Add Dynamic Admission Control for ComponentDefinition

[yangsoon]

fix #1473, align with #1563

Add dynamic admission control for ComponentDefinition.

MutatingWebhook

MutatingWebhook will generate WorkloadDefinition based on the Spec.Workload.Definition field(if workloaddefinition does not exist), and fill in the Spec.Workload.Type field to point to the created workloaddefinition.

apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  name: worker
  namespace: default
spec:
  workload:
    definition:
      apiVersion: apps/v1
      kind: Deployment
  schematic:
    cue:
      template: |
....

After being processed by MutatingWebhook

apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  name: worker
  namespace: default
spec:
  workload:
    definition:
      apiVersion: apps/v1
      kind: Deployment
    type: deployments.app # MutatingWebhook filld the type field
  schematic:
    cue:
      template: |
...

Generate a WorkloadDefinition named deployments.app(If it doesn't exist).

kind: WorkloadDefinition
metadata:
  name: deployments.app
spec:
  definitionRef:
    name: deployments.app
    version: v1

ValidatingWebhook check Type and Definition fields in Spec.Workload:

1. If the fields are all empty, ValidatingWebhook will reject;

# Rejected!
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  name: worker
  namespace: default
spec:
  workload:
    definition:
    type:
  schematic:
    cue:
      template: |
....

2. if Type and Definitiondon‘t point to the same workloaddefinition, ValidatingWebhook will also reject.

# Rejected!
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  name: worker
  namespace: default
spec:
  workload:
    definition:
      apiVersion: apps/v1
      kind: Deployment
    type: containerizedworkloads.core.oam.dev  # definition and type point to different workload type
  schematic:
    cue:
      template: |
...

for details, please see:

https://github.com/oam-dev/spec/blob/master/3.component_model.md
https://github.com/oam-dev/spec/blob/master/4.workload_types.md

• add webhook
• add test

[codecov]

Codecov Report

Merging #1648 (c7cb8f8) into master (80b2c37) will increase coverage by 0.12%.
The diff coverage is 74.48%.

@@            Coverage Diff             @@
##           master    #1648      +/-   ##
==========================================
+ Coverage   62.46%   62.59%   +0.12%     
==========================================
  Files         120      122       +2     
  Lines       11952    12027      +75     
==========================================
+ Hits         7466     7528      +62     
- Misses       3722     3732      +10     
- Partials      764      767       +3     

Flag	Coverage Δ
e2etests	43.84% <62.24%> (+0.21%)	⬆️
unittests	58.33% <29.16%> (-0.27%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/oam/util/helper.go	80.28% <ø> (-0.12%)	⬇️
pkg/controller/utils/utils.go	39.47% <42.10%> (-1.79%)	⬇️
...v/v1alpha2/componentdefinition/mutating_handler.go	70.73% <70.73%> (ø)
...v1alpha2/componentdefinition/validating_handler.go	92.85% <92.85%> (ø)
...ponentdefinition/componentdefinition_controller.go	84.55% <100.00%> (+1.35%)	⬆️
...ha2/core/components/componentdefinition/handler.go	78.78% <100.00%> (ø)
...aits/traitdefinition/traitdefinition_controller.go	75.00% <100.00%> (-5.00%)	⬇️
pkg/webhook/core.oam.dev/register.go	100.00% <100.00%> (ø)
...g/controller/core.oam.dev/v1alpha2/core/revison.go	68.46% <0.00%> (-2.71%)	⬇️
... and 9 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 80b2c37...c7cb8f8. Read the comment docs.

[yangsoon]

I fix the webhook. please \cc @captainroy-hy

[captainroy-hy]

LGTM.