Skip to content

Commit

Permalink
Validate credentials not empty on webhook
Browse files Browse the repository at this point in the history
  • Loading branch information
amitlicht committed Jun 18, 2024
1 parent 7c7c2b3 commit 4c17117
Show file tree
Hide file tree
Showing 4 changed files with 71 additions and 43 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,6 @@ func (r *DatabaseReconciler) extractDBCredentials(ctx context.Context, namespace
}

if creds.Username == "" || creds.Password == "" {
// TODO: should validate this as part of admission webhook
return creds, errors.New("credentials missing either username or password")
}

Expand Down
13 changes: 13 additions & 0 deletions src/operator/webhooks/database_server_conf_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,3 +107,16 @@ func validateNoDuplicateForUpdate(ctx context.Context, client client.Client, con

return nil
}

func validateCredentialsNotEmpty(credentials otterizev1alpha3.DatabaseCredentials) *field.Error {
if (credentials.Username == "" || credentials.Password == "") && credentials.SecretRef == nil {
return &field.Error{
Type: field.ErrorTypeRequired,
Field: "credentials",
BadValue: credentials,
Detail: "Either username and password must be provided or a secretRef must be provided",
}
}

return nil
}
50 changes: 29 additions & 21 deletions src/operator/webhooks/mysqlserverconfigs_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,46 +61,54 @@ func (v *MySQLConfValidator) ValidateDelete(ctx context.Context, obj runtime.Obj
func (v *MySQLConfValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
allErrs := field.ErrorList{}
mysqlServerConf := obj.(*otterizev1alpha3.MySQLServerConfig)
gvk := mysqlServerConf.GroupVersionKind()

err := validateNoDuplicateForCreate(ctx, v.Client, mysqlServerConf.Name)

if err != nil {
var fieldErr *field.Error
if goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
gvk := mysqlServerConf.GroupVersionKind()
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
mysqlServerConf.Name, allErrs)
}
if err := validateCredentialsNotEmpty(mysqlServerConf.Spec.Credentials); err != nil {
allErrs = append(allErrs, err)
}

err := validateNoDuplicateForCreate(ctx, v.Client, mysqlServerConf.Name)
if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
} else if err != nil {
return nil, errors.Wrap(err)
}

if len(allErrs) > 0 {
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
mysqlServerConf.Name, allErrs)
}

return nil, nil
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (v *MySQLConfValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
allErrs := field.ErrorList{}
mysqlServerConf := newObj.(*otterizev1alpha3.MySQLServerConfig)
gvk := mysqlServerConf.GroupVersionKind()

if err := validateCredentialsNotEmpty(mysqlServerConf.Spec.Credentials); err != nil {
allErrs = append(allErrs, err)
}

err := validateNoDuplicateForUpdate(ctx, v.Client, DatabaseServerConfig{
Name: mysqlServerConf.Name,
Namespace: mysqlServerConf.Namespace,
Type: MySQL,
})
if err != nil {
var fieldErr *field.Error
if goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
gvk := mysqlServerConf.GroupVersionKind()
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
mysqlServerConf.Name, allErrs)
}

if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
} else if err != nil {
return nil, errors.Wrap(err)
}

if len(allErrs) > 0 {
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
mysqlServerConf.Name, allErrs)
}

return nil, nil
}
50 changes: 29 additions & 21 deletions src/operator/webhooks/postgresqlserverconfigs_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,46 +61,54 @@ func (v *PostgresConfValidator) ValidateDelete(ctx context.Context, obj runtime.
func (v *PostgresConfValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
allErrs := field.ErrorList{}
pgServerConf := obj.(*otterizev1alpha3.PostgreSQLServerConfig)
gvk := pgServerConf.GroupVersionKind()

err := validateNoDuplicateForCreate(ctx, v.Client, pgServerConf.Name)
if err != nil {
var fieldErr *field.Error
if goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
gvk := pgServerConf.GroupVersionKind()
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
pgServerConf.Name, allErrs)
}
if err := validateCredentialsNotEmpty(pgServerConf.Spec.Credentials); err != nil {
allErrs = append(allErrs, err)
}

err := validateNoDuplicateForCreate(ctx, v.Client, pgServerConf.Name)
if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
} else if err != nil {
return nil, errors.Wrap(err)
}

if len(allErrs) > 0 {
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
pgServerConf.Name, allErrs)
}

return nil, nil
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (v *PostgresConfValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
allErrs := field.ErrorList{}
pgServerConf := newObj.(*otterizev1alpha3.PostgreSQLServerConfig)
gvk := pgServerConf.GroupVersionKind()

if err := validateCredentialsNotEmpty(pgServerConf.Spec.Credentials); err != nil {
allErrs = append(allErrs, err)
}

err := validateNoDuplicateForUpdate(ctx, v.Client, DatabaseServerConfig{
Name: pgServerConf.Name,
Namespace: pgServerConf.Namespace,
Type: Postgres,
})

if err != nil {
var fieldErr *field.Error
if goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
gvk := pgServerConf.GroupVersionKind()
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
pgServerConf.Name, allErrs)
}

if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
allErrs = append(allErrs, fieldErr)
} else if err != nil {
return nil, errors.Wrap(err)
}

if len(allErrs) > 0 {
return nil, k8serrors.NewInvalid(
schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
pgServerConf.Name, allErrs)
}

return nil, nil
}

0 comments on commit 4c17117

Please sign in to comment.