add validation

Signed-off-by: Valeriy Khorunzhin <[email protected]>
deckhouse · Jan 14, 2025 · 714aa1b · 714aa1b
1 parent b185f6e
commit 714aa1b
Show file tree

Hide file tree

Showing 11 changed files with 801 additions and 7 deletions.
diff --git a/images/virtualization-artifact/pkg/controller/cvi/cvi_webhook.go b/images/virtualization-artifact/pkg/controller/cvi/cvi_webhook.go
@@ -18,7 +18,9 @@ package cvi
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"strings"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -41,8 +43,15 @@ func NewValidator(logger *log.Logger) *Validator {
 }
 
 func (v *Validator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
-	err := fmt.Errorf("misconfigured webhook rules: create operation not implemented")
-	v.logger.Error("Ensure the correctness of ValidatingWebhookConfiguration", "err", err)
+	cvi, ok := obj.(*virtv2.ClusterVirtualImage)
+	if !ok {
+		return nil, fmt.Errorf("expected a new ClusterVirtualImage but got a %T", obj)
+	}
+
+	if strings.Contains(cvi.ObjectMeta.Name, ".") {
+		return nil, errors.New("ClusterVirtualImage name is invalid: '.' is forbidden, allowed name symbols are [0-9a-zA-Z-]")
+	}
+
 	return nil, nil
 }
 
@@ -59,6 +68,8 @@ func (v *Validator) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Obj
 
 	v.logger.Info("Validating ClusterVirtualImage")
 
+	var warnings admission.Warnings
+
 	if oldCVI.Generation == newCVI.Generation {
 		return nil, nil
 	}
@@ -68,7 +79,11 @@ func (v *Validator) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Obj
 		return nil, fmt.Errorf("ClusterVirtualImage is in a Ready state: configuration changes are not available")
 	}
 
-	return nil, nil
+	if strings.Contains(newCVI.ObjectMeta.Name, ".") {
+		warnings = append(warnings, "ClusterVirtualImage name is invalid as it contains now forbidden symbol '.', allowed symbols for name are [0-9a-zA-Z-]. Create another image with valid name to avoid problems with future updates.")
+	}
+
+	return warnings, nil
 }
 
 func (v *Validator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {

diff --git a/images/virtualization-artifact/pkg/controller/k8s-validation/validate-k8s-utils.go b/images/virtualization-artifact/pkg/controller/k8s-validation/validate-k8s-utils.go
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/validator/name_validator.go b/images/virtualization-artifact/pkg/controller/vd/internal/validator/name_validator.go
@@ -0,0 +1,51 @@
+/*
+Copyright 2024 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validator
+
+import (
+	"context"
+	"errors"
+	"strings"
+
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	virtv2 "github.com/deckhouse/virtualization/api/core/v1alpha2"
+)
+
+type NameValidator struct{}
+
+func NewNameValidator() *NameValidator {
+	return &NameValidator{}
+}
+
+func (v *NameValidator) ValidateCreate(_ context.Context, vd *virtv2.VirtualDisk) (admission.Warnings, error) {
+	if strings.Contains(vd.ObjectMeta.Name, ".") {
+		return nil, errors.New("virtual disk name cannot contain '.'")
+	}
+
+	return nil, nil
+}
+
+func (v *NameValidator) ValidateUpdate(_ context.Context, _, newVD *virtv2.VirtualDisk) (admission.Warnings, error) {
+	if strings.Contains(newVD.ObjectMeta.Name, ".") {
+		var warnings admission.Warnings
+		warnings = append(warnings, "virtual disk name contain '.', it may be cause of problems in future, please recreate resource.")
+		return warnings, nil
+	}
+
+	return nil, nil
+}
diff --git a/images/virtualization-artifact/pkg/controller/vd/vd_webhook.go b/images/virtualization-artifact/pkg/controller/vd/vd_webhook.go
@@ -44,6 +44,7 @@ func NewValidator(client client.Client) *Validator {
 			validator.NewPVCSizeValidator(client),
 			validator.NewSpecChangesValidator(),
 			validator.NewISOSourceValidator(client),
+			validator.NewNameValidator(),
 		},
 	}
 }

diff --git a/images/virtualization-artifact/pkg/controller/vi/vi_webhook.go b/images/virtualization-artifact/pkg/controller/vi/vi_webhook.go
@@ -18,8 +18,10 @@ package vi
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"reflect"
+	"strings"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -42,8 +44,15 @@ func NewValidator(logger *log.Logger) *Validator {
 }
 
 func (v *Validator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
-	err := fmt.Errorf("misconfigured webhook rules: create operation not implemented")
-	v.logger.Error("Ensure the correctness of ValidatingWebhookConfiguration", "err", err)
+	vi, ok := obj.(*virtv2.VirtualImage)
+	if !ok {
+		return nil, fmt.Errorf("expected a new VirtualImage but got a %T", obj)
+	}
+
+	if strings.Contains(vi.ObjectMeta.Name, ".") {
+		return nil, errors.New("virtual image name cannot contain '.'")
+	}
+
 	return nil, nil
 }
 
@@ -60,6 +69,8 @@ func (v *Validator) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Obj
 
 	v.logger.Info("Validating VirtualImage")
 
+	var warnings admission.Warnings
+
 	if oldVI.Generation == newVI.Generation {
 		return nil, nil
 	}
@@ -75,7 +86,11 @@ func (v *Validator) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Obj
 		}
 	}
 
-	return nil, nil
+	if strings.Contains(newVI.ObjectMeta.Name, ".") {
+		warnings = append(warnings, "virtual image name contain '.', it may be cause of problems in future, please recreate resource.")
+	}
+
+	return warnings, nil
 }
 
 func (v *Validator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {

diff --git a/images/virtualization-artifact/pkg/controller/vm/internal/validators/affinity_validator.go b/images/virtualization-artifact/pkg/controller/vm/internal/validators/affinity_validator.go
@@ -0,0 +1,58 @@
+/*
+Copyright 2024 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validators
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	k8sfield "k8s.io/apimachinery/pkg/util/validation/field"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	k8sUtils "github.com/deckhouse/virtualization-controller/pkg/controller/k8s-validation"
+	"github.com/deckhouse/virtualization/api/core/v1alpha2"
+)
+
+type AffinityValidator struct{}
+
+func NewAffinityValidator() *AffinityValidator {
+	return &AffinityValidator{}
+}
+
+func (v *AffinityValidator) ValidateCreate(_ context.Context, vm *v1alpha2.VirtualMachine) (admission.Warnings, error) {
+	return v.Validate(vm)
+}
+
+func (v *AffinityValidator) ValidateUpdate(_ context.Context, _, newVM *v1alpha2.VirtualMachine) (admission.Warnings, error) {
+	return v.Validate(newVM)
+}
+
+func (v *AffinityValidator) Validate(vm *v1alpha2.VirtualMachine) (admission.Warnings, error) {
+	var errs []error
+
+	errorList := k8sUtils.ValidateAffinity(vm.Spec.Affinity, k8sfield.NewPath("spec"))
+	for _, err := range errorList {
+		errs = append(errs, err)
+	}
+
+	if len(errs) > 0 {
+		return nil, fmt.Errorf("errors while validating affinity: %w", errors.Join(errs...))
+	}
+
+	return nil, nil
+}