Configuration for webhooks

.devcontainer/install-dependencies.sh

@@ -53,6 +53,7 @@ echo "Installing Go tools…"
 # go tools for vscode are preinstalled by base image (see first comment in Dockerfile)
 go get \
     github.com/jandelgado/[email protected] \
+    github.com/mikefarah/yq/[email protected] \
     github.com/mitchellh/[email protected] \
     k8s.io/code-generator/cmd/[email protected] \
     sigs.k8s.io/controller-tools/cmd/[email protected] \
@@ -66,11 +67,6 @@ if [ "$1" != "devcontainer" ]; then
     curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "$TOOL_DEST" 2>&1 
 fi
 
-echo "Installing kubectl…"
-curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl \
-    && chmod +x ./kubectl \
-    && mv ./kubectl "$TOOL_DEST/kubectl"
-
 # Install go-task (task runner)
 echo "Installing go-task…"
 curl -sL "https://github.com/go-task/task/releases/download/v3.0.0/task_linux_amd64.tar.gz" | tar xz -C "$TOOL_DEST" task

Taskfile.yml

@@ -178,18 +178,33 @@ tasks:
     - cp config/crd/bases/microsoft.storage.infra.azure.com_storageaccountsblobservicescontainers.yaml config/crd/bases/valid
     - cp config/crd/bases/microsoft.resources.infra.azure.com_resourcegroups.yaml config/crd/bases/valid
 
+  controller:copy-valid-webhooks:
+    dir: "{{.CONTROLLER_ROOT}}"
+    deps: [generate-crds]
+    cmds:
+    - mkdir -p config/webhook/valid
+    - yq delete {{.IN}} 'webhooks[*]' > {{.OUT}}
+    - yq read -c {{.IN}} 'webhooks.(rules[*].resources[*]. == batchaccount)' | yq prefix - webhooks | yq merge -a append - {{.OUT}} > {{.OUT}}_2 && mv {{.OUT}}_2 {{.OUT}}
+    - yq read -c {{.IN}} 'webhooks.(rules[*].resources[*]. == storageaccount)' | yq prefix - webhooks | yq merge -a append - {{.OUT}} > {{.OUT}}_2 && mv {{.OUT}}_2 {{.OUT}}
+    - yq read -c {{.IN}} 'webhooks.(rules[*].resources[*]. == storageaccountsblobservicescontainer)' | yq prefix - webhooks | yq merge -a append - {{.OUT}} > {{.OUT}}_2 && mv {{.OUT}}_2 {{.OUT}}
+
+    vars:
+      IN: config/webhook/manifests.yaml 
+      OUT: config/webhook/valid/manifests.yaml
+
+
   controller:test-integration-envtest:
     desc: Run integration tests with envtest using record/replay.
     dir: "{{.CONTROLLER_ROOT}}"
-    deps: [controller:copy-valid-crds]
+    deps: [controller:copy-valid-crds, controller:copy-valid-webhooks]
     cmds:
     # -race fails at the moment in controller-runtime
     - ENVTEST=1 RECORD_REPLAY=1 go test -v $({{.GENERATED_DIRS_TO_LINT_CMD}})
 
   controller:test-integration-envtest-cover:
     desc: Run integration tests with envtest using record/replay and output coverage.
     dir: "{{.CONTROLLER_ROOT}}"
-    deps: [controller:copy-valid-crds]
+    deps: [controller:copy-valid-crds, controller:copy-valid-webhooks]
     cmds:
     # -race fails at the moment in controller-runtime
     - ENVTEST=1 RECORD_REPLAY=1 go test -covermode atomic -coverprofile=cover-integration-envtest.out -coverpkg="./..." -v $({{.GENERATED_DIRS_TO_LINT_CMD}})
@@ -198,7 +213,7 @@ tasks:
   controller:test-integration-envtest-live:
     desc: Run integration tests with envtest against live data and output coverage.
     dir: "{{.CONTROLLER_ROOT}}"
-    deps: [controller:copy-valid-crds, cleanup-azure-resources]
+    deps: [controller:copy-valid-crds, controller:copy-valid-webhooks, cleanup-azure-resources]
     cmds:
     # -race fails at the moment in controller-runtime
     - ENVTEST=1 go test -covermode atomic -coverprofile=cover-integration-envtest.out -coverpkg="./..." -v $({{.GENERATED_DIRS_TO_LINT_CMD}})

hack/generated/pkg/testcommon/kube_test_context_envtest.go

@@ -33,7 +33,9 @@ func createEnvtestContext(perTestContext PerTestContext) (*KubeBaseTestContext,
 			"../config/crd/bases/valid", // TODO: remove '/valid' once all CRDs are valid
 		},
 		WebhookInstallOptions: envtest.WebhookInstallOptions{
-			DirectoryPaths: []string{},
+			DirectoryPaths: []string{
+				"../config/webhook/valid", // TODO: remove '/valid'
+			},
 		},
 	}
 

hack/generator/pkg/astmodel/interface_implementer.go

@@ -21,6 +21,17 @@ func MakeInterfaceImplementer() InterfaceImplementer {
 	return InterfaceImplementer{}
 }
 
+func (i InterfaceImplementer) HasInterface(name TypeName) bool {
+	_, ok := i.interfaces[name]
+	return ok
+}
+
+func (i InterfaceImplementer) WithoutInterface(name TypeName) InterfaceImplementer {
+	result := i.copy()
+	delete(result.interfaces, name)
+	return result
+}
+
 // WithInterface creates a new ObjectType with a function (method) attached to it
 func (i InterfaceImplementer) WithInterface(iface *InterfaceImplementation) InterfaceImplementer {
 	result := i.copy()

hack/generator/pkg/astmodel/kubernetes_resource_interface.go

@@ -112,23 +112,26 @@ func AddKubernetesResourceInterfaceImpls(
 		// e.g. "mutate-microsoft-network-infra-azure-com-v1-backendaddresspool"
 		path := fmt.Sprintf("mutate-%s-%s-%s", strings.ReplaceAll(group, ".", "-"), version, resource)
 
-		// e.g.  "default.backendaddresspool.infra.azure.com"
-		name := fmt.Sprintf("default.%s.%s", resource, group)
+		// e.g.  "default.v123.backendaddresspool.infra.azure.com"
+		name := fmt.Sprintf("default.%s.%s.%s", version, resource, group)
 
 		annotation := fmt.Sprintf("+kubebuilder:webhook:path=/%s,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=%s,resources=%s,verbs=create;update,versions=%s,name=%s", path, group, resource, version, name)
-		r = r.WithInterface(NewInterfaceImplementation(
-			MakeTypeName(admissionPackageReference, "Defaulter"),
-			&objectFunction{
-				name:      "Default",
-				o:         spec,
-				idFactory: idFactory,
-				asFunc:    defaultAzureNameFunction,
-			}).WithAnnotation(annotation))
+		r = r.WithInterface(
+			NewInterfaceImplementation(
+				DefaulterInterfaceName,
+				&objectFunction{
+					name:      "Default",
+					o:         spec,
+					idFactory: idFactory,
+					asFunc:    defaultAzureNameFunction,
+				}).WithAnnotation(annotation))
 	}
 
 	return r, nil
 }
 
+var DefaulterInterfaceName = MakeTypeName(admissionPackageReference, "Defaulter")
+
 var admissionPackageReference PackageReference = MakeExternalPackageReference("sigs.k8s.io/controller-runtime/pkg/webhook/admission")
 
 // note that this can, as a side-effect, update the resource type

hack/generator/pkg/astmodel/object_type.go

@@ -401,6 +401,17 @@ func (objectType *ObjectType) WithInterface(iface *InterfaceImplementation) *Obj
 	return result
 }
 
+// WithoutInterface removes the specified interface
+func (objectType *ObjectType) WithoutInterface(name TypeName) *ObjectType {
+	if !objectType.InterfaceImplementer.HasInterface(name) {
+		return objectType
+	}
+
+	result := objectType.copy()
+	result.InterfaceImplementer = result.InterfaceImplementer.WithoutInterface(name)
+	return result
+}
+
 func (objectType *ObjectType) copy() *ObjectType {
 	result := NewObjectType()
 

hack/generator/pkg/astmodel/resource.go

@@ -157,6 +157,16 @@ func (resource *ResourceType) WithStatus(statusType Type) *ResourceType {
 	return &result
 }
 
+func (resource *ResourceType) WithoutInterface(name TypeName) *ResourceType {
+	if !resource.InterfaceImplementer.HasInterface(name) {
+		return resource
+	}
+
+	result := *resource
+	result.InterfaceImplementer = result.InterfaceImplementer.WithoutInterface(name)
+	return &result
+}
+
 // WithInterface creates a new Resource with a function (method) attached to it
 func (resource *ResourceType) WithInterface(iface *InterfaceImplementation) *ResourceType {
 	// Create a copy of objectType to preserve immutability

hack/generator/pkg/codegen/pipeline_create_storage_types.go

@@ -71,6 +71,7 @@ func makeStorageTypesVisitor(types astmodel.Types) astmodel.TypeVisitor {
 	result.VisitValidatedType = factory.visitValidatedType
 	result.VisitTypeName = factory.visitTypeName
 	result.VisitObjectType = factory.visitObjectType
+	result.VisitResourceType = factory.visitResourceType
 	result.VisitArmType = factory.visitArmType
 
 	factory.visitor = result
@@ -124,6 +125,15 @@ func (factory *StorageTypeFactory) visitTypeName(_ *astmodel.TypeVisitor, name a
 	return visitedName, nil
 }
 
+func (factory *StorageTypeFactory) visitResourceType(
+	this *astmodel.TypeVisitor,
+	resource *astmodel.ResourceType,
+	ctx interface{}) (astmodel.Type, error) {
+
+	// storage resource types do not need defaulter interface, they have no webhooks
+	return resource.WithoutInterface(astmodel.DefaulterInterfaceName), nil
+}
+
 func (factory *StorageTypeFactory) visitObjectType(
 	_ *astmodel.TypeVisitor,
 	object *astmodel.ObjectType,
@@ -148,6 +158,7 @@ func (factory *StorageTypeFactory) visitObjectType(
 	}
 
 	objectType := astmodel.NewObjectType().WithProperties(properties...)
+
 	return astmodel.NewStorageType(*objectType), nil
 }
 

hack/generator/pkg/codegen/testdata/ArmResource/Arm_test_dependent_resource_and_ownership.golden

@@ -19,7 +19,7 @@ type A struct {
 	Spec              A_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-a,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=a,verbs=create;update,versions=v20200101,name=default.a.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-a,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=a,verbs=create;update,versions=v20200101,name=default.v20200101.a.test.infra.azure.com
 
 var _ admission.Defaulter = &A{}
 
@@ -88,7 +88,7 @@ type B struct {
 	Spec              B_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-b,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=b,verbs=create;update,versions=v20200101,name=default.b.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-b,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=b,verbs=create;update,versions=v20200101,name=default.v20200101.b.test.infra.azure.com
 
 var _ admission.Defaulter = &B{}
 
@@ -157,7 +157,7 @@ type C struct {
 	Spec              C_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-c,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=c,verbs=create;update,versions=v20200101,name=default.c.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-c,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=c,verbs=create;update,versions=v20200101,name=default.v20200101.c.test.infra.azure.com
 
 var _ admission.Defaulter = &C{}
 

hack/generator/pkg/codegen/testdata/ArmResource/Arm_test_simple_resource_array_properties.golden

@@ -19,7 +19,7 @@ type FakeResource struct {
 	Spec              FakeResource_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.fakeresource.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.v20200101.fakeresource.test.infra.azure.com
 
 var _ admission.Defaulter = &FakeResource{}
 

hack/generator/pkg/codegen/testdata/ArmResource/Arm_test_simple_resource_complex_properties.golden

@@ -19,7 +19,7 @@ type FakeResource struct {
 	Spec              FakeResource_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.fakeresource.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.v20200101.fakeresource.test.infra.azure.com
 
 var _ admission.Defaulter = &FakeResource{}
 

hack/generator/pkg/codegen/testdata/ArmResource/Arm_test_simple_resource_json_fields.golden

@@ -20,7 +20,7 @@ type FakeResource struct {
 	Spec              FakeResource_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.fakeresource.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.v20200101.fakeresource.test.infra.azure.com
 
 var _ admission.Defaulter = &FakeResource{}
 

hack/generator/pkg/codegen/testdata/ArmResource/Arm_test_simple_resource_map_properties.golden

@@ -19,7 +19,7 @@ type FakeResource struct {
 	Spec              FakeResource_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.fakeresource.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.v20200101.fakeresource.test.infra.azure.com
 
 var _ admission.Defaulter = &FakeResource{}
 

hack/generator/pkg/codegen/testdata/ArmResource/Arm_test_simple_resource_renders_spec.golden

@@ -19,7 +19,7 @@ type FakeResource struct {
 	Spec              FakeResource_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.fakeresource.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.v20200101.fakeresource.test.infra.azure.com
 
 var _ admission.Defaulter = &FakeResource{}
 

hack/generator/pkg/codegen/testdata/EmbeddedTypes/Embedded_type_simple_resource.golden

@@ -19,7 +19,7 @@ type FakeResource struct {
 	Spec              FakeResource_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.fakeresource.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-fakeresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=fakeresource,verbs=create;update,versions=v20200101,name=default.v20200101.fakeresource.test.infra.azure.com
 
 var _ admission.Defaulter = &FakeResource{}
 

hack/generator/pkg/codegen/testdata/EnumNames/Multi_valued_enum_name.golden

@@ -19,7 +19,7 @@ type AResource struct {
 	Spec              AResource_Spec `json:"spec,omitempty"`
 }
 
-// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-aresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=aresource,verbs=create;update,versions=v20200101,name=default.aresource.test.infra.azure.com
+// +kubebuilder:webhook:path=/mutate-test-infra-azure-com-v20200101-aresource,mutating=true,sideEffects=None,matchPolicy=Exact,failurePolicy=fail,groups=test.infra.azure.com,resources=aresource,verbs=create;update,versions=v20200101,name=default.v20200101.aresource.test.infra.azure.com
 
 var _ admission.Defaulter = &AResource{}