Skip to content

Commit

Permalink
validation for required fields was implemented
Browse files Browse the repository at this point in the history
  • Loading branch information
tengu-alt committed Feb 14, 2024
1 parent 80ac586 commit a59baed
Show file tree
Hide file tree
Showing 38 changed files with 988 additions and 31 deletions.
32 changes: 26 additions & 6 deletions .secrets.baseline
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,10 @@
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_baseline_file",
"filename": ".secrets.baseline"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
Expand Down Expand Up @@ -204,7 +208,7 @@
"filename": "apis/clusters/v1beta1/cassandra_webhook.go",
"hashed_secret": "e0a46b27231f798fe22dc4d5d82b5feeb5dcf085",
"is_verified": false,
"line_number": 229
"line_number": 235
}
],
"apis/clusters/v1beta1/kafka_types.go": [
Expand Down Expand Up @@ -361,7 +365,7 @@
"filename": "apis/clusters/v1beta1/redis_webhook.go",
"hashed_secret": "bc1c5ae5fd4a238d86261f422e62c489de408c22",
"is_verified": false,
"line_number": 316
"line_number": 322
}
],
"apis/clusters/v1beta1/zookeeper_types.go": [
Expand Down Expand Up @@ -404,21 +408,21 @@
"filename": "apis/kafkamanagement/v1beta1/usercertificate_webhook.go",
"hashed_secret": "3747c0c1bc4416dc2334f5aff52f3c9df602d92d",
"is_verified": false,
"line_number": 45
"line_number": 52
},
{
"type": "Secret Keyword",
"filename": "apis/kafkamanagement/v1beta1/usercertificate_webhook.go",
"hashed_secret": "11495ec6584371b5d9982b538de7b47957781c13",
"is_verified": false,
"line_number": 49
"line_number": 56
},
{
"type": "Secret Keyword",
"filename": "apis/kafkamanagement/v1beta1/usercertificate_webhook.go",
"hashed_secret": "7eb7eabdf6b5b4f62b12c2b706192d408f95a3c0",
"is_verified": false,
"line_number": 62
"line_number": 69
}
],
"apis/kafkamanagement/v1beta1/zz_generated.deepcopy.go": [
Expand Down Expand Up @@ -1116,6 +1120,22 @@
"line_number": 186
}
],
"pkg/utils/user_creds_from_secret_test.go": [
{
"type": "Secret Keyword",
"filename": "pkg/utils/user_creds_from_secret_test.go",
"hashed_secret": "46b77150f07f905116b6be9b7d29ea4b6c2daac8",
"is_verified": false,
"line_number": 34
},
{
"type": "Secret Keyword",
"filename": "pkg/utils/user_creds_from_secret_test.go",
"hashed_secret": "a27a9f290fd2247aaa3cc515001183f17c77a96d",
"is_verified": false,
"line_number": 84
}
],
"scripts/cloud-init-secret.yaml": [
{
"type": "Base64 High Entropy String",
Expand All @@ -1126,5 +1146,5 @@
}
]
},
"generated_at": "2024-02-13T09:35:50Z"
"generated_at": "2024-02-13T11:02:54Z"
}
6 changes: 5 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,12 @@ test-users:
test-webhooks:
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./apis/clusters/v1beta1 -coverprofile cover.out

.PHONY: test-utils
test-utils:
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./pkg/utils/... -coverprofile cover.out

.PHONY: test
test: manifests generate fmt vet docker-build-server-stub run-server-stub envtest test-clusters test-clusterresources test-webhooks test-kafkamanagement test-users stop-server-stub
test: manifests generate fmt vet docker-build-server-stub run-server-stub test-utils envtest test-clusters test-clusterresources test-webhooks test-kafkamanagement test-users stop-server-stub

.PHONY: goimports
goimports:
Expand Down
8 changes: 5 additions & 3 deletions PROJECT
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,7 @@ resources:
version: v1beta1
webhooks:
defaulting: true
validation: true
webhookVersion: v1
- api:
crdVersion: v1
Expand All @@ -299,6 +300,10 @@ resources:
kind: Topic
path: github.com/instaclustr/operator/apis/kafkamanagement/v1beta1
version: v1beta1
webhooks:
defaulting: true
validation: true
webhookVersion: v1
- api:
crdVersion: v1
namespaced: true
Expand All @@ -308,9 +313,6 @@ resources:
kind: PostgreSQLUser
path: github.com/instaclustr/operator/apis/clusterresources/v1beta1
version: v1beta1
webhooks:
validation: true
webhookVersion: v1
- api:
crdVersion: v1
namespaced: true
Expand Down
6 changes: 6 additions & 0 deletions apis/clusterresources/v1beta1/awsencryptionkey_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

var awsencryptionkeylog = logf.Log.WithName("awsencryptionkey-resource")
Expand Down Expand Up @@ -60,6 +61,11 @@ var _ webhook.Validator = &AWSEncryptionKey{}
func (aws *AWSEncryptionKey) ValidateCreate() error {
awsencryptionkeylog.Info("validate create", "name", aws.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(aws.Spec)
if err != nil {
return err
}

aliasMatched, err := regexp.Match(models.EncryptionKeyAliasRegExp, []byte(aws.Spec.Alias))
if !aliasMatched || err != nil {
return fmt.Errorf("AWS Encryption key alias must fit the pattern: %s, %v", models.EncryptionKeyAliasRegExp, err)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

// log is for logging in this package.
Expand All @@ -45,6 +47,11 @@ var principalArnPattern, _ = regexp.Compile(`^arn:aws:iam::[0-9]{12}:(root$|user
func (r *AWSEndpointServicePrincipal) ValidateCreate() error {
awsendpointserviceprincipallog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

if (r.Spec.ClusterDataCenterID == "" && r.Spec.ClusterRef == nil) ||
(r.Spec.ClusterDataCenterID != "" && r.Spec.ClusterRef != nil) {
return fmt.Errorf("only one of the following fields should be specified: dataCentreId, clusterRef")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
"github.com/instaclustr/operator/pkg/validation"
)

Expand Down Expand Up @@ -60,6 +61,11 @@ var _ webhook.Validator = &AWSSecurityGroupFirewallRule{}
func (r *AWSSecurityGroupFirewallRule) ValidateCreate() error {
awssecuritygroupfirewallrulelog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

if !validation.Contains(r.Spec.Type, models.BundleTypes) {
return fmt.Errorf("type %s is unavailable, available types: %v",
r.Spec.Type, models.BundleTypes)
Expand Down
8 changes: 7 additions & 1 deletion apis/clusterresources/v1beta1/awsvpcpeering_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

var awsvpcpeeringlog = logf.Log.WithName("awsvpcpeering-resource")
Expand Down Expand Up @@ -59,6 +60,11 @@ var _ webhook.Validator = &AWSVPCPeering{}
func (r *AWSVPCPeering) ValidateCreate() error {
awsvpcpeeringlog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

if r.Spec.PeerAWSAccountID == "" {
return fmt.Errorf("peer AWS Account ID is empty")
}
Expand All @@ -76,7 +82,7 @@ func (r *AWSVPCPeering) ValidateCreate() error {
return fmt.Errorf("peer Subnets list is empty")
}

err := r.Spec.Validate(models.AWSRegions)
err = r.Spec.Validate(models.AWSRegions)
if err != nil {
return err
}
Expand Down
8 changes: 7 additions & 1 deletion apis/clusterresources/v1beta1/azurevnetpeering_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

var azurevnetpeeringlog = logf.Log.WithName("azurevnetpeering-resource")
Expand Down Expand Up @@ -60,6 +61,11 @@ var _ webhook.Validator = &AzureVNetPeering{}
func (r *AzureVNetPeering) ValidateCreate() error {
azurevnetpeeringlog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

if r.Spec.PeerResourceGroup == "" {
return fmt.Errorf("peer Resource Group is empty")
}
Expand All @@ -81,7 +87,7 @@ func (r *AzureVNetPeering) ValidateCreate() error {
return fmt.Errorf("peer Subnets list is empty")
}

err := r.Spec.Validate()
err = r.Spec.Validate()
if err != nil {
return err
}
Expand Down
6 changes: 6 additions & 0 deletions apis/clusterresources/v1beta1/cassandrauser_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

// log is for logging in this package.
Expand All @@ -43,6 +44,11 @@ var _ webhook.Validator = &CassandraUser{}
func (u *CassandraUser) ValidateCreate() error {
cassandrauserlog.Info("validate create", "name", u.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(u.Spec)
if err != nil {
return err
}

if u.Spec.SecretRef.Name == "" || u.Spec.SecretRef.Namespace == "" {
return models.ErrEmptySecretRef
}
Expand Down
6 changes: 6 additions & 0 deletions apis/clusterresources/v1beta1/clusterbackup_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

// log is for logging in this package.
Expand Down Expand Up @@ -54,6 +55,11 @@ var _ webhook.Validator = &ClusterBackup{}
func (r *ClusterBackup) ValidateCreate() error {
clusterbackuplog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

_, ok := models.ClusterKindsMap[r.Spec.ClusterRef.ClusterKind]
if !ok {
return models.ErrUnsupportedBackupClusterKind
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
"github.com/instaclustr/operator/pkg/validation"
)

Expand Down Expand Up @@ -60,6 +61,11 @@ var _ webhook.Validator = &ClusterNetworkFirewallRule{}
func (fr *ClusterNetworkFirewallRule) ValidateCreate() error {
clusternetworkfirewallrulelog.Info("validate create", "name", fr.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(fr.Spec)
if err != nil {
return err
}

if !validation.Contains(fr.Spec.Type, models.BundleTypes) {
return fmt.Errorf("type %s is unavailable, available types: %v",
fr.Spec.Type, models.BundleTypes)
Expand Down
6 changes: 6 additions & 0 deletions apis/clusterresources/v1beta1/exclusionwindow_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
"github.com/instaclustr/operator/pkg/validation"
)

Expand Down Expand Up @@ -55,6 +56,11 @@ var _ webhook.Validator = &ExclusionWindow{}
func (r *ExclusionWindow) ValidateCreate() error {
exclusionwindowlog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

if (r.Spec.ClusterID == "" && r.Spec.ClusterRef == nil) ||
(r.Spec.ClusterID != "" && r.Spec.ClusterRef != nil) {
return fmt.Errorf("only one of the following fields should be specified: clusterId, clusterRef")
Expand Down
8 changes: 7 additions & 1 deletion apis/clusterresources/v1beta1/gcpvpcpeering_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

var gcpvpcpeeringlog = logf.Log.WithName("gcpvpcpeering-resource")
Expand Down Expand Up @@ -60,6 +61,11 @@ var _ webhook.Validator = &GCPVPCPeering{}
func (r *GCPVPCPeering) ValidateCreate() error {
gcpvpcpeeringlog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

if r.Spec.PeerVPCNetworkName == "" {
return fmt.Errorf("peer VPC Network Name is empty")
}
Expand All @@ -77,7 +83,7 @@ func (r *GCPVPCPeering) ValidateCreate() error {
return fmt.Errorf("peer Subnets list is empty")
}

err := r.Spec.Validate()
err = r.Spec.Validate()
if err != nil {
return err
}
Expand Down
6 changes: 6 additions & 0 deletions apis/clusterresources/v1beta1/maintenanceevents_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
"github.com/instaclustr/operator/pkg/validation"
)

Expand All @@ -44,6 +45,11 @@ var _ webhook.Validator = &MaintenanceEvents{}
func (r *MaintenanceEvents) ValidateCreate() error {
maintenanceeventslog.Info("validate create", "name", r.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(r.Spec)
if err != nil {
return err
}

if err := r.ValidateMaintenanceEventsReschedules(); err != nil {
return fmt.Errorf("maintenance events reschedules validation failed: %v", err)
}
Expand Down
6 changes: 6 additions & 0 deletions apis/clusterresources/v1beta1/nodereload_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/instaclustr/operator/pkg/models"
"github.com/instaclustr/operator/pkg/utils/requiredfieldsvalidator"
)

var nodereloadlog = logf.Log.WithName("nodereload-resource")
Expand All @@ -45,6 +46,11 @@ var _ webhook.Validator = &NodeReload{}
func (nr *NodeReload) ValidateCreate() error {
nodereloadlog.Info("validate create", "name", nr.Name)

err := requiredfieldsvalidator.ValidateRequiredFields(nr.Spec)
if err != nil {
return err
}

if nr.Spec.Nodes == nil {
return fmt.Errorf("nodes list is empty")
}
Expand Down
Loading

0 comments on commit a59baed

Please sign in to comment.