Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added reenabling of the createManagement parameter check #340

Merged
merged 1 commit into from
Sep 19, 2024
Merged

Added reenabling of the createManagement parameter check #340

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 31 additions & 2 deletions internal/webhook/management_webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@ type ManagementValidator struct {
}

var (
ErrManagementDeletionForbidden = errors.New("management deletion is forbidden")
ErrManagementDeletionForbidden = errors.New("management deletion is forbidden")
ErrCreateManagementReenablingForbidden = errors.New("reenabling of the createManagement parameter is forbidden")
)

func (in *ManagementValidator) SetupWebhookWithManager(mgr ctrl.Manager) error {
Expand All @@ -57,7 +58,35 @@ func (*ManagementValidator) ValidateCreate(_ context.Context, _ runtime.Object)
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
func (*ManagementValidator) ValidateUpdate(_ context.Context, _ runtime.Object, _ runtime.Object) (admission.Warnings, error) {
func (*ManagementValidator) ValidateUpdate(_ context.Context, _ runtime.Object, newObj runtime.Object) (admission.Warnings, error) {
// Ensure the newObj is of the expected type.
newManagement, ok := newObj.(*v1alpha1.Management)
if !ok {
return nil, apierrors.NewBadRequest(fmt.Sprintf("expected Management but got a %T", newObj))
}

// without Core, no further validation is needed.
if newManagement.Spec.Core == nil {
return nil, nil
}

// Retrieve Helm values.
vals, err := newManagement.Spec.Core.HMC.HelmValues()
if err != nil {
return nil, apierrors.NewBadRequest(fmt.Sprintf("cannot retrieve helm values: %v", err))
}

// Check if the 'controller' field exists and is a map.
controller, ok := vals["controller"].(map[string]interface{})
if !ok {
return nil, nil
}

// Check if 'createManagement' exists and is true.
if createManagement, ok := controller["createManagement"].(bool); ok && createManagement {
return nil, ErrCreateManagementReenablingForbidden
}

return nil, nil
}

Expand Down
77 changes: 77 additions & 0 deletions internal/webhook/management_webhook_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@ package webhook

import (
"context"
"encoding/json"
"testing"

. "github.com/onsi/gomega"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
Expand Down Expand Up @@ -75,3 +77,78 @@ func TestManagementValidateDelete(t *testing.T) {
})
}
}

func getManagementObjWithCreateFlag(flag bool) (*v1alpha1.Management, error) {
hmcConfig := map[string]interface{}{
"controller": map[string]interface{}{
"createManagement": flag,
},
}

rawConfig, err := json.Marshal(hmcConfig)
if err != nil {
return nil, err
}

mgmtObj := &v1alpha1.Management{
Spec: v1alpha1.ManagementSpec{
Core: &v1alpha1.Core{
HMC: v1alpha1.Component{
Config: &apiextensionsv1.JSON{
Raw: rawConfig,
},
},
},
},
}

return mgmtObj, nil
}

func TestManagementValidateUpdate(t *testing.T) {
g := NewWithT(t)

ctx := context.Background()

objToFail, err := getManagementObjWithCreateFlag(true)
g.Expect(err).To(Succeed())

objToSucceed, err := getManagementObjWithCreateFlag(false)
g.Expect(err).To(Succeed())

tests := []struct {
name string
management *v1alpha1.Management
err string
}{
{
name: "should fail if Management object has controller.createManagement=true",
management: objToFail,
err: "reenabling of the createManagement parameter is forbidden",
},
{
name: "should succeed for controller.createManagement=false",
management: objToSucceed,
},
{
name: "should succeed",
management: management.NewManagement(),
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := fake.NewClientBuilder().WithScheme(scheme.Scheme).Build()
validator := &ManagementValidator{Client: c}
_, err := validator.ValidateUpdate(ctx, management.NewManagement(), tt.management)
if tt.err != "" {
g.Expect(err).To(HaveOccurred())
if err.Error() != tt.err {
t.Fatalf("expected error '%s', got error: %s", tt.err, err.Error())
}
} else {
g.Expect(err).To(Succeed())
}
})
}
}