github.com/ironcore-dev/gardener-extension-provider-ironcore@v0.3.2-0.20240314231816-8336447fb9a0/pkg/admission/validator/secret.go

github.com/ironcore-dev/gardener-extension-provider-ironcore@v0.3.2-0.20240314231816-8336447fb9a0/pkg/admission/validator/secret.go (about)

     1  // SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and IronCore contributors
     2  // SPDX-License-Identifier: Apache-2.0
     3  
     4  package validator
     5  
     6  import (
     7  	"context"
     8  	"fmt"
     9  
    10  	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
    11  	corev1 "k8s.io/api/core/v1"
    12  	"k8s.io/apimachinery/pkg/api/equality"
    13  	"sigs.k8s.io/controller-runtime/pkg/client"
    14  
    15  	ironcorevalidation "github.com/ironcore-dev/gardener-extension-provider-ironcore/pkg/apis/ironcore/validation"
    16  )
    17  
    18  type secret struct{}
    19  
    20  // NewSecretValidator returns a new instance of a secret validator.
    21  func NewSecretValidator() extensionswebhook.Validator {
    22  	return &secret{}
    23  }
    24  
    25  // Validate checks whether the given new secret contains a valid ironcore service account.
    26  func (s *secret) Validate(_ context.Context, newObj, oldObj client.Object) error {
    27  	secret, ok := newObj.(*corev1.Secret)
    28  	if !ok {
    29  		return fmt.Errorf("wrong object type %T", newObj)
    30  	}
    31  
    32  	if oldObj != nil {
    33  		oldSecret, ok := oldObj.(*corev1.Secret)
    34  		if !ok {
    35  			return fmt.Errorf("wrong object type %T for old object", oldObj)
    36  		}
    37  
    38  		if equality.Semantic.DeepEqual(secret.Data, oldSecret.Data) {
    39  			return nil
    40  		}
    41  	}
    42  
    43  	return ironcorevalidation.ValidateCloudProviderSecret(secret)
    44  }