Validate credentials not empty on webhook

otterize · Jun 18, 2024 · 4c17117 · 4c17117
1 parent 7c7c2b3
commit 4c17117
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 43 deletions.
diff --git a/src/operator/controllers/intents_reconcilers/database/database_reconciler.go b/src/operator/controllers/intents_reconcilers/database/database_reconciler.go
@@ -167,7 +167,6 @@ func (r *DatabaseReconciler) extractDBCredentials(ctx context.Context, namespace
 	}
 
 	if creds.Username == "" || creds.Password == "" {
-		// TODO: should validate this as part of admission webhook
 		return creds, errors.New("credentials missing either username or password")
 	}
 

diff --git a/src/operator/webhooks/database_server_conf_utils.go b/src/operator/webhooks/database_server_conf_utils.go
@@ -107,3 +107,16 @@ func validateNoDuplicateForUpdate(ctx context.Context, client client.Client, con
 
 	return nil
 }
+
+func validateCredentialsNotEmpty(credentials otterizev1alpha3.DatabaseCredentials) *field.Error {
+	if (credentials.Username == "" || credentials.Password == "") && credentials.SecretRef == nil {
+		return &field.Error{
+			Type:     field.ErrorTypeRequired,
+			Field:    "credentials",
+			BadValue: credentials,
+			Detail:   "Either username and password must be provided or a secretRef must be provided",
+		}
+	}
+
+	return nil
+}
diff --git a/src/operator/webhooks/mysqlserverconfigs_webhook.go b/src/operator/webhooks/mysqlserverconfigs_webhook.go
@@ -61,46 +61,54 @@ func (v *MySQLConfValidator) ValidateDelete(ctx context.Context, obj runtime.Obj
 func (v *MySQLConfValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
 	allErrs := field.ErrorList{}
 	mysqlServerConf := obj.(*otterizev1alpha3.MySQLServerConfig)
+	gvk := mysqlServerConf.GroupVersionKind()
 
-	err := validateNoDuplicateForCreate(ctx, v.Client, mysqlServerConf.Name)
-
-	if err != nil {
-		var fieldErr *field.Error
-		if goerrors.As(err, &fieldErr) {
-			allErrs = append(allErrs, fieldErr)
-			gvk := mysqlServerConf.GroupVersionKind()
-			return nil, k8serrors.NewInvalid(
-				schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
-				mysqlServerConf.Name, allErrs)
-		}
+	if err := validateCredentialsNotEmpty(mysqlServerConf.Spec.Credentials); err != nil {
+		allErrs = append(allErrs, err)
+	}
 
+	err := validateNoDuplicateForCreate(ctx, v.Client, mysqlServerConf.Name)
+	if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
+		allErrs = append(allErrs, fieldErr)
+	} else if err != nil {
 		return nil, errors.Wrap(err)
 	}
 
+	if len(allErrs) > 0 {
+		return nil, k8serrors.NewInvalid(
+			schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
+			mysqlServerConf.Name, allErrs)
+	}
+
 	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
 func (v *MySQLConfValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
 	allErrs := field.ErrorList{}
 	mysqlServerConf := newObj.(*otterizev1alpha3.MySQLServerConfig)
+	gvk := mysqlServerConf.GroupVersionKind()
+
+	if err := validateCredentialsNotEmpty(mysqlServerConf.Spec.Credentials); err != nil {
+		allErrs = append(allErrs, err)
+	}
 
 	err := validateNoDuplicateForUpdate(ctx, v.Client, DatabaseServerConfig{
 		Name:      mysqlServerConf.Name,
 		Namespace: mysqlServerConf.Namespace,
 		Type:      MySQL,
 	})
-	if err != nil {
-		var fieldErr *field.Error
-		if goerrors.As(err, &fieldErr) {
-			allErrs = append(allErrs, fieldErr)
-			gvk := mysqlServerConf.GroupVersionKind()
-			return nil, k8serrors.NewInvalid(
-				schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
-				mysqlServerConf.Name, allErrs)
-		}
-
+	if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
+		allErrs = append(allErrs, fieldErr)
+	} else if err != nil {
 		return nil, errors.Wrap(err)
 	}
+
+	if len(allErrs) > 0 {
+		return nil, k8serrors.NewInvalid(
+			schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
+			mysqlServerConf.Name, allErrs)
+	}
+
 	return nil, nil
 }
diff --git a/src/operator/webhooks/postgresqlserverconfigs_webhook.go b/src/operator/webhooks/postgresqlserverconfigs_webhook.go
@@ -61,46 +61,54 @@ func (v *PostgresConfValidator) ValidateDelete(ctx context.Context, obj runtime.
 func (v *PostgresConfValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
 	allErrs := field.ErrorList{}
 	pgServerConf := obj.(*otterizev1alpha3.PostgreSQLServerConfig)
+	gvk := pgServerConf.GroupVersionKind()
 
-	err := validateNoDuplicateForCreate(ctx, v.Client, pgServerConf.Name)
-	if err != nil {
-		var fieldErr *field.Error
-		if goerrors.As(err, &fieldErr) {
-			allErrs = append(allErrs, fieldErr)
-			gvk := pgServerConf.GroupVersionKind()
-			return nil, k8serrors.NewInvalid(
-				schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
-				pgServerConf.Name, allErrs)
-		}
+	if err := validateCredentialsNotEmpty(pgServerConf.Spec.Credentials); err != nil {
+		allErrs = append(allErrs, err)
+	}
 
+	err := validateNoDuplicateForCreate(ctx, v.Client, pgServerConf.Name)
+	if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
+		allErrs = append(allErrs, fieldErr)
+	} else if err != nil {
 		return nil, errors.Wrap(err)
 	}
 
+	if len(allErrs) > 0 {
+		return nil, k8serrors.NewInvalid(
+			schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
+			pgServerConf.Name, allErrs)
+	}
+
 	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
 func (v *PostgresConfValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
 	allErrs := field.ErrorList{}
 	pgServerConf := newObj.(*otterizev1alpha3.PostgreSQLServerConfig)
+	gvk := pgServerConf.GroupVersionKind()
+
+	if err := validateCredentialsNotEmpty(pgServerConf.Spec.Credentials); err != nil {
+		allErrs = append(allErrs, err)
+	}
 
 	err := validateNoDuplicateForUpdate(ctx, v.Client, DatabaseServerConfig{
 		Name:      pgServerConf.Name,
 		Namespace: pgServerConf.Namespace,
 		Type:      Postgres,
 	})
-
-	if err != nil {
-		var fieldErr *field.Error
-		if goerrors.As(err, &fieldErr) {
-			allErrs = append(allErrs, fieldErr)
-			gvk := pgServerConf.GroupVersionKind()
-			return nil, k8serrors.NewInvalid(
-				schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
-				pgServerConf.Name, allErrs)
-		}
-
+	if fieldErr := (&field.Error{}); goerrors.As(err, &fieldErr) {
+		allErrs = append(allErrs, fieldErr)
+	} else if err != nil {
 		return nil, errors.Wrap(err)
 	}
+
+	if len(allErrs) > 0 {
+		return nil, k8serrors.NewInvalid(
+			schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind},
+			pgServerConf.Name, allErrs)
+	}
+
 	return nil, nil
 }