Merge pull request #209 from vshn/objbucket/del_prot

Add deletionProtection for ObjectBuckets
vshn · Jul 31, 2024 · 2768c5d · 2768c5d
2 parents ea9d906 + 2500a00
commit 2768c5d
Show file tree

Hide file tree

Showing 8 changed files with 354 additions and 218 deletions.
diff --git a/apis/v1/objectstorage_types.go b/apis/v1/objectstorage_types.go
@@ -16,6 +16,8 @@ const (
 // BucketDeletionPolicy determines how buckets should be deleted when a Bucket is deleted.
 type BucketDeletionPolicy string
 
+//go:generate yq -i e ../generated/appcat.vshn.io_objectbuckets.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.properties.security.default={})"
+
 // +kubebuilder:object:root=true
 // +kubebuilder:printcolumn:name="Bucket Name",type="string",JSONPath=".spec.parameters.bucketName"
 // +kubebuilder:printcolumn:name="Region",type="string",JSONPath=".spec.parameters.region"
@@ -60,6 +62,9 @@ type ObjectBucketParameters struct {
 	//  `DeleteIfEmpty` only deletes the bucket if the bucket is empty.
 	//  `DeleteAll` recursively deletes all objects in the bucket and then removes it.
 	BucketDeletionPolicy BucketDeletionPolicy `json:"bucketDeletionPolicy,omitempty"`
+
+	// Security defines the security of a service
+	Security Security `json:"security,omitempty"`
 }
 
 // ObjectBucketStatus reflects the observed state of a ObjectBucket.
@@ -96,3 +101,14 @@ type NamespacedName struct {
 	Namespace string `json:"namespace,omitempty"`
 	Name      string `json:"name,omitempty"`
 }
+
+// Security defines the security of a service
+type Security struct {
+	// DeletionProtection blocks the deletion of the instance if it is enabled (enabled by default)
+	// +kubebuilder:default=true
+	DeletionProtection bool `json:"deletionProtection,omitempty"`
+}
+
+func (v *ObjectBucket) GetSecurity() *Security {
+	return &v.Spec.Parameters.Security
+}
diff --git a/apis/v1/zz_generated.deepcopy.go b/apis/v1/zz_generated.deepcopy.go
diff --git a/cmd/controller.go b/cmd/controller.go
@@ -147,7 +147,12 @@ func setupWebhooks(mgr manager.Manager, withQuota bool) error {
 		return err
 	}
 
-	err = webhooks.SetupObjectbucketCDeletionProtectionHandlerWithManager(mgr)
+	err = webhooks.SetupXObjectbucketCDeletionProtectionHandlerWithManager(mgr)
+	if err != nil {
+		return err
+	}
+
+	err = webhooks.SetupObjectbucketDeletionProtectionHandlerWithManager(mgr)
 	if err != nil {
 		return err
 	}

diff --git a/config/controller/webhooks.yaml b/config/controller/webhooks.yaml
@@ -23,6 +23,25 @@ webhooks:
     resources:
     - namespaces
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-appcat-vshn-io-v1-objectbucket
+  failurePolicy: Fail
+  name: objectbuckets.vshn.appcat.vshn.io
+  rules:
+  - apiGroups:
+    - appcat.vshn.io
+    apiVersions:
+    - v1
+    operations:
+    - DELETE
+    resources:
+    - objectbuckets
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig: