sigs.k8s.io/kueue@v0.6.2/pkg/webhooks/admissioncheck_webhook.go

sigs.k8s.io/kueue@v0.6.2/pkg/webhooks/admissioncheck_webhook.go (about)

     1  /*
     2  Copyright 2023 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package webhooks
    18  
    19  import (
    20  	"context"
    21  	"strings"
    22  
    23  	apivalidation "k8s.io/apimachinery/pkg/api/validation"
    24  	"k8s.io/apimachinery/pkg/runtime"
    25  	utilvalidation "k8s.io/apimachinery/pkg/util/validation"
    26  	"k8s.io/apimachinery/pkg/util/validation/field"
    27  	"k8s.io/klog/v2"
    28  	ctrl "sigs.k8s.io/controller-runtime"
    29  	"sigs.k8s.io/controller-runtime/pkg/webhook"
    30  	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
    31  
    32  	kueue "sigs.k8s.io/kueue/apis/kueue/v1beta1"
    33  )
    34  
    35  type AdmissionCheckWebhook struct{}
    36  
    37  func setupWebhookForAdmissionCheck(mgr ctrl.Manager) error {
    38  	return ctrl.NewWebhookManagedBy(mgr).
    39  		For(&kueue.AdmissionCheck{}).
    40  		WithValidator(&AdmissionCheckWebhook{}).
    41  		Complete()
    42  }
    43  
    44  // +kubebuilder:webhook:path=/validate-kueue-x-k8s-io-v1beta1-admissioncheck,mutating=false,failurePolicy=fail,sideEffects=None,groups=kueue.x-k8s.io,resources=admissionchecks,verbs=create;update,versions=v1beta1,name=vadmissioncheck.kb.io,admissionReviewVersions=v1
    45  
    46  var _ webhook.CustomValidator = &AdmissionCheckWebhook{}
    47  
    48  // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type
    49  func (w *AdmissionCheckWebhook) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
    50  	ac := obj.(*kueue.AdmissionCheck)
    51  	log := ctrl.LoggerFrom(ctx).WithName("admissioncheck-webhook")
    52  	log.V(5).Info("Validating create", "admissionCheck", klog.KObj(ac))
    53  	return nil, validateAdmissionCheck(ac).ToAggregate()
    54  }
    55  
    56  // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type
    57  func (w *AdmissionCheckWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
    58  	oldAc := oldObj.(*kueue.AdmissionCheck)
    59  	newAc := newObj.(*kueue.AdmissionCheck)
    60  	log := ctrl.LoggerFrom(ctx).WithName("admissioncheck-webhook")
    61  	log.V(5).Info("Validating update", "admissionCheck", klog.KObj(newAc))
    62  	return nil, validateAdmissionCheckUpdate(oldAc, newAc).ToAggregate()
    63  }
    64  
    65  func validateAdmissionCheckUpdate(oldAc, newAc *kueue.AdmissionCheck) field.ErrorList {
    66  	var allErrs field.ErrorList
    67  	allErrs = append(allErrs, apivalidation.ValidateImmutableField(oldAc.Spec.ControllerName, newAc.Spec.ControllerName, field.NewPath("spec", "controllerName"))...)
    68  	allErrs = append(allErrs, validateAdmissionCheck(newAc)...)
    69  	return allErrs
    70  }
    71  
    72  // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type
    73  func (w *AdmissionCheckWebhook) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
    74  	return nil, nil
    75  }
    76  
    77  func validateAdmissionCheck(ac *kueue.AdmissionCheck) field.ErrorList {
    78  	var allErrs field.ErrorList
    79  	specPath := field.NewPath("spec")
    80  	if len(ac.Spec.ControllerName) == 0 {
    81  		allErrs = append(allErrs, field.Required(specPath.Child("controllerName"), utilvalidation.EmptyError()))
    82  	}
    83  	if ac.Spec.Parameters != nil {
    84  		allErrs = append(allErrs, validateParameters(ac.Spec.Parameters, field.NewPath("spec", "parameters"))...)
    85  	}
    86  	return allErrs
    87  }
    88  
    89  func validateParameters(ref *kueue.AdmissionCheckParametersReference, fldPath *field.Path) field.ErrorList {
    90  	var allErrs field.ErrorList
    91  
    92  	if errs := utilvalidation.IsDNS1123Subdomain(ref.APIGroup); len(errs) > 0 {
    93  		allErrs = append(allErrs, field.Invalid(fldPath.Child("apiGroup"), ref.APIGroup, "should match: "+strings.Join(errs, ",")))
    94  	}
    95  
    96  	if errs := utilvalidation.IsDNS1035Label(strings.ToLower(ref.Kind)); len(errs) > 0 {
    97  		allErrs = append(allErrs, field.Invalid(fldPath.Child("kind"), ref.Kind, "may have mixed case, but should otherwise match: "+strings.Join(errs, ",")))
    98  	}
    99  
   100  	if errs := utilvalidation.IsDNS1123Label(ref.Name); len(errs) > 0 {
   101  		allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), ref.Name, "should match: "+strings.Join(errs, ",")))
   102  	}
   103  	return allErrs
   104  }