fix(webhook):refactor cluster webhook check and update cluster deploy…

…ment manifest Signed-off-by: Steven Zou <szou@vmware.com>
goharbor · Nov 28, 2020 · ff824c8 · ff824c8
1 parent c43e178
commit ff824c8
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 25 deletions.
diff --git a/apis/goharbor.io/v1alpha2/harborcluster_webhook.go b/apis/goharbor.io/v1alpha2/harborcluster_webhook.go
@@ -62,57 +62,103 @@ func (hc *HarborCluster) validate() error {
 	var allErrs field.ErrorList
 
 	// For database(psql), cache(Redis) and storage, either external services or in-cluster services MUST be configured
+	if err := hc.validateStorage(); err != nil {
+		allErrs = append(allErrs, err)
+	}
+
+	if err := hc.validateDatabase(); err != nil {
+		allErrs = append(allErrs, err)
+	}
+
+	if err := hc.validateCache(); err != nil {
+		allErrs = append(allErrs, err)
+	}
 
+	if len(allErrs) == 0 {
+		return nil
+	}
+
+	return apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "HarborCluster"}, hc.Name, allErrs)
+}
+
+func (hc *HarborCluster) validateStorage() *field.Error {
 	// Storage
 	// External is not configured
 	if err := hc.Spec.ImageChartStorage.Validate(); err != nil {
+		clog.Error(err, "validate spec.imageChartStorage")
+
 		// And in-cluster minIO is not configured
 		if hc.Spec.InClusterStorage == nil {
 			// Invalid and not acceptable
-			allErrs = append(
-				allErrs,
-				field.Invalid(
-					field.NewPath("spec").
-						Child("imageChartStorage", "inClusterStorage"),
-					hc.Spec.ImageChartStorage,
-					"both storage and in-cluster storage are not correctly configured",
-				),
+			return field.Invalid(
+				field.NewPath("spec").
+					Child("imageChartStorage", "inClusterStorage"),
+				hc.Spec.ImageChartStorage,
+				"both storage and in-cluster storage are not correctly configured",
+			)
+		}
+	} else {
+		if hc.Spec.InClusterStorage != nil {
+			// Both are configured, conflict
+			return field.Invalid(
+				field.NewPath("spec").
+					Child("imageChartStorage", "inClusterStorage"),
+				hc.Spec.InClusterStorage,
+				"conflicts: both storage and in-cluster storage are configured, only one is required to set",
 			)
 		}
 	}
 
+	return nil
+}
+
+func (hc *HarborCluster) validateDatabase() *field.Error {
 	// Database
 	// External is not configured
 	// And also in-cluster psql is not specified
 	if hc.Spec.Database == nil && hc.Spec.InClusterDatabase == nil {
 		// Invalid and not acceptable
-		allErrs = append(
-			allErrs,
-			field.Invalid(
-				field.NewPath("spec").Child("database", "inClusterDatabase"),
-				hc.Spec.Database,
-				"both database or in-cluster database are not correctly configured",
-			),
+		return field.Invalid(
+			field.NewPath("spec").Child("database", "inClusterDatabase"),
+			hc.Spec.Database,
+			"both database or in-cluster database are not correctly configured",
 		)
 	}
 
+	// Both are configured then conflict
+	if hc.Spec.Database != nil && hc.Spec.InClusterDatabase != nil {
+		// Conflict and not acceptable
+		return field.Invalid(
+			field.NewPath("spec").Child("database", "inClusterDatabase"),
+			hc.Spec.InClusterDatabase,
+			"conflicts: both database or in-cluster database are configured, only one is required to set",
+		)
+	}
+
+	return nil
+}
+
+func (hc *HarborCluster) validateCache() *field.Error {
 	// Cache
 	// External is not configured
 	if hc.Spec.Redis == nil && hc.Spec.InClusterCache == nil {
 		// Invalid and not acceptable
-		allErrs = append(
-			allErrs,
-			field.Invalid(
-				field.NewPath("spec").Child("redis", "inClusterCache"),
-				hc.Spec.Database,
-				"both redis or in-cluster redis are not correctly configured",
-			),
+		return field.Invalid(
+			field.NewPath("spec").Child("redis", "inClusterCache"),
+			hc.Spec.Redis,
+			"both redis or in-cluster redis are not correctly configured",
 		)
 	}
 
-	if len(allErrs) == 0 {
-		return nil
+	// Both are configured and then conflict
+	if hc.Spec.Redis != nil && hc.Spec.InClusterCache != nil {
+		// Conflict and not acceptable
+		return field.Invalid(
+			field.NewPath("spec").Child("redis", "inClusterCache"),
+			hc.Spec.InClusterCache,
+			"conflicts: both redis or in-cluster redis are configured, only one is required to set",
+		)
 	}
 
-	return apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "HarborCluster"}, hc.Name, allErrs)
+	return nil
 }
diff --git a/manifests/cluster/deployment.yaml b/manifests/cluster/deployment.yaml
@@ -14348,6 +14348,28 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - operatorconfigurations
+  - postgresqls
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - postgresqls/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - apps
   resources:
@@ -14373,6 +14395,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - databases.spotahome.com
+  resources:
+  - redisfailovers
+  verbs:
+  - '*'
 - apiGroups:
   - goharbor.io
   resources:
@@ -14557,6 +14585,12 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - minio.min.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
 - apiGroups:
   - networking.k8s.io
   resources: