/
validate.go
142 lines (130 loc) · 4.57 KB
/
validate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
// Copyright (c) 2022, 2023, Oracle and/or its affiliates.
// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
package v1beta1
import (
"context"
"fmt"
"github.com/verrazzano/verrazzano/platform-operator/apis/verrazzano/validators"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
// ValidateProfile check that requestedProfile is valid
func ValidateProfile(requestedProfile ProfileType) error {
if len(requestedProfile) != 0 {
switch requestedProfile {
case Prod, Dev, ManagedCluster, None:
return nil
default:
return fmt.Errorf("Requested profile %s is invalid, valid options are dev, prod, managed-cluster, or none",
requestedProfile)
}
}
return nil
}
// ValidateActiveInstall enforces that only one install of Verrazzano is allowed.
func ValidateActiveInstall(client client.Client) error {
vzList := &VerrazzanoList{}
err := client.List(context.Background(), vzList)
if err != nil {
return err
}
if len(vzList.Items) != 0 {
return fmt.Errorf("Only one install of Verrazzano is allowed")
}
return nil
}
// ValidateInProgress makes sure there is not an install, uninstall or upgrade in progress
func ValidateInProgress(old *Verrazzano) error {
if old.Status.State == "" || old.Status.State == VzStateReady || old.Status.State == VzStateFailed || old.Status.State == VzStatePaused || old.Status.State == VzStateReconciling {
return nil
}
return fmt.Errorf(validators.ValidateInProgressError)
}
// validateOCISecrets - Validate that the OCI DNS and Fluentd OCI secrets required by install exists, if configured
func validateOCISecrets(client client.Client, spec *VerrazzanoSpec) error {
if err := validateOCIDNSSecret(client, spec); err != nil {
return err
}
if err := validateFluentdOCIAuthSecret(client, spec); err != nil {
return err
}
return nil
}
func validateFluentdOCIAuthSecret(client client.Client, spec *VerrazzanoSpec) error {
if spec.Components.Fluentd == nil || spec.Components.Fluentd.OCI == nil {
return nil
}
apiSecretName := spec.Components.Fluentd.OCI.APISecret
if len(apiSecretName) > 0 {
secret := &corev1.Secret{}
if err := validators.GetInstallSecret(client, apiSecretName, secret); err != nil {
return err
}
// validate config secret
if err := validators.ValidateFluentdConfigData(secret); err != nil {
return err
}
// Validate key data exists and is a valid pem format
pemData, err := validators.ValidateSecretKey(secret, validators.FluentdOCISecretPrivateKeyEntry, nil)
if err != nil {
return err
}
if err := validators.ValidatePrivateKey(secret.Name, pemData); err != nil {
return err
}
}
return nil
}
func validateOCIDNSSecret(client client.Client, spec *VerrazzanoSpec) error {
if spec.Components.DNS == nil || spec.Components.DNS.OCI == nil {
return nil
}
secret := &corev1.Secret{}
ociDNSConfigSecret := spec.Components.DNS.OCI.OCIConfigSecret
if err := validators.GetInstallSecret(client, ociDNSConfigSecret, secret); err != nil {
return err
}
// Verify that the oci secret has one value
if len(secret.Data) != 1 {
return fmt.Errorf("Secret \"%s\" for OCI DNS should have one data key, found %v", ociDNSConfigSecret, len(secret.Data))
}
for key := range secret.Data {
// validate auth_type
var authProp validators.OciAuth
if err := validators.ValidateSecretContents(secret.Name, secret.Data[key], &authProp); err != nil {
return err
}
if authProp.Auth.AuthType != validators.InstancePrincipal && authProp.Auth.AuthType != validators.UserPrincipal && authProp.Auth.AuthType != "" {
return fmt.Errorf("Authtype \"%v\" in OCI secret must be either '%s' or '%s'", authProp.Auth.AuthType, validators.UserPrincipal, validators.InstancePrincipal)
}
if authProp.Auth.AuthType == validators.UserPrincipal {
if err := validators.ValidatePrivateKey(secret.Name, []byte(authProp.Auth.Key)); err != nil {
return err
}
}
}
return nil
}
// ValidateInstallOverrides checks that the overrides slice has only one override type per slice item
func ValidateInstallOverrides(Overrides []Overrides) error {
overridePerItem := 0
for _, override := range Overrides {
if override.ConfigMapRef != nil {
overridePerItem++
}
if override.SecretRef != nil {
overridePerItem++
}
if override.Values != nil {
overridePerItem++
}
if overridePerItem > 1 {
return fmt.Errorf("Invalid install overrides. Cannot specify more than one override type in the same list element")
}
if overridePerItem == 0 {
return fmt.Errorf("Invalid install overrides. No override specified")
}
overridePerItem = 0
}
return nil
}