diff --git a/changelog/fragments/csv-whdescs-defaults.yaml b/changelog/fragments/csv-whdescs-defaults.yaml new file mode 100644 index 00000000000..5d3cffc2095 --- /dev/null +++ b/changelog/fragments/csv-whdescs-defaults.yaml @@ -0,0 +1,7 @@ +entries: + - description: > + Default a CSV's `spec.webhookDefinition[].admissionReviewVersions` to "v1beta1". + kind: addition + - description: > + Default a CSV's `spec.webhookDefinition[].sideEffects` to "None". + kind: addition diff --git a/internal/generate/clusterserviceversion/clusterserviceversion_updaters.go b/internal/generate/clusterserviceversion/clusterserviceversion_updaters.go index 9e1a1a61e48..a8fc1992b9b 100644 --- a/internal/generate/clusterserviceversion/clusterserviceversion_updaters.go +++ b/internal/generate/clusterserviceversion/clusterserviceversion_updaters.go @@ -290,6 +290,9 @@ func applyWebhooks(c *collector.Manifests, csv *operatorsv1alpha1.ClusterService csv.Spec.WebhookDefinitions = webhookDescriptions } +// The default AdmissionReviewVersions set in a CSV if not set in the source webhook. +var defaultAdmissionReviewVersions = []string{"v1beta1"} + // validatingToWebhookDescription transforms webhook into a WebhookDescription. func validatingToWebhookDescription(webhook admissionregv1.ValidatingWebhook, depName string) operatorsv1alpha1.WebhookDescription { description := operatorsv1alpha1.WebhookDescription{ @@ -303,6 +306,13 @@ func validatingToWebhookDescription(webhook admissionregv1.ValidatingWebhook, de TimeoutSeconds: webhook.TimeoutSeconds, AdmissionReviewVersions: webhook.AdmissionReviewVersions, } + if len(description.AdmissionReviewVersions) == 0 { + description.AdmissionReviewVersions = defaultAdmissionReviewVersions + } + if description.SideEffects == nil { + seNone := admissionregv1.SideEffectClassNone + description.SideEffects = &seNone + } if serviceRef := webhook.ClientConfig.Service; serviceRef != nil { if serviceRef.Port != nil { @@ -331,6 +341,13 @@ func mutatingToWebhookDescription(webhook admissionregv1.MutatingWebhook, depNam AdmissionReviewVersions: webhook.AdmissionReviewVersions, ReinvocationPolicy: webhook.ReinvocationPolicy, } + if len(description.AdmissionReviewVersions) == 0 { + description.AdmissionReviewVersions = defaultAdmissionReviewVersions + } + if description.SideEffects == nil { + seNone := admissionregv1.SideEffectClassNone + description.SideEffects = &seNone + } if serviceRef := webhook.ClientConfig.Service; serviceRef != nil { if serviceRef.Port != nil { diff --git a/internal/generate/testdata/clusterserviceversions/output/memcached-operator.clusterserviceversion.yaml b/internal/generate/testdata/clusterserviceversions/output/memcached-operator.clusterserviceversion.yaml index f4fb80f3f8c..fc8cd8a179a 100644 --- a/internal/generate/testdata/clusterserviceversions/output/memcached-operator.clusterserviceversion.yaml +++ b/internal/generate/testdata/clusterserviceversions/output/memcached-operator.clusterserviceversion.yaml @@ -184,7 +184,8 @@ spec: url: https://your.domain version: 0.0.1 webhookdefinitions: - - admissionReviewVersions: null + - admissionReviewVersions: + - v1beta1 deploymentName: memcached-operator-controller-manager failurePolicy: Fail generateName: vmemcached.kb.io @@ -198,10 +199,11 @@ spec: - UPDATE resources: - memcacheds - sideEffects: null + sideEffects: None type: ValidatingAdmissionWebhook webhookPath: /validate-cache-my-domain-v1alpha1-memcached - - admissionReviewVersions: null + - admissionReviewVersions: + - v1beta1 deploymentName: memcached-operator-controller-manager failurePolicy: Fail generateName: mmemcached.kb.io @@ -215,6 +217,6 @@ spec: - UPDATE resources: - memcacheds - sideEffects: null + sideEffects: None type: MutatingAdmissionWebhook webhookPath: /mutate-cache-my-domain-v1alpha1-memcached