Enhance(webhook): add skip validations checks via annotations

There are some cases like volume migration where we need to delete the old pvc and create new based on CSI, in such cases we need to ignore/skip the validations. Signed-off-by: prateekpandey14 <prateek.pandey@mayadata.io>
openebs-archive · Jun 8, 2020 · 0edd1b8 · 0edd1b8
1 parent c1befaa
commit 0edd1b8
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 1 deletion.
diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"strings"
 
 	snapshot "github.com/openebs/maya/pkg/apis/openebs.io/snapshot/v1"
 	"github.com/openebs/maya/pkg/apis/openebs.io/v1alpha1"
@@ -63,6 +64,7 @@ var (
 		metav1.NamespacePublic,
 	}
 	snapshotAnnotation = "snapshot.alpha.kubernetes.io/snapshot"
+	skipValidation     = "openebs.io/skip-validations"
 )
 
 // webhook implements a validating webhook.
@@ -183,7 +185,20 @@ func admissionRequired(ignoredList []string, metadata *metav1.ObjectMeta) bool {
 			return false
 		}
 	}
-	return true
+
+	annotations := metadata.GetAnnotations()
+	if annotations == nil {
+		annotations = map[string]string{}
+	}
+
+	var required bool
+	switch strings.ToLower(annotations[skipValidation]) {
+	default:
+		required = true
+	case "n", "no", "false", "off":
+		required = false
+	}
+	return required
 }
 
 func validationRequired(ignoredList []string, metadata *metav1.ObjectMeta) bool {
@@ -230,6 +245,12 @@ func (wh *webhook) validatePVCDeleteRequest(req *v1beta1.AdmissionRequest) *v1be
 		return response
 	}
 
+	// skip pvc validation if skip-validations annotation has been set
+	if _, ok := pvc.GetAnnotations()[skipValidation]; ok {
+		klog.Infof("Skipping validations for %s/%s due to PVC has skip validation", pvc.Namespace, pvc.Name)
+		return response
+	}
+
 	// If PVC is not yet bound to PV then don't even perform any checks
 	if pvc.Spec.VolumeName == "" {
 		klog.Infof("Skipping validations for %s/%s due to PVC is not yet bound", pvc.Namespace, pvc.Name)

diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go
@@ -282,6 +282,51 @@ func TestValidatePVCDeleteRequest(t *testing.T) {
 			isRequiresPVCCreation: true,
 			expectedResponse:      true,
 		},
+		"Skip PVC validations if skip-validaions annotations set even snapshotData exists": {
+			pvc: &corev1.PersistentVolumeClaim{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        "PVC7",
+					Namespace:   "test",
+					Annotations: map[string]string{skipValidation: "true"},
+				},
+				Spec: corev1.PersistentVolumeClaimSpec{
+					VolumeName: "PV1",
+				},
+			},
+			snapshotData: &snapshotapi.VolumeSnapshotData{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "SnapData1",
+				},
+				Spec: snapshotapi.VolumeSnapshotDataSpec{
+					PersistentVolumeRef: &corev1.ObjectReference{
+						Name: "PV1",
+					},
+				},
+			},
+			isRequiresPVCCreation: true,
+			expectedResponse:      true,
+		},
+		"Skip pvc validaion if skipValidation annotations set even snapshot exists": {
+			pvc: &corev1.PersistentVolumeClaim{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        "PVC8",
+					Namespace:   "test",
+					Annotations: map[string]string{skipValidation: "true"},
+				},
+				Spec: corev1.PersistentVolumeClaimSpec{
+					VolumeName: "PV1",
+				},
+			},
+			snapshot: &snapshotapi.VolumeSnapshot{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "Snap1",
+					Namespace: "test",
+					Labels:    map[string]string{snapshotMetadataPVName: "PV1"},
+				},
+			},
+			isRequiresPVCCreation: true,
+			expectedResponse:      true,
+		},
 	}
 	for name, test := range tests {
 		name, test := name, test