From 98d1dc25d60d523cedd4d4382e3041d751e3cd1e Mon Sep 17 00:00:00 2001 From: adrianc Date: Tue, 6 Feb 2024 19:26:40 +0200 Subject: [PATCH] Update Webhook As the operator no longer creates default SriovOperatorConfig and SriovNetworkNodePolicy the webhook is updated in the following Manner: Validating: - Allow deletion of default config/policy. - Block create/update of non default config CR Mutating: - keep skipping default but add a comment to mark as deprecated. Signed-off-by: adrianc --- pkg/webhook/mutate.go | 2 ++ pkg/webhook/validate.go | 14 +++++--------- pkg/webhook/validate_test.go | 4 ++-- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/pkg/webhook/mutate.go b/pkg/webhook/mutate.go index ee8ae2ac6..098f0e8fc 100644 --- a/pkg/webhook/mutate.go +++ b/pkg/webhook/mutate.go @@ -23,6 +23,8 @@ func mutateSriovNetworkNodePolicy(cr map[string]interface{}) (*v1.AdmissionRespo reviewResponse.Allowed = true name := cr["metadata"].(map[string]interface{})["name"] + // Note(adrianc): the "default" policy is deprecated, we keep this skip below + // in case we encounter it in the cluster. if name == constants.DefaultPolicyName { // skip the default policy return &reviewResponse, nil diff --git a/pkg/webhook/validate.go b/pkg/webhook/validate.go index f225dd6c2..98b9c1711 100644 --- a/pkg/webhook/validate.go +++ b/pkg/webhook/validate.go @@ -35,12 +35,12 @@ func validateSriovOperatorConfig(cr *sriovnetworkv1.SriovOperatorConfig, operati log.Log.V(2).Info("validateSriovOperatorConfig", "object", cr) var warnings []string - if cr.GetName() != consts.DefaultConfigName { - return false, warnings, fmt.Errorf("only default SriovOperatorConfig is used") + if operation == v1.Delete { + return true, warnings, nil } - if operation == v1.Delete { - warnings = append(warnings, "default SriovOperatorConfig shouldn't be deleted") + if cr.GetName() != consts.DefaultConfigName && cr.GetNamespace() != vars.Namespace { + return false, warnings, fmt.Errorf("only default SriovOperatorConfig in %s namespace is used", vars.Namespace) } if cr.Spec.DisableDrain { @@ -96,11 +96,7 @@ func validateSriovNetworkNodePolicy(cr *sriovnetworkv1.SriovNetworkNodePolicy, o var warnings []string if cr.GetName() == consts.DefaultPolicyName && cr.GetNamespace() == os.Getenv("NAMESPACE") { - if operation == v1.Delete { - warnings = append(warnings, "default SriovNetworkNodePolicy shouldn't be deleted") - } - - // skip validating default policy + // skip validating (deprecated) default policy return true, warnings, nil } diff --git a/pkg/webhook/validate_test.go b/pkg/webhook/validate_test.go index d67e1a011..f14d86376 100644 --- a/pkg/webhook/validate_test.go +++ b/pkg/webhook/validate_test.go @@ -157,7 +157,7 @@ func TestValidateSriovOperatorConfigWithDefaultOperatorConfig(t *testing.T) { ok, w, err := validateSriovOperatorConfig(config, "DELETE") g.Expect(err).NotTo(HaveOccurred()) g.Expect(ok).To(Equal(true)) - g.Expect(w[0]).To(ContainSubstring("default SriovOperatorConfig shouldn't be deleted")) + g.Expect(w).To(BeEmpty()) ok, _, err = validateSriovOperatorConfig(config, "UPDATE") g.Expect(err).NotTo(HaveOccurred()) @@ -226,7 +226,7 @@ func TestValidateSriovNetworkNodePolicyWithDefaultPolicy(t *testing.T) { ok, w, err := validateSriovNetworkNodePolicy(policy, "DELETE") g.Expect(err).NotTo(HaveOccurred()) g.Expect(ok).To(Equal(true)) - g.Expect(w[0]).To(ContainSubstring("default SriovNetworkNodePolicy shouldn't be deleted")) + g.Expect(w).To(BeEmpty()) ok, _, err = validateSriovNetworkNodePolicy(policy, "UPDATE") g.Expect(err).NotTo(HaveOccurred())