pg_hba validation

[limak9182]

Description

Adds admission webhook validation for pg_hba.conf rules on PostgresCluster and PostgresClusterClass resources. Catches invalid rules at admission time instead of letting them propagate to the underlying PostgreSQL cluster where they'd cause runtime failures.

Key Changes

• pkg/postgresql/cluster/core/hba.go — Core validation engine with layered checks: connection type → field count → auth method → address/netmask. Handles comment stripping, quote-aware tokenization, CIDR, IP+netmask, hostname, and special
  keywords.
  • pkg/postgresql/cluster/core/hba_test.go — Comprehensive unit tests covering valid rules, each error layer independently, and edge cases (IPv6, auth options, inline comments, quoted values).
  • pkg/splunk/enterprise/validation/postgrescluster_validation.go — Webhook validator for spec.pgHBA on PostgresCluster CREATE/UPDATE.
  • pkg/splunk/enterprise/validation/postgresclusterclass_validation.go — Webhook validator for spec.config.pgHBA on PostgresClusterClass CREATE/UPDATE.
  • pkg/splunk/enterprise/validation/registry.go — Registers both new validators in DefaultValidators.

Testing and Verification

• Unit tests for all validation layers (connection type, field count, auth method, address/CIDR/netmask)
• Webhook integration tests verifying correct field.ErrorList paths (spec.pgHBA, spec.config.pgHBA)
• Tests cover valid rules, single-field errors, multi-error accumulation, and edge cases (comments, quoted auth options, IPv6)
• All tests pass locally: go test ./pkg/postgresql/cluster/core/... ./pkg/splunk/enterprise/validation/...

Related Issues

CPI-1846

PR Checklist

• Code changes adhere to the project's coding standards.
• Relevant unit and integration tests are included.
• Documentation has been updated accordingly.
• All tests pass locally.
• The PR description follows the project's guidelines.

[github-actions]

CLA Assistant Lite bot:
Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contribution License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment with the exact sentence copied from below.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request}