Skip to content

Commit

Permalink
Add validation on policy permanent ID
Browse files Browse the repository at this point in the history 
cleanup

Signed-off-by: whitewindmills <[email protected]>
  • Loading branch information
@whitewindmills
whitewindmills committed May 20, 2024
1 parent 3314771 commit 4e6faad
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 2 deletions.
3 changes: 2 additions & 1 deletion pkg/webhook/clusterpropagationpolicy/mutating.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"net/http"

"github.com/google/uuid"
admissionv1 "k8s.io/api/admission/v1"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

policyv1alpha1 "github.com/karmada-io/karmada/pkg/apis/policy/v1alpha1"
Expand Down Expand Up @@ -82,7 +83,7 @@ func (a *MutatingAdmission) Handle(_ context.Context, req admission.Request) adm
}
}

if util.GetLabelValue(policy.Labels, policyv1alpha1.ClusterPropagationPolicyPermanentIDLabel) == "" {
if req.Operation == admissionv1.Create {
util.MergeLabel(policy, policyv1alpha1.ClusterPropagationPolicyPermanentIDLabel, uuid.New().String())
}

Expand Down
6 changes: 6 additions & 0 deletions pkg/webhook/clusterpropagationpolicy/validating.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,12 @@ func (v *ValidatingAdmission) Handle(_ context.Context, req admission.Request) a
klog.Error(err)
return admission.Denied(err.Error())
}

if policy.Labels[policyv1alpha1.ClusterPropagationPolicyPermanentIDLabel] !=
oldPolicy.Labels[policyv1alpha1.ClusterPropagationPolicyPermanentIDLabel] {
return admission.Denied(fmt.Sprintf("the label %q is protected, any updates are prohibited",
policyv1alpha1.ClusterPropagationPolicyPermanentIDLabel))
}
}

errs := validation.ValidatePropagationSpec(policy.Spec)
Expand Down
3 changes: 2 additions & 1 deletion pkg/webhook/propagationpolicy/mutating.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"net/http"

"github.com/google/uuid"
admissionv1 "k8s.io/api/admission/v1"
"k8s.io/klog/v2"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

Expand Down Expand Up @@ -94,7 +95,7 @@ func (a *MutatingAdmission) Handle(_ context.Context, req admission.Request) adm
}
}

if util.GetLabelValue(policy.Labels, policyv1alpha1.PropagationPolicyPermanentIDLabel) == "" {
if req.Operation == admissionv1.Create {
util.MergeLabel(policy, policyv1alpha1.PropagationPolicyPermanentIDLabel, uuid.New().String())
}

Expand Down
6 changes: 6 additions & 0 deletions pkg/webhook/propagationpolicy/validating.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,12 @@ func (v *ValidatingAdmission) Handle(_ context.Context, req admission.Request) a
klog.Error(err)
return admission.Denied(err.Error())
}

if policy.Labels[policyv1alpha1.PropagationPolicyPermanentIDLabel] !=
oldPolicy.Labels[policyv1alpha1.PropagationPolicyPermanentIDLabel] {
return admission.Denied(fmt.Sprintf("the label %q is protected, any updates are prohibited",
policyv1alpha1.PropagationPolicyPermanentIDLabel))
}
}

errs := validation.ValidatePropagationSpec(policy.Spec)
Expand Down

0 comments on commit 4e6faad

Please sign in to comment.