoCluster{}
+
+// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
+func (r *ByoCluster) ValidateCreate() error {
+	byoclusterlog.Info("validate create", "name", r.Name)
+	groupResource := schema.GroupResource{Group: "infrastructure.cluster.x-k8s.io", Resource: "byocluster"}
+
+	if r.Spec.BundleLookupTag == "" {
+		return apierrors.NewForbidden(groupResource, r.Name, errors.New("cannot create ByoCluster with Spec.BundleLookupTag"))
+	}
+
+	return nil
+}
+
+// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
+func (r *ByoCluster) ValidateUpdate(old runtime.Object) error {
+	byoclusterlog.Info("validate update", "name", r.Name)
+
+	groupResource := schema.GroupResource{Group: "infrastructure.cluster.x-k8s.io", Resource: "byocluster"}
+
+	if r.Spec.BundleLookupTag == "" {
+		return apierrors.NewForbidden(groupResource, r.Name, errors.New("cannot create ByoCluster with empty Spec.BundleLookupTag"))
+	}
+	return nil
+}
+
+// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
+func (r *ByoCluster) ValidateDelete() error {
+	byoclusterlog.Info("validate delete", "name", r.Name)
+
+	// TODO(user): fill in your validation logic upon object deletion.
+	return nil
+}

apis/infrastructure/v1beta1/byocluster_webhook_test.go

@@ -0,0 +1,87 @@
+// Copyright 2021 VMware, Inc. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1beta1
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/kubectl/pkg/scheme"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var _ = Describe("ByoclusterWebhook", func() {
+	XContext("When ByoCluster gets a create request", func() {
+		var (
+			byoCluster *ByoCluster
+		)
+		BeforeEach(func() {
+			_, clientErr := client.New(cfg, client.Options{Scheme: scheme.Scheme})
+			Expect(clientErr).NotTo(HaveOccurred())
+
+			byoCluster = &ByoCluster{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "ByoCluster",
+					APIVersion: clusterv1.GroupVersion.String(),
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "byocluster-create",
+					Namespace: "default",
+				},
+				Spec: ByoClusterSpec{},
+			}
+		})
+
+		It("should reject the request when BundleLookupTag is empty", func() {
+			err := byoCluster.ValidateCreate()
+			Expect(err).To(HaveOccurred())
+			Expect(err).To(MatchError("cSpec.BundleLookupTag of ByoCluster is empty"))
+		})
+
+	})
+
+	XContext("When ByoCluster gets a update request", func() {
+		var (
+			oldbyoCluster *ByoCluster
+			newbyoCluster *ByoCluster
+		)
+		BeforeEach(func() {
+			_, clientErr := client.New(cfg, client.Options{Scheme: scheme.Scheme})
+			Expect(clientErr).NotTo(HaveOccurred())
+
+			oldbyoCluster = &ByoCluster{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "ByoCluster",
+					APIVersion: clusterv1.GroupVersion.String(),
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "byocluster-update",
+					Namespace: "default",
+				},
+				Spec: ByoClusterSpec{
+					BundleLookupTag: "v0.1.0_alpha.2",
+				},
+			}
+			newbyoCluster = &ByoCluster{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "ByoCluster",
+					APIVersion: clusterv1.GroupVersion.String(),
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "byocluster-update",
+					Namespace: "default",
+				},
+				Spec: ByoClusterSpec{},
+			}
+		})
+
+		It("should reject the request when BundleLookupTag is empty", func() {
+			err := newbyoCluster.ValidateUpdate(oldbyoCluster)
+			Expect(err).To(HaveOccurred())
+			Expect(err).To(MatchError("Spec.BundleLookupTag of ByoCluster is empty"))
+		})
+
+	})
+})

apis/infrastructure/v1beta1/webhook_suite_test.go

@@ -75,6 +75,9 @@ var _ = BeforeSuite(func() {
 	err = AddToScheme(scheme)
 	Expect(err).NotTo(HaveOccurred())
 
+	err = admissionv1beta1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
 	//+kubebuilder:scaffold:scheme
 
 	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
@@ -96,6 +99,9 @@ var _ = BeforeSuite(func() {
 	err = (&ByoHost{}).SetupWebhookWithManager(mgr)
 	Expect(err).NotTo(HaveOccurred())
 
+	err = (&ByoCluster{}).SetupWebhookWithManager(mgr)
+	Expect(err).NotTo(HaveOccurred())
+
 	//+kubebuilder:scaffold:webhook
 
 	go func() {

config/crd/kustomization.yaml

@@ -18,7 +18,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_byomachines.yaml
 - patches/webhook_in_byohosts.yaml
 #- patches/webhook_in_byomachinetemplates.yaml
-#- patches/webhook_in_byoclusters.yaml
+- patches/webhook_in_byoclusters.yaml
 #- patches/webhook_in_byohosts.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
@@ -27,7 +27,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_byomachines.yaml
 - patches/cainjection_in_byohosts.yaml
 #- patches/cainjection_in_byomachinetemplates.yaml
-#- patches/cainjection_in_byoclusters.yaml
+- patches/cainjection_in_byoclusters.yaml
 #- patches/cainjection_in_byohosts.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 

config/default/webhookcainjection_patch.yaml

@@ -1,5 +1,11 @@
 # This patch add annotation to admission webhook config and
 # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration

config/webhook/manifests.yaml

@@ -1,11 +1,59 @@
 
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  creationTimestamp: null
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-byocluster
+  failurePolicy: Fail
+  name: mbyocluster.kb.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - byoclusters
+  sideEffects: None
+
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   creationTimestamp: null
   name: validating-webhook-configuration
 webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-byocluster
+  failurePolicy: Fail
+  name: vbyocluster.kb.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - byoclusters
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   - v1beta1

main.go

@@ -121,6 +121,10 @@ func main() {
 		setupLog.Error(err, "unable to create webhook", "webhook", "ByoHost")
 		os.Exit(1)
 	}
+	if err = (&infrastructurev1beta1.ByoCluster{}).SetupWebhookWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create webhook", "webhook", "ByoCluster")
+		os.Exit(1)
+	}
 	//+kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {