webhook: check input values

Longhorn 7357

Signed-off-by: Derek Su <derek.su@suse.com>

webhook/resources/backingimage/mutator.go

@@ -46,7 +46,11 @@ func (b *backingImageMutator) Resource() admission.Resource {
 }
 
 func (b *backingImageMutator) Create(request *admission.Request, newObj runtime.Object) (admission.PatchOps, error) {
-	backingImage := newObj.(*longhorn.BackingImage)
+	backingImage, ok := newObj.(*longhorn.BackingImage)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.BackingImage", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	var err error
@@ -99,7 +103,11 @@ func (b *backingImageMutator) Create(request *admission.Request, newObj runtime.
 }
 
 func (b *backingImageMutator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) (admission.PatchOps, error) {
-	backingImage := newObj.(*longhorn.BackingImage)
+	backingImage, ok := newObj.(*longhorn.BackingImage)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.BackingImage", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	var err error

webhook/resources/backingimage/validator.go

@@ -42,8 +42,10 @@ func (b *backingImageValidator) Resource() admission.Resource {
 }
 
 func (b *backingImageValidator) Create(request *admission.Request, newObj runtime.Object) error {
-	backingImage := newObj.(*longhorn.BackingImage)
-
+	backingImage, ok := newObj.(*longhorn.BackingImage)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.BackingImage", newObj), "")
+	}
 	if !util.ValidateName(backingImage.Name) {
 		return werror.NewInvalidError(fmt.Sprintf("invalid name %v", backingImage.Name), "")
 	}
@@ -91,7 +93,10 @@ func (b *backingImageValidator) Create(request *admission.Request, newObj runtim
 }
 
 func (b *backingImageValidator) Delete(request *admission.Request, oldObj runtime.Object) error {
-	backingImage := oldObj.(*longhorn.BackingImage)
+	backingImage, ok := oldObj.(*longhorn.BackingImage)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.BackingImage", oldObj), "")
+	}
 
 	replicas, err := b.ds.ListReplicasByBackingImage(backingImage.Name)
 	if err != nil {

webhook/resources/backingimagedatasource/mutator.go

@@ -50,9 +50,12 @@ func (b *backingImageDataSourceMutator) Update(request *admission.Request, oldOb
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	var patchOps admission.PatchOps
+	backingImageDataSource, ok := newObj.(*longhorn.BackingImageDataSource)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.BackingImageDataSource", newObj), "")
+	}
 
-	backingImageDataSource := newObj.(*longhorn.BackingImageDataSource)
+	var patchOps admission.PatchOps
 
 	if backingImageDataSource.Spec.SourceType == "" {
 		patchOps = append(patchOps, fmt.Sprintf(`{"op": "replace", "path": "/spec/sourceType", "value": "%s"}`, longhorn.BackingImageDataSourceTypeDownload))

webhook/resources/backingimagemanager/mutator.go

@@ -1,6 +1,8 @@
 package backingimagemanager
 
 import (
+	"fmt"
+
 	"github.com/pkg/errors"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -48,7 +50,11 @@ func (b *backingImageManagerMutator) Update(request *admission.Request, oldObj r
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	backingImageManager := newObj.(*longhorn.BackingImageManager)
+	backingImageManager, ok := newObj.(*longhorn.BackingImageManager)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.backingImageManager", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	if backingImageManager.Spec.BackingImages == nil {

webhook/resources/backup/mutator.go

@@ -43,7 +43,11 @@ func (b *backupMutator) Resource() admission.Resource {
 }
 
 func (b *backupMutator) Create(request *admission.Request, newObj runtime.Object) (admission.PatchOps, error) {
-	backup := newObj.(*longhorn.Backup)
+	backup, ok := newObj.(*longhorn.Backup)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Backup", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	var err error
@@ -86,7 +90,10 @@ func (b *backupMutator) Update(request *admission.Request, oldObj runtime.Object
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	backup := newObj.(*longhorn.Backup)
+	backup, ok := newObj.(*longhorn.Backup)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Backup", newObj), "")
+	}
 	var patchOps admission.PatchOps
 
 	if backup.Spec.Labels == nil {

webhook/resources/backupvolume/mutator.go

@@ -1,6 +1,8 @@
 package backupvolume
 
 import (
+	"fmt"
+
 	"github.com/pkg/errors"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -48,7 +50,11 @@ func (b *backupVolumeMutator) Update(request *admission.Request, oldObj runtime.
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	backupVolume := newObj.(*longhorn.BackupVolume)
+	backupVolume, ok := newObj.(*longhorn.BackupVolume)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.BackupVolume", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	patchOp, err := common.GetLonghornFinalizerPatchOpIfNeeded(backupVolume)

webhook/resources/engine/mutator.go

@@ -50,7 +50,11 @@ func (e *engineMutator) Update(request *admission.Request, oldObj runtime.Object
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	engine := newObj.(*longhorn.Engine)
+	engine, ok := newObj.(*longhorn.Engine)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Engine", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	if engine.Spec.ReplicaAddressMap == nil {

webhook/resources/engine/validator.go

@@ -41,7 +41,10 @@ func (e *engineValidator) Resource() admission.Resource {
 }
 
 func (e *engineValidator) Create(request *admission.Request, newObj runtime.Object) error {
-	engine := newObj.(*longhorn.Engine)
+	engine, ok := newObj.(*longhorn.Engine)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Engine", newObj), "")
+	}
 
 	volume, err := e.ds.GetVolume(engine.Spec.VolumeName)
 	if err != nil {
@@ -67,8 +70,14 @@ func (e *engineValidator) Create(request *admission.Request, newObj runtime.Obje
 }
 
 func (e *engineValidator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) error {
-	oldEngine := oldObj.(*longhorn.Engine)
-	newEngine := newObj.(*longhorn.Engine)
+	oldEngine, ok := oldObj.(*longhorn.Engine)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Engine", oldObj), "")
+	}
+	newEngine, ok := newObj.(*longhorn.Engine)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Engine", newObj), "")
+	}
 
 	if oldEngine.Spec.BackendStoreDriver != "" {
 		if oldEngine.Spec.BackendStoreDriver != newEngine.Spec.BackendStoreDriver {

webhook/resources/engineimage/mutator.go

@@ -43,7 +43,11 @@ func (e *engineImageMutator) Resource() admission.Resource {
 }
 
 func (e *engineImageMutator) Create(request *admission.Request, newObj runtime.Object) (admission.PatchOps, error) {
-	engineImage := newObj.(*longhorn.EngineImage)
+	engineImage, ok := newObj.(*longhorn.EngineImage)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.EngineImage", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	var err error
@@ -78,7 +82,11 @@ func (e *engineImageMutator) Update(request *admission.Request, oldObj runtime.O
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	engineImage := newObj.(*longhorn.EngineImage)
+	engineImage, ok := newObj.(*longhorn.EngineImage)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.EngineImage", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	patchOp, err := common.GetLonghornFinalizerPatchOpIfNeeded(engineImage)

webhook/resources/instancemanager/mutator.go

@@ -41,7 +41,10 @@ func (i *instanceManagerMutator) Resource() admission.Resource {
 }
 
 func (i *instanceManagerMutator) Create(request *admission.Request, newObj runtime.Object) (admission.PatchOps, error) {
-	im := newObj.(*longhorn.InstanceManager)
+	im, ok := newObj.(*longhorn.InstanceManager)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.InstanceManager", newObj), "")
+	}
 
 	patchOps := mutate(im)
 
@@ -75,7 +78,12 @@ func (i *instanceManagerMutator) Create(request *admission.Request, newObj runti
 }
 
 func (i *instanceManagerMutator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) (admission.PatchOps, error) {
-	patchOps := mutate(newObj.(*longhorn.InstanceManager))
+	newIm, ok := newObj.(*longhorn.InstanceManager)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.InstanceManager", newObj), "")
+	}
+
+	patchOps := mutate(newIm)
 
 	return patchOps, nil
 }

webhook/resources/instancemanager/validator.go

@@ -38,15 +38,24 @@ func (i *instanceManagerValidator) Resource() admission.Resource {
 }
 
 func (i *instanceManagerValidator) Create(request *admission.Request, newObj runtime.Object) error {
-	if err := validate(newObj.(*longhorn.InstanceManager)); err != nil {
+	im, ok := newObj.(*longhorn.InstanceManager)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.InstanceManager", newObj), "")
+	}
+	if err := validate(im); err != nil {
 		return werror.NewInvalidError(err.Error(), "")
 	}
 
 	return nil
 }
 
 func (i *instanceManagerValidator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) error {
-	if err := validate(newObj.(*longhorn.InstanceManager)); err != nil {
+	newIm, ok := newObj.(*longhorn.InstanceManager)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.InstanceManager", newObj), "")
+	}
+
+	if err := validate(newIm); err != nil {
 		return werror.NewInvalidError(err.Error(), "")
 	}
 

webhook/resources/node/mutator.go

@@ -52,7 +52,10 @@ func (n *nodeMutator) Update(request *admission.Request, oldObj runtime.Object,
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	node := newObj.(*longhorn.Node)
+	node, ok := newObj.(*longhorn.Node)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Node", newObj), "")
+	}
 	var patchOps admission.PatchOps
 
 	if node.Spec.Tags == nil {

webhook/resources/node/validator.go

@@ -44,7 +44,11 @@ func (n *nodeValidator) Resource() admission.Resource {
 }
 
 func (n *nodeValidator) Create(request *admission.Request, newObj runtime.Object) error {
-	node := newObj.(*longhorn.Node)
+	node, ok := newObj.(*longhorn.Node)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Node", newObj), "")
+	}
+
 	if node.Spec.InstanceManagerCPURequest < 0 {
 		return werror.NewInvalidError("instanceManagerCPURequest should be greater than or equal to 0", "")
 	}
@@ -73,8 +77,14 @@ func (n *nodeValidator) Create(request *admission.Request, newObj runtime.Object
 }
 
 func (n *nodeValidator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) error {
-	oldNode := oldObj.(*longhorn.Node)
-	newNode := newObj.(*longhorn.Node)
+	oldNode, ok := oldObj.(*longhorn.Node)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Node", oldObj), "")
+	}
+	newNode, ok := newObj.(*longhorn.Node)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Node", newObj), "")
+	}
 
 	if newNode.Spec.InstanceManagerCPURequest < 0 {
 		return werror.NewInvalidError("instanceManagerCPURequest should be greater than or equal to 0", "")

webhook/resources/orphan/mutator.go

@@ -1,6 +1,8 @@
 package orphan
 
 import (
+	"fmt"
+
 	"github.com/pkg/errors"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -40,7 +42,11 @@ func (o *orphanMutator) Resource() admission.Resource {
 }
 
 func (o *orphanMutator) Create(request *admission.Request, newObj runtime.Object) (admission.PatchOps, error) {
-	orphan := newObj.(*longhorn.Orphan)
+	orphan, ok := newObj.(*longhorn.Orphan)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Orphan", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	var err error
@@ -74,7 +80,11 @@ func (o *orphanMutator) Update(request *admission.Request, oldObj runtime.Object
 
 // mutate contains functionality shared by Create and Update.
 func mutate(newObj runtime.Object) (admission.PatchOps, error) {
-	orphan := newObj.(*longhorn.Orphan)
+	orphan, ok := newObj.(*longhorn.Orphan)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Orphan", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	patchOp, err := common.GetLonghornFinalizerPatchOpIfNeeded(orphan)

webhook/resources/orphan/validator.go

@@ -38,7 +38,10 @@ func (o *orphanValidator) Resource() admission.Resource {
 }
 
 func (o *orphanValidator) Create(request *admission.Request, newObj runtime.Object) error {
-	orphan := newObj.(*longhorn.Orphan)
+	orphan, ok := newObj.(*longhorn.Orphan)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Orphan", newObj), "")
+	}
 
 	var err error
 	switch {
@@ -55,7 +58,10 @@ func (o *orphanValidator) Create(request *admission.Request, newObj runtime.Obje
 }
 
 func (o *orphanValidator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) error {
-	newOrphan := newObj.(*longhorn.Orphan)
+	newOrphan, ok := newObj.(*longhorn.Orphan)
+	if !ok {
+		return werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.Orphan", newObj), "")
+	}
 
 	if err := checkOrphanParameters(newOrphan); err != nil {
 		return werror.NewInvalidError(err.Error(), "")

webhook/resources/recurringjob/mutator.go

@@ -12,6 +12,7 @@ import (
 	"github.com/longhorn/longhorn-manager/datastore"
 	"github.com/longhorn/longhorn-manager/util"
 	"github.com/longhorn/longhorn-manager/webhook/admission"
+	werror "github.com/longhorn/longhorn-manager/webhook/error"
 
 	longhorn "github.com/longhorn/longhorn-manager/k8s/pkg/apis/longhorn/v1beta2"
 )
@@ -40,7 +41,11 @@ func (r *recurringJobMutator) Resource() admission.Resource {
 }
 
 func (r *recurringJobMutator) Create(request *admission.Request, newObj runtime.Object) (admission.PatchOps, error) {
-	recurringjob := newObj.(*longhorn.RecurringJob)
+	recurringjob, ok := newObj.(*longhorn.RecurringJob)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.RecurringJob", newObj), "")
+	}
+
 	var patchOps admission.PatchOps
 
 	name := util.AutoCorrectName(recurringjob.Name, datastore.NameMaximumLength)
@@ -80,7 +85,10 @@ func (r *recurringJobMutator) Create(request *admission.Request, newObj runtime.
 }
 
 func (r *recurringJobMutator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) (admission.PatchOps, error) {
-	newRecurringjob := newObj.(*longhorn.RecurringJob)
+	newRecurringjob, ok := newObj.(*longhorn.RecurringJob)
+	if !ok {
+		return nil, werror.NewInvalidError(fmt.Sprintf("%v is not a *longhorn.RecurringJob", newObj), "")
+	}
 	var patchOps admission.PatchOps
 
 	if newRecurringjob.Spec.Name == "" {