github.com/kotalco/kotal@v0.3.0/apis/ipfs/v1alpha1/cluster_peer_validation_webhook.go (about) 1 package v1alpha1 2 3 import ( 4 apierrors "k8s.io/apimachinery/pkg/api/errors" 5 "k8s.io/apimachinery/pkg/runtime" 6 "k8s.io/apimachinery/pkg/runtime/schema" 7 "k8s.io/apimachinery/pkg/util/validation/field" 8 "sigs.k8s.io/controller-runtime/pkg/webhook" 9 "sigs.k8s.io/controller-runtime/pkg/webhook/admission" 10 ) 11 12 // +kubebuilder:webhook:verbs=create;update,path=/validate-ipfs-kotal-io-v1alpha1-clusterpeer,mutating=false,failurePolicy=fail,groups=ipfs.kotal.io,resources=clusterpeers,versions=v1alpha1,name=validate-ipfs-v1alpha1-clusterpeer.kb.io,sideEffects=None,admissionReviewVersions=v1 13 14 var _ webhook.Validator = &ClusterPeer{} 15 16 // validate validates a node with a given path 17 func (r *ClusterPeer) validate() field.ErrorList { 18 var nodeErrors field.ErrorList 19 20 // privateKeySecretName is required if id is given 21 if r.Spec.ID != "" && r.Spec.PrivateKeySecretName == "" { 22 err := field.Invalid(field.NewPath("spec").Child("privateKeySecretName"), "", "must provide privateKeySecretName if id is provided") 23 nodeErrors = append(nodeErrors, err) 24 } 25 26 // id is required if privateKeySecretName is given 27 if r.Spec.PrivateKeySecretName != "" && r.Spec.ID == "" { 28 err := field.Invalid(field.NewPath("spec").Child("id"), "", "must provide id if privateKeySecretName is provided") 29 nodeErrors = append(nodeErrors, err) 30 } 31 32 return nodeErrors 33 34 } 35 36 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type 37 func (r *ClusterPeer) ValidateCreate() (admission.Warnings, error) { 38 var allErrors field.ErrorList 39 40 clusterpeerlog.Info("validate create", "name", r.Name) 41 42 allErrors = append(allErrors, r.validate()...) 43 allErrors = append(allErrors, r.Spec.Resources.ValidateCreate()...) 44 45 if len(allErrors) == 0 { 46 return nil, nil 47 } 48 49 return nil, apierrors.NewInvalid(schema.GroupKind{}, r.Name, allErrors) 50 } 51 52 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type 53 func (r *ClusterPeer) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { 54 var allErrors field.ErrorList 55 oldClusterPeer := old.(*ClusterPeer) 56 57 clusterpeerlog.Info("validate update", "name", r.Name) 58 59 if oldClusterPeer.Spec.Consensus != r.Spec.Consensus { 60 err := field.Invalid(field.NewPath("spec").Child("consensus"), r.Spec.Consensus, "field is immutable") 61 allErrors = append(allErrors, err) 62 } 63 64 if oldClusterPeer.Spec.ID != r.Spec.ID { 65 err := field.Invalid(field.NewPath("spec").Child("id"), r.Spec.ID, "field is immutable") 66 allErrors = append(allErrors, err) 67 } 68 69 if oldClusterPeer.Spec.PrivateKeySecretName != r.Spec.PrivateKeySecretName { 70 err := field.Invalid(field.NewPath("spec").Child("privateKeySecretName"), r.Spec.PrivateKeySecretName, "field is immutable") 71 allErrors = append(allErrors, err) 72 } 73 74 allErrors = append(allErrors, r.validate()...) 75 allErrors = append(allErrors, r.Spec.Resources.ValidateUpdate(&oldClusterPeer.Spec.Resources)...) 76 77 if len(allErrors) == 0 { 78 return nil, nil 79 } 80 81 return nil, apierrors.NewInvalid(schema.GroupKind{}, r.Name, allErrors) 82 } 83 84 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type 85 func (r *ClusterPeer) ValidateDelete() (admission.Warnings, error) { 86 clusterpeerlog.Info("validate delete", "name", r.Name) 87 88 return nil, nil 89 }