-
Notifications
You must be signed in to change notification settings - Fork 66
/
configvalidator.go
132 lines (115 loc) · 5.03 KB
/
configvalidator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package infrastructure
import (
"context"
"fmt"
"strings"
"github.com/gardener/gardener/extensions/pkg/controller/infrastructure"
extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
"github.com/go-logr/logr"
"k8s.io/apimachinery/pkg/util/validation/field"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/manager"
"github.com/gardener/gardener-extension-provider-alicloud/pkg/alicloud"
"github.com/gardener/gardener-extension-provider-alicloud/pkg/apis/alicloud/helper"
"github.com/gardener/gardener-extension-provider-alicloud/pkg/controller/infrastructure/infraflow/aliclient"
)
// configValidator implements ConfigValidator for alicloud infrastructure resources.
type configValidator struct {
factory aliclient.Factory
mgr manager.Manager
logger logr.Logger
}
// NewConfigValidator creates a new ConfigValidator.
func NewConfigValidator(mgr manager.Manager, logger logr.Logger, factory aliclient.Factory) infrastructure.ConfigValidator {
return &configValidator{
factory: factory,
mgr: mgr,
logger: logger.WithName("alicloud-infrastructure-config-validator"),
}
}
// Validate validates the provider config of the given infrastructure resource with the cloud provider.
func (c *configValidator) Validate(ctx context.Context, infra *extensionsv1alpha1.Infrastructure) field.ErrorList {
allErrs := field.ErrorList{}
logger := c.logger.WithValues("infrastructure", client.ObjectKeyFromObject(infra))
config, err := helper.InfrastructureConfigFromInfrastructure(infra)
if err != nil {
allErrs = append(allErrs, field.InternalError(nil, err))
return allErrs
}
credentials, err := alicloud.ReadCredentialsFromSecretRef(ctx, c.mgr.GetClient(), &infra.Spec.SecretRef)
if err != nil {
allErrs = append(allErrs, field.InternalError(nil, fmt.Errorf("could not get Alicloud credentials: %+v", err)))
return allErrs
}
actor, err := c.factory.NewActor(credentials.AccessKeyID, credentials.AccessKeySecret, infra.Spec.Region)
if err != nil {
allErrs = append(allErrs, field.InternalError(nil, fmt.Errorf("create aliclient actor failed: %+v", err)))
return allErrs
}
// Validate infrastructure config
createManagedNATGateway := true
if config.Networks.VPC.ID != nil {
logger.Info("Validating infrastructure networks.vpc.id")
if config.Networks.VPC.GardenerManagedNATGateway == nil || !*config.Networks.VPC.GardenerManagedNATGateway {
createManagedNATGateway = false
}
allErrs = append(allErrs, c.validateVPC(ctx, actor, *config.Networks.VPC.ID, !createManagedNATGateway, field.NewPath("networks", "vpc", "id"))...)
}
if createManagedNATGateway {
logger.Info("Validating infrastructure networks.zones[0].name")
allErrs = append(allErrs, c.validateEnhancedNatGatewayZone(ctx, actor, config.Networks.Zones[0].Name, infra.Spec.Region, field.NewPath("networks", "zones[0]", "name"))...)
}
for _, zone := range config.Networks.Zones {
if zone.NatGateway != nil && zone.NatGateway.EIPAllocationID != nil {
logger.Info("Validating infrastructure networks.zones[].natGatewayid.eipAllocationID")
allErrs = append(allErrs, c.validateEIP(ctx, actor, *zone.NatGateway.EIPAllocationID, field.NewPath("networks", "zones[]", "natGateway", "eipAllocationID"))...)
}
}
return allErrs
}
func (c *configValidator) validateVPC(ctx context.Context, actor aliclient.Actor, vpcID string, checkNatgatewayExists bool, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
// check vpc if exists
vpc, err := actor.GetVpc(ctx, vpcID)
if err != nil || vpc == nil {
allErrs = append(allErrs, field.NotFound(fldPath, vpcID))
return allErrs
}
if checkNatgatewayExists {
gw, err := actor.FindNatGatewayByVPC(ctx, vpcID)
if err != nil || gw == nil {
allErrs = append(allErrs, field.Invalid(fldPath, vpcID, "no user natgateway found"))
}
}
return allErrs
}
func (c *configValidator) validateEIP(ctx context.Context, actor aliclient.Actor, eipId string, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
eip, err := actor.GetEIP(ctx, eipId)
if err != nil || eip == nil {
allErrs = append(allErrs, field.NotFound(fldPath, eipId))
}
return allErrs
}
func (c *configValidator) validateEnhancedNatGatewayZone(ctx context.Context, actor aliclient.Actor, zone, region string, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
validZones, err := actor.ListEnhanhcedNatGatewayAvailableZones(ctx, region)
if err != nil {
allErrs = append(allErrs, field.InternalError(nil, fmt.Errorf("list natgateway availableZones failed: %+v", err)))
return allErrs
}
validNatGatewayZone := false
for _, valid_zone := range validZones {
if zone == valid_zone {
validNatGatewayZone = true
break
}
}
if !validNatGatewayZone {
allErrs = append(allErrs, field.Forbidden(fldPath, fmt.Sprintf("zone %s does not support enhance natgateway, please use following zones: %s", zone, strings.Join(validZones, " "))))
}
return allErrs
}