github.com/argoproj/argo-events@v1.9.1/webhook/validator/eventbus.go (about) 1 package validator 2 3 import ( 4 "context" 5 6 admissionv1 "k8s.io/api/admission/v1" 7 "k8s.io/client-go/kubernetes" 8 9 eventbuscontroller "github.com/argoproj/argo-events/controllers/eventbus" 10 eventbusv1alpha1 "github.com/argoproj/argo-events/pkg/apis/eventbus/v1alpha1" 11 eventbusclient "github.com/argoproj/argo-events/pkg/client/eventbus/clientset/versioned" 12 eventsourceclient "github.com/argoproj/argo-events/pkg/client/eventsource/clientset/versioned" 13 sensorclient "github.com/argoproj/argo-events/pkg/client/sensor/clientset/versioned" 14 ) 15 16 type eventbus struct { 17 client kubernetes.Interface 18 eventBusClient eventbusclient.Interface 19 eventSourceClient eventsourceclient.Interface 20 sensorClient sensorclient.Interface 21 22 oldeb *eventbusv1alpha1.EventBus 23 neweb *eventbusv1alpha1.EventBus 24 } 25 26 // NewEventBusValidator returns a validator for EventBus 27 func NewEventBusValidator(client kubernetes.Interface, ebClient eventbusclient.Interface, 28 esClient eventsourceclient.Interface, sClient sensorclient.Interface, old, new *eventbusv1alpha1.EventBus) Validator { 29 return &eventbus{client: client, eventBusClient: ebClient, eventSourceClient: esClient, sensorClient: sClient, oldeb: old, neweb: new} 30 } 31 32 func (eb *eventbus) ValidateCreate(ctx context.Context) *admissionv1.AdmissionResponse { 33 if err := eventbuscontroller.ValidateEventBus(eb.neweb); err != nil { 34 return DeniedResponse(err.Error()) 35 } 36 37 return AllowedResponse() 38 } 39 40 func (eb *eventbus) ValidateUpdate(ctx context.Context) *admissionv1.AdmissionResponse { 41 if eb.oldeb.Generation == eb.neweb.Generation { 42 return AllowedResponse() 43 } 44 if err := eventbuscontroller.ValidateEventBus(eb.neweb); err != nil { 45 return DeniedResponse(err.Error()) 46 } 47 switch { 48 case eb.neweb.Spec.NATS != nil: 49 if eb.oldeb.Spec.NATS == nil { 50 return DeniedResponse("Can not change event bus implementation") 51 } 52 oldNats := eb.oldeb.Spec.NATS 53 newNats := eb.neweb.Spec.NATS 54 if newNats.Native != nil { 55 if oldNats.Native == nil { 56 return DeniedResponse("Can not change NATS event bus implementation from exotic to native") 57 } 58 if authChanged(oldNats.Native.Auth, newNats.Native.Auth) { 59 return DeniedResponse("\"spec.nats.native.auth\" is immutable, can not be updated") 60 } 61 } else if newNats.Exotic != nil { 62 if oldNats.Exotic == nil { 63 return DeniedResponse("Can not change NATS event bus implementation from native to exotic") 64 } 65 if authChanged(oldNats.Exotic.Auth, newNats.Exotic.Auth) { 66 return DeniedResponse("\"spec.nats.exotic.auth\" is immutable, can not be updated") 67 } 68 } 69 case eb.neweb.Spec.JetStream != nil: 70 if eb.oldeb.Spec.JetStream == nil { 71 return DeniedResponse("Can not change event bus implementation") 72 } 73 oldJs := eb.oldeb.Spec.JetStream 74 newJs := eb.neweb.Spec.JetStream 75 if (oldJs.StreamConfig == nil && newJs.StreamConfig != nil) || 76 (oldJs.StreamConfig != nil && newJs.StreamConfig == nil) { 77 return DeniedResponse("\"spec.jetstream.streamConfig\" is immutable, can not be updated") 78 } 79 if oldJs.StreamConfig != nil && newJs.StreamConfig != nil && *oldJs.StreamConfig != *newJs.StreamConfig { 80 return DeniedResponse("\"spec.jetstream.streamConfig\" is immutable, can not be updated, old value='%s', new value='%s'", *oldJs.StreamConfig, *newJs.StreamConfig) 81 } 82 case eb.neweb.Spec.JetStreamExotic != nil: 83 if eb.oldeb.Spec.JetStreamExotic == nil { 84 return DeniedResponse("Can not change event bus implementation") 85 } 86 } 87 88 return AllowedResponse() 89 } 90 91 func authChanged(old, new *eventbusv1alpha1.AuthStrategy) bool { 92 if old == nil && new == nil { 93 return false 94 } 95 if old == nil { 96 return *new != eventbusv1alpha1.AuthStrategyNone 97 } 98 if new == nil { 99 return *old != eventbusv1alpha1.AuthStrategyNone 100 } 101 return *new != *old 102 }