github.com/verrazzano/verrazzano@v1.7.1/cluster-operator/apis/clusters/v1alpha1/ocneoci_webhook.go

github.com/verrazzano/verrazzano@v1.7.1/cluster-operator/apis/clusters/v1alpha1/ocneoci_webhook.go (about)

     1  // Copyright (c) 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package v1alpha1
     5  
     6  import (
     7  	"errors"
     8  	"fmt"
     9  	"k8s.io/apimachinery/pkg/runtime"
    10  	"reflect"
    11  	ctrl "sigs.k8s.io/controller-runtime"
    12  	"sigs.k8s.io/controller-runtime/pkg/webhook"
    13  )
    14  
    15  var (
    16  	_ webhook.Validator = &OCNEOCIQuickCreate{}
    17  )
    18  
    19  // SetupWebhookWithManager is used to let the controller manager know about the webhook
    20  func (o *OCNEOCIQuickCreate) SetupWebhookWithManager(mgr ctrl.Manager) error {
    21  	return ctrl.NewWebhookManagedBy(mgr).
    22  		For(o).
    23  		Complete()
    24  }
    25  
    26  // ValidateCreate validates the OCNEOCIQuickCreate input.
    27  // We do not provide a deep validation of OCI cloud resources, because the provided
    28  // credentials may not have the necessary policies to do so.
    29  func (o *OCNEOCIQuickCreate) ValidateCreate() error {
    30  	ctx, err := NewValidationContext()
    31  	if err != nil {
    32  		return fmt.Errorf("failed to create validation context: %w", err)
    33  	}
    34  	nsn := o.Spec.IdentityRef.AsNamespacedName()
    35  	creds, err := ctx.CredentialsLoader.GetCredentialsIfAllowed(ctx.Ctx, ctx.Cli, nsn, o.Namespace)
    36  	if err != nil {
    37  		return fmt.Errorf("cannot access OCI credentials %s/%s: %v", nsn.Namespace, nsn.Name, err)
    38  	}
    39  	ociClient, err := ctx.OCIClientGetter(creds)
    40  	if err != nil {
    41  		return fmt.Errorf("failed to create OCI Client: %w", err)
    42  	}
    43  	// Validate the OCI Network
    44  	addOCINetworkErrors(ctx, ociClient, o.Spec.OCI.Network, 4, "spec.oci.network")
    45  	// Validate the OCI Nodes
    46  	addOCINodeErrors(ctx, o.Spec.OCI.ControlPlane, "spec.oci.controlPlane")
    47  	for i, worker := range o.Spec.OCI.Workers {
    48  		addOCINodeErrors(ctx, worker.OCINode, fmt.Sprintf("spec.oci.workers[%d]", i))
    49  	}
    50  	addOCNEErrors(ctx, o.Spec.OCNE, "spec.ocne")
    51  	addProxyErrors(ctx, o.Spec.Proxy, "spec.proxy")
    52  	addPrivateRegistryErrors(ctx, o.Spec.PrivateRegistry, "spec.privateRegistry")
    53  	if ctx.Errors.HasError() {
    54  		return ctx.Errors
    55  	}
    56  	return nil
    57  }
    58  
    59  // ValidateUpdate rejects any changes to the quick create spec.
    60  func (o *OCNEOCIQuickCreate) ValidateUpdate(old runtime.Object) error {
    61  	oldCluster, ok := old.(*OCNEOCIQuickCreate)
    62  	if !ok {
    63  		return errors.New("update resource must be of kind OCNEOCIQuickCreate")
    64  	}
    65  	if !reflect.DeepEqual(o.Spec, oldCluster.Spec) {
    66  		return errors.New("spec updates are not permitted")
    67  	}
    68  	return nil
    69  }
    70  
    71  func (o *OCNEOCIQuickCreate) ValidateDelete() error {
    72  	return nil
    73  }