Update Webhook

As the operator no longer creates default SriovOperatorConfig and SriovNetworkNodePolicy the webhook is updated in the following Manner: Validating: - Allow deletion of default config/policy. - Block create/update of non default config CR Mutating: - keep skipping default but add a comment to mark as deprecated. Signed-off-by: adrianc <adrianc@nvidia.com>
k8snetworkplumbingwg · Feb 6, 2024 · 98d1dc2 · 98d1dc2
1 parent 49dde87
commit 98d1dc2
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 11 deletions.
diff --git a/pkg/webhook/mutate.go b/pkg/webhook/mutate.go
@@ -23,6 +23,8 @@ func mutateSriovNetworkNodePolicy(cr map[string]interface{}) (*v1.AdmissionRespo
 	reviewResponse.Allowed = true
 
 	name := cr["metadata"].(map[string]interface{})["name"]
+	// Note(adrianc): the "default" policy is deprecated, we keep this skip below
+	// in case we encounter it in the cluster.
 	if name == constants.DefaultPolicyName {
 		// skip the default policy
 		return &reviewResponse, nil

diff --git a/pkg/webhook/validate.go b/pkg/webhook/validate.go
@@ -35,12 +35,12 @@ func validateSriovOperatorConfig(cr *sriovnetworkv1.SriovOperatorConfig, operati
 	log.Log.V(2).Info("validateSriovOperatorConfig", "object", cr)
 	var warnings []string
 
-	if cr.GetName() != consts.DefaultConfigName {
-		return false, warnings, fmt.Errorf("only default SriovOperatorConfig is used")
+	if operation == v1.Delete {
+		return true, warnings, nil
 	}
 
-	if operation == v1.Delete {
-		warnings = append(warnings, "default SriovOperatorConfig shouldn't be deleted")
+	if cr.GetName() != consts.DefaultConfigName && cr.GetNamespace() != vars.Namespace {
+		return false, warnings, fmt.Errorf("only default SriovOperatorConfig in %s namespace is used", vars.Namespace)
 	}
 
 	if cr.Spec.DisableDrain {
@@ -96,11 +96,7 @@ func validateSriovNetworkNodePolicy(cr *sriovnetworkv1.SriovNetworkNodePolicy, o
 	var warnings []string
 
 	if cr.GetName() == consts.DefaultPolicyName && cr.GetNamespace() == os.Getenv("NAMESPACE") {
-		if operation == v1.Delete {
-			warnings = append(warnings, "default SriovNetworkNodePolicy shouldn't be deleted")
-		}
-
-		// skip validating default policy
+		// skip validating (deprecated) default policy
 		return true, warnings, nil
 	}
 

diff --git a/pkg/webhook/validate_test.go b/pkg/webhook/validate_test.go
@@ -157,7 +157,7 @@ func TestValidateSriovOperatorConfigWithDefaultOperatorConfig(t *testing.T) {
 	ok, w, err := validateSriovOperatorConfig(config, "DELETE")
 	g.Expect(err).NotTo(HaveOccurred())
 	g.Expect(ok).To(Equal(true))
-	g.Expect(w[0]).To(ContainSubstring("default SriovOperatorConfig shouldn't be deleted"))
+	g.Expect(w).To(BeEmpty())
 
 	ok, _, err = validateSriovOperatorConfig(config, "UPDATE")
 	g.Expect(err).NotTo(HaveOccurred())
@@ -226,7 +226,7 @@ func TestValidateSriovNetworkNodePolicyWithDefaultPolicy(t *testing.T) {
 	ok, w, err := validateSriovNetworkNodePolicy(policy, "DELETE")
 	g.Expect(err).NotTo(HaveOccurred())
 	g.Expect(ok).To(Equal(true))
-	g.Expect(w[0]).To(ContainSubstring("default SriovNetworkNodePolicy shouldn't be deleted"))
+	g.Expect(w).To(BeEmpty())
 
 	ok, _, err = validateSriovNetworkNodePolicy(policy, "UPDATE")
 	g.Expect(err).NotTo(HaveOccurred())