From b98c8045187b578479b68c2971ac20eb07b3c71e Mon Sep 17 00:00:00 2001 From: adrianc Date: Tue, 6 Feb 2024 19:26:40 +0200 Subject: [PATCH] Update Webhook As the operator no longer creates default SriovOperatorConfig and SriovNetworkNodePolicy the webhook is updated in the following Manner: Validating: - Allow deletion of default config/policy. - Block create/update of non default config CR Mutating: - keep skipping default but add a comment to mark as deprecated. Signed-off-by: adrianc --- pkg/webhook/mutate.go | 2 ++ pkg/webhook/validate.go | 14 +++++--------- pkg/webhook/validate_test.go | 8 +++++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pkg/webhook/mutate.go b/pkg/webhook/mutate.go index ee8ae2ac6..098f0e8fc 100644 --- a/pkg/webhook/mutate.go +++ b/pkg/webhook/mutate.go @@ -23,6 +23,8 @@ func mutateSriovNetworkNodePolicy(cr map[string]interface{}) (*v1.AdmissionRespo reviewResponse.Allowed = true name := cr["metadata"].(map[string]interface{})["name"] + // Note(adrianc): the "default" policy is deprecated, we keep this skip below + // in case we encounter it in the cluster. if name == constants.DefaultPolicyName { // skip the default policy return &reviewResponse, nil diff --git a/pkg/webhook/validate.go b/pkg/webhook/validate.go index f225dd6c2..ace9d89b3 100644 --- a/pkg/webhook/validate.go +++ b/pkg/webhook/validate.go @@ -35,12 +35,12 @@ func validateSriovOperatorConfig(cr *sriovnetworkv1.SriovOperatorConfig, operati log.Log.V(2).Info("validateSriovOperatorConfig", "object", cr) var warnings []string - if cr.GetName() != consts.DefaultConfigName { - return false, warnings, fmt.Errorf("only default SriovOperatorConfig is used") + if operation == v1.Delete { + return true, warnings, nil } - if operation == v1.Delete { - warnings = append(warnings, "default SriovOperatorConfig shouldn't be deleted") + if cr.GetName() != consts.DefaultConfigName || cr.GetNamespace() != vars.Namespace { + return false, warnings, fmt.Errorf("only default SriovOperatorConfig in %s namespace is used", vars.Namespace) } if cr.Spec.DisableDrain { @@ -96,11 +96,7 @@ func validateSriovNetworkNodePolicy(cr *sriovnetworkv1.SriovNetworkNodePolicy, o var warnings []string if cr.GetName() == consts.DefaultPolicyName && cr.GetNamespace() == os.Getenv("NAMESPACE") { - if operation == v1.Delete { - warnings = append(warnings, "default SriovNetworkNodePolicy shouldn't be deleted") - } - - // skip validating default policy + // skip validating (deprecated) default policy return true, warnings, nil } diff --git a/pkg/webhook/validate_test.go b/pkg/webhook/validate_test.go index d67e1a011..364c8d39c 100644 --- a/pkg/webhook/validate_test.go +++ b/pkg/webhook/validate_test.go @@ -13,6 +13,7 @@ import ( . "github.com/k8snetworkplumbingwg/sriov-network-operator/api/v1" constants "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/consts" + "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/vars" fakesnclientset "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/client/clientset/versioned/fake" ) @@ -136,7 +137,8 @@ func NewNode() *corev1.Node { func newDefaultOperatorConfig() *SriovOperatorConfig { return &SriovOperatorConfig{ ObjectMeta: metav1.ObjectMeta{ - Name: "default", + Name: "default", + Namespace: vars.Namespace, }, Spec: SriovOperatorConfigSpec{ ConfigDaemonNodeSelector: map[string]string{}, @@ -157,7 +159,7 @@ func TestValidateSriovOperatorConfigWithDefaultOperatorConfig(t *testing.T) { ok, w, err := validateSriovOperatorConfig(config, "DELETE") g.Expect(err).NotTo(HaveOccurred()) g.Expect(ok).To(Equal(true)) - g.Expect(w[0]).To(ContainSubstring("default SriovOperatorConfig shouldn't be deleted")) + g.Expect(w).To(BeEmpty()) ok, _, err = validateSriovOperatorConfig(config, "UPDATE") g.Expect(err).NotTo(HaveOccurred()) @@ -226,7 +228,7 @@ func TestValidateSriovNetworkNodePolicyWithDefaultPolicy(t *testing.T) { ok, w, err := validateSriovNetworkNodePolicy(policy, "DELETE") g.Expect(err).NotTo(HaveOccurred()) g.Expect(ok).To(Equal(true)) - g.Expect(w[0]).To(ContainSubstring("default SriovNetworkNodePolicy shouldn't be deleted")) + g.Expect(w).To(BeEmpty()) ok, _, err = validateSriovNetworkNodePolicy(policy, "UPDATE") g.Expect(err).NotTo(HaveOccurred())