-
Notifications
You must be signed in to change notification settings - Fork 163
/
validation_ce.go
86 lines (68 loc) · 2.45 KB
/
validation_ce.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
//go:build !ee
/*
Copyright 2020 The Kubermatic Kubernetes Platform contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package seed
import (
"context"
"errors"
"fmt"
kubermaticv1 "k8c.io/kubermatic/v2/pkg/apis/kubermatic/v1"
"k8c.io/kubermatic/v2/pkg/features"
"k8c.io/kubermatic/v2/pkg/provider"
"k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
type fixedNameValidator struct {
upstream *validator
name string
}
var _ admission.CustomValidator = &fixedNameValidator{}
func NewValidator(
seedsGetter provider.SeedsGetter,
seedClientGetter provider.SeedClientGetter,
features features.FeatureGate,
) (*fixedNameValidator, error) {
upstream, err := newSeedValidator(seedsGetter, seedClientGetter, features)
if err != nil {
return nil, err
}
return &fixedNameValidator{
upstream: upstream,
name: provider.DefaultSeedName,
}, nil
}
func (v *fixedNameValidator) ValidateCreate(ctx context.Context, obj runtime.Object) error {
return v.validate(ctx, obj, false)
}
func (v *fixedNameValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) error {
return v.validate(ctx, newObj, false)
}
func (v *fixedNameValidator) ValidateDelete(ctx context.Context, obj runtime.Object) error {
return v.validate(ctx, obj, true)
}
func (v *fixedNameValidator) validate(ctx context.Context, obj runtime.Object, isDelete bool) error {
// restrict names to CE-compatible names, i.e. only "kubermatic";
// this is both to make the validation easier (we can use the default
// seedsGetter if there cannot be more than one Seed in CE) and to make
// misconfiguration harder (we warn the user early if they create misnamed Seeds)
if !isDelete {
subject, ok := obj.(*kubermaticv1.Seed)
if !ok {
return errors.New("given object is not a Seed")
}
if subject.Name != v.name {
return fmt.Errorf("cannot create Seed %s: it must be named %s", subject.Name, v.name)
}
}
return v.upstream.validate(ctx, obj, isDelete)
}