-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathmulticluster_validation.go
99 lines (88 loc) · 3.5 KB
/
multicluster_validation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// Copyright (c) 2021, Oracle and/or its affiliates.
// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
package webhooks
import (
"context"
"fmt"
clusters "github.com/verrazzano/verrazzano/application-operator/apis/clusters/v1alpha1"
"github.com/verrazzano/verrazzano/application-operator/constants"
clusterutil "github.com/verrazzano/verrazzano/application-operator/controllers/clusters"
core "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
func validateMultiClusterResource(c client.Client, r clusterutil.MultiClusterResource) error {
p := r.GetPlacement()
if len(p.Clusters) == 0 {
return fmt.Errorf("One or more target clusters must be provided")
}
if !isLocalClusterManagedCluster(c) {
if err := validateTargetClustersExist(c, p); err != nil {
return err
}
}
return nil
}
// isLocalClusterManagedCluster determines if the local cluster is a registered managed cluster.
func isLocalClusterManagedCluster(c client.Client) bool {
s := core.Secret{}
k := client.ObjectKey{Name: constants.MCRegistrationSecret, Namespace: constants.VerrazzanoSystemNamespace}
err := c.Get(context.TODO(), k, &s)
return err == nil
}
// validateTargetClustersExist determines if all of the target clusters of the project have
// corresponding managed cluster resources. The results are only valid when this
// is executed against an admin cluster.
func validateTargetClustersExist(c client.Client, p clusters.Placement) error {
for _, cluster := range p.Clusters {
targetClusterName := cluster.Name
// If the target cluster name is local then assume it is valid.
if targetClusterName != constants.DefaultClusterName {
key := client.ObjectKey{Name: targetClusterName, Namespace: constants.VerrazzanoMultiClusterNamespace}
// Need to use unstructured here to avoid a dependency on the platform operator
vmc := unstructured.Unstructured{}
vmc.SetGroupVersionKind(schema.GroupVersionKind{
Group: "clusters.verrazzano.io",
Version: "v1alpha1",
Kind: "VerrazzanoManagedCluster",
})
vmc.SetNamespace(constants.VerrazzanoMultiClusterNamespace)
vmc.SetName(targetClusterName)
err := c.Get(context.TODO(), key, &vmc)
if err != nil {
return fmt.Errorf("target managed cluster %s is not registered: %v", cluster.Name, err)
}
}
}
return nil
}
// translateErrorToResponse translates an error to an admission.Response
func translateErrorToResponse(err error) admission.Response {
if err == nil {
return admission.Allowed("")
}
return admission.Denied(err.Error())
}
// Validate that the namespace of a multiclusterXXX resource is part of a verrazzanoproject
func validateNamespaceInProject(c client.Client, namespace string) error {
vzProjects := clusters.VerrazzanoProjectList{}
err := c.List(context.TODO(), &vzProjects)
if err != nil {
return err
}
if len(vzProjects.Items) == 0 {
return fmt.Errorf("namespace %s not specified in any verrazzanoproject resources - no verrazzanoproject resources found", namespace)
}
// Check verrazzanoProjects for a matching namespace
for _, proj := range vzProjects.Items {
for _, ns := range proj.Spec.Template.Namespaces {
if ns.Metadata.Name == namespace {
return nil
}
}
}
// No matching namespace found so return error
return fmt.Errorf("namespace %s not specified in any verrazzanoproject resources", namespace)
}