-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add webhook for limit 64 char name+np
- The 63 character limit validation for policy name is not working while creating a Policy via CLI. - Policy creation - Policy name + namespace name can’t go longer than 63 From CLI, it possible to create a policy with a name like “policy-check-setupjob-setupjob-operator-installer” with no issue; but, while wanting to edit it, we can’t. - Getting this error: “The combined length of namespace and policy nmabe (namespaceName.policyName) should not exceed 63 characters (see attached screeshot) Ref: https://issues.redhat.com/browse/ACM-3558 Signed-off-by: Yi Rae Kim <yikim@redhat.com>
- Loading branch information
1 parent
4f275f8
commit c93f938
Showing
13 changed files
with
385 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
// Copyright (c) 2021 Red Hat, Inc. | ||
// Copyright Contributors to the Open Cluster Management project | ||
|
||
package v1 | ||
|
||
import ( | ||
"errors" | ||
"unicode/utf8" | ||
|
||
"k8s.io/apimachinery/pkg/runtime" | ||
ctrl "sigs.k8s.io/controller-runtime" | ||
logf "sigs.k8s.io/controller-runtime/pkg/log" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" | ||
) | ||
|
||
var ( | ||
// log is for logging in this package. | ||
policylog = logf.Log.WithName("policy-validating-webhook") | ||
errName = errors.New("the combined length of the policy namespace and name " + | ||
"<namespace>.<name> cannot exceed 63 characters") | ||
) | ||
|
||
func (r *Policy) SetupWebhookWithManager(mgr ctrl.Manager) error { | ||
return ctrl.NewWebhookManagedBy(mgr). | ||
For(r). | ||
Complete() | ||
} | ||
|
||
//+kubebuilder:webhook:path=/validate-policy-open-cluster-management-io-v1-policy,mutating=false,failurePolicy=Ignore,sideEffects=None,groups=policy.open-cluster-management.io,resources=policies,verbs=create,versions=v1,name=policy.open-cluster-management.io.webhook,admissionReviewVersions=v1 | ||
|
||
var _ webhook.Validator = &Policy{} | ||
|
||
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type | ||
func (r *Policy) ValidateCreate() (admission.Warnings, error) { | ||
policylog.Info("Validate policy creation request", "name", r.Name) | ||
|
||
return r.validateName() | ||
} | ||
|
||
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type | ||
func (r *Policy) ValidateUpdate(_ runtime.Object) (admission.Warnings, error) { | ||
return nil, nil | ||
} | ||
|
||
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type | ||
func (r *Policy) ValidateDelete() (admission.Warnings, error) { | ||
return nil, nil | ||
} | ||
|
||
// validate the policy name and namespace length | ||
func (r *Policy) validateName() (admission.Warnings, error) { | ||
policylog.Info("Validating the policy name through a validating webhook") | ||
|
||
// replicated policies don't need pass this validation | ||
if _, ok := r.GetLabels()["policy.open-cluster-management.io/root-policy"]; ok { | ||
return nil, nil | ||
} | ||
|
||
// 1 character for "." | ||
if (utf8.RuneCountInString(r.Name) + utf8.RuneCountInString(r.Namespace)) > 62 { | ||
return nil, errName | ||
} | ||
|
||
return nil, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: propagator-webhook-service | ||
namespace: open-cluster-management | ||
spec: | ||
ports: | ||
- port: 443 | ||
protocol: TCP | ||
targetPort: 9443 | ||
selector: | ||
webhook-origin: governance-policy-propagator | ||
--- | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
name: propagator-webhook-serving-cert | ||
namespace: open-cluster-management | ||
spec: | ||
dnsNames: | ||
- propagator-webhook-service.open-cluster-management.svc | ||
- propagator-webhook-service.open-cluster-management.svc.cluster.local | ||
issuerRef: | ||
kind: Issuer | ||
name: propagator-webhook-selfsigned-issuer | ||
secretName: propagator-webhook-server-cert | ||
--- | ||
apiVersion: cert-manager.io/v1 | ||
kind: Issuer | ||
metadata: | ||
name: propagator-webhook-selfsigned-issuer | ||
namespace: open-cluster-management | ||
spec: | ||
selfSigned: {} | ||
--- | ||
apiVersion: admissionregistration.k8s.io/v1 | ||
kind: ValidatingWebhookConfiguration | ||
metadata: | ||
annotations: | ||
cert-manager.io/inject-ca-from: open-cluster-management/propagator-webhook-serving-cert | ||
name: propagator-webhook-validating-configuration | ||
webhooks: | ||
- admissionReviewVersions: | ||
- v1 | ||
clientConfig: | ||
service: | ||
name: propagator-webhook-service | ||
namespace: open-cluster-management | ||
path: /validate-policy-open-cluster-management-io-v1-policy | ||
failurePolicy: Ignore | ||
name: policy.open-cluster-management.io.webhook | ||
rules: | ||
- apiGroups: | ||
- policy.open-cluster-management.io | ||
apiVersions: | ||
- v1 | ||
operations: | ||
- CREATE | ||
resources: | ||
- policies | ||
sideEffects: None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.