Adding secretef Webhook For Backingstore and Namespacestore

- Adding secretef Webhook For Backingstore and Namespacestore to validate that it have namespace in it. Signed-off-by: liranmauda <liran.mauda@gmail.com>
noobaa · Oct 23, 2022 · d9fead1 · d9fead1
1 parent 6fc994c
commit d9fead1
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 2 deletions.
diff --git a/pkg/admission/validate_namespacestore.go b/pkg/admission/validate_namespacestore.go
@@ -92,6 +92,10 @@ func (nsv *ResourceValidator) ValidateUpdateNS() {
 			nsv.SetValidationResult(false, err.Error())
 			return
 		}
+		if err := validations.ValidateNamespacestoreSecretRefNamespace(*ns); err != nil && util.IsValidationError(err) {
+			nsv.SetValidationResult(false, err.Error())
+			return
+		}
 	}
 }
 

diff --git a/pkg/validations/backingstore_validations.go b/pkg/validations/backingstore_validations.go
@@ -24,6 +24,7 @@ func ValidateBackingStore(bs nbv1.BackingStore) error {
 	if err := ValidateBSEmptyTargetBucket(bs); err != nil {
 		return err
 	}
+
 	switch bs.Spec.Type {
 	case nbv1.StoreTypePVPool:
 		if err := ValidatePvpoolNameLength(bs); err != nil {
@@ -39,10 +40,25 @@ func ValidateBackingStore(bs nbv1.BackingStore) error {
 			return err
 		}
 	case nbv1.StoreTypeS3Compatible:
-		return ValidateSigVersion(bs.Spec.S3Compatible.SignatureVersion)
+		if err := ValidateSigVersion(bs.Spec.S3Compatible.SignatureVersion); err != nil {
+			return err
+		}
+		if err := ValidateBackingstoreSecretRefNamespace(bs); err != nil {
+			return err
+		}
+		return nil
 	case nbv1.StoreTypeIBMCos:
-		return ValidateSigVersion(bs.Spec.IBMCos.SignatureVersion)
+		if err := ValidateSigVersion(bs.Spec.IBMCos.SignatureVersion); err != nil {
+			return err
+		}
+		if err := ValidateBackingstoreSecretRefNamespace(bs); err != nil {
+			return err
+		}
+		return nil
 	case nbv1.StoreTypeAWSS3, nbv1.StoreTypeAzureBlob, nbv1.StoreTypeGoogleCloudStorage:
+		if err := ValidateBackingstoreSecretRefNamespace(bs); err != nil {
+			return err
+		}
 		return nil
 	default:
 		return util.ValidationError{
@@ -272,3 +288,21 @@ func ValidateBackingstoreDeletion(bs nbv1.BackingStore, systemInfo nb.SystemInfo
 
 	return nil
 }
+
+// ValidateBackingstoreSecretRefNamespace validates that the secretref have namespace in it.
+func ValidateBackingstoreSecretRefNamespace(bs nbv1.BackingStore) error{
+	secretRef, err := util.GetBackingStoreSecretByType(&bs);
+	if err != nil {
+		return util.ValidationError{
+			Msg: err.Error(),
+		}
+	}
+	if secretRef.Namespace == "" {
+		return util.ValidationError{
+			Msg: fmt.Sprintf("Secret ref %q in Backingstore %q must have namespace", secretRef.Name, bs.Name),
+		}
+	}
+
+	return nil
+
+}
diff --git a/pkg/validations/namespacestore_validations.go b/pkg/validations/namespacestore_validations.go
@@ -25,6 +25,13 @@ func ValidateNamespaceStore(nsStore *nbv1.NamespaceStore) error {
 	if err := ValidateNSEmptyTargetBucket(*nsStore); err != nil {
 		return err
 	}
+
+	if  nsStore.Spec.Type != nbv1.NSStoreTypeNSFS {
+		if err :=  ValidateNamespacestoreSecretRefNamespace(*nsStore); err != nil {
+			return err
+		}
+	}
+
 	switch nsStore.Spec.Type {
 
 	case nbv1.NSStoreTypeNSFS:
@@ -315,3 +322,21 @@ func ValidateNamespacestoreDeletion(ns nbv1.NamespaceStore, systemInfo nb.System
 
 	return nil
 }
+
+// ValidateNamespacestoreSecretRefNamespace validates that the secretref have namespace in it.
+func ValidateNamespacestoreSecretRefNamespace(ns nbv1.NamespaceStore) error{
+	secretRef, err := util.GetNamespaceStoreSecretByType(&ns);
+	if err != nil {
+		return util.ValidationError{
+			Msg: err.Error(),
+		}
+	}
+	if secretRef.Namespace == "" {
+		return util.ValidationError{
+			Msg: fmt.Sprintf("Secret ref %q in NamespaceStore %q must have namespace", secretRef.Name, ns.Name),
+		}
+	}
+
+	return nil
+
+}