First validation test

- split webhook configuration as well [#220] Co-authored-by: Todd Ritchie <tritchie@vmware.com>
vmware-tanzu · Oct 19, 2021 · 34c864e · 34c864e
1 parent f1964bb
commit 34c864e
Show file tree

Hide file tree

Showing 8 changed files with 336 additions and 46 deletions.
diff --git a/config/webhook/delivery_webhook.yaml b/config/webhook/delivery_webhook.yaml
@@ -0,0 +1,35 @@
+# Copyright 2021 VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: deliveryvalidator
+  annotations:
+    cert-manager.io/inject-ca-from: cartographer-system/cartographer-webhook
+webhooks:
+  - name: delivery-validator.cartographer.com
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["carto.run"]
+        apiVersions: ["v1alpha1"]
+        resources: ["clusterdeliveries"]
+        scope: "Cluster"
+    clientConfig:
+      service:
+        name: cartographer-webhook
+        namespace: cartographer-system
+        path: /validate-carto-run-v1alpha1-clusterdelivery
+    sideEffects: None
+    admissionReviewVersions: ["v1", "v1beta1"]
diff --git a/config/webhook/webhook.yaml → config/webhook/supply_chain_webhook.yaml b/config/webhook/webhook.yaml → config/webhook/supply_chain_webhook.yaml
@@ -90,49 +90,3 @@ webhooks:
     sideEffects: None
     admissionReviewVersions: ["v1", "v1beta1"]
 
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: cartographer-webhook
-  namespace: cartographer-system
-spec:
-  commonName: cartographer-webhook.cartographer-system.svc
-  dnsNames:
-    - cartographer-webhook.cartographer-system.svc
-    - cartographer-webhook.cartographer-system.svc.cluster.local
-  issuerRef:
-    kind: Issuer
-    name: selfsigned-issuer
-  secretName: cartographer-webhook
----
-
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: selfsigned-issuer
-  namespace: cartographer-system
-spec:
-  selfSigned: {}
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: cartographer-webhook
-  namespace: cartographer-system
-spec:
-  ports:
-    - port: 443
-      targetPort: 9443
-  selector:
-    app: cartographer-controller
----
-
-kind: Secret
-apiVersion: v1
-metadata:
-  name: cartographer-webhook
-  namespace: cartographer-system
-type: Opaque
diff --git a/config/webhook/support.yaml b/config/webhook/support.yaml
@@ -0,0 +1,59 @@
+# Copyright 2021 VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cartographer-webhook
+  namespace: cartographer-system
+spec:
+  commonName: cartographer-webhook.cartographer-system.svc
+  dnsNames:
+    - cartographer-webhook.cartographer-system.svc
+    - cartographer-webhook.cartographer-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: cartographer-webhook
+
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+  namespace: cartographer-system
+spec:
+  selfSigned: {}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cartographer-webhook
+  namespace: cartographer-system
+spec:
+  ports:
+    - port: 443
+      targetPort: 9443
+  selector:
+    app: cartographer-controller
+
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  name: cartographer-webhook
+  namespace: cartographer-system
+type: Opaque
diff --git a/pkg/apis/v1alpha1/cluster_delivery.go b/pkg/apis/v1alpha1/cluster_delivery.go
@@ -19,7 +19,10 @@
 package v1alpha1
 
 import (
+	"fmt"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 const (
@@ -76,6 +79,30 @@ type ClusterDeliveryList struct {
 	Items           []ClusterDelivery `json:"items"`
 }
 
+func (c *ClusterDelivery) ValidateCreate() error {
+	return validateNewState(c)
+}
+
+func (c *ClusterDelivery) ValidateUpdate(_ runtime.Object) error {
+	return validateNewState(c)
+}
+
+func (c *ClusterDelivery) ValidateDelete() error {
+	return nil
+}
+
+func validateNewState(c *ClusterDelivery) error {
+	names := map[string]bool{}
+
+	for idx, resource := range c.Spec.Resources {
+		if names[resource.Name] {
+			return fmt.Errorf("spec.resources[%d].name \"%s\" cannot appear twice", idx, resource.Name)
+		}
+		names[resource.Name] = true
+	}
+	return nil
+}
+
 func init() {
 	SchemeBuilder.Register(
 		&ClusterDelivery{},

diff --git a/pkg/apis/v1alpha1/cluster_delivery_test.go b/pkg/apis/v1alpha1/cluster_delivery_test.go
@@ -0,0 +1,171 @@
+// Copyright 2021 VMware
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1_test
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/vmware-tanzu/cartographer/pkg/apis/v1alpha1"
+)
+
+var _ = Describe("Delivery Validation", func() {
+	Describe("#Create", func() {
+		Context("Well formed delivery", func() {
+			var delivery *v1alpha1.ClusterDelivery
+
+			BeforeEach(func() {
+				delivery = &v1alpha1.ClusterDelivery{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "delivery-resource",
+						Namespace: "default",
+					},
+					Spec: v1alpha1.ClusterDeliverySpec{
+						Resources: []v1alpha1.ClusterDeliveryResource{
+							{
+								Name: "source-provider",
+								TemplateRef: v1alpha1.DeliveryClusterTemplateReference{
+									Kind: "ClusterSourceTemplate",
+									Name: "source-template",
+								},
+							},
+							{
+								Name: "other-source-provider",
+								TemplateRef: v1alpha1.DeliveryClusterTemplateReference{
+									Kind: "ClusterSourceTemplate",
+									Name: "source-template",
+								},
+							},
+						},
+					},
+				}
+			})
+
+			It("does not return an error", func() {
+				Expect(delivery.ValidateCreate()).NotTo(HaveOccurred())
+			})
+
+		})
+
+		Context("Duplicate resource names", func() {
+			var delivery *v1alpha1.ClusterDelivery
+
+			BeforeEach(func() {
+				delivery = &v1alpha1.ClusterDelivery{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "delivery-resource",
+						Namespace: "default",
+					},
+					Spec: v1alpha1.ClusterDeliverySpec{
+						Resources: []v1alpha1.ClusterDeliveryResource{
+							{
+								Name: "source-provider",
+								TemplateRef: v1alpha1.DeliveryClusterTemplateReference{
+									Kind: "ClusterSourceTemplate",
+									Name: "source-template",
+								},
+							},
+							{
+								Name: "source-provider",
+								TemplateRef: v1alpha1.DeliveryClusterTemplateReference{
+									Kind: "ClusterSourceTemplate",
+									Name: "source-template",
+								},
+							},
+						},
+					},
+				}
+			})
+
+			It("does not return an error", func() {
+				err := delivery.ValidateCreate()
+				Expect(err).To(HaveOccurred())
+				Expect(err).To(MatchError(ContainSubstring(`spec.resources[1].name "source-provider" cannot appear twice`)))
+			})
+
+		})
+	})
+
+	Describe("#Update", func() {
+		var (
+			previousDelivery *v1alpha1.ClusterDelivery
+			newDelivery      *v1alpha1.ClusterDelivery
+		)
+
+		BeforeEach(func() {
+			previousDelivery = &v1alpha1.ClusterDelivery{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "delivery-resource",
+					Namespace: "default",
+				},
+				Spec: v1alpha1.ClusterDeliverySpec{
+					Resources: []v1alpha1.ClusterDeliveryResource{
+						{
+							Name: "source-provider",
+							TemplateRef: v1alpha1.DeliveryClusterTemplateReference{
+								Kind: "ClusterSourceTemplate",
+								Name: "source-template",
+							},
+						},
+						{
+							Name: "other-source-provider",
+							TemplateRef: v1alpha1.DeliveryClusterTemplateReference{
+								Kind: "ClusterSourceTemplate",
+								Name: "source-template",
+							},
+						},
+					},
+				},
+			}
+		})
+
+		Context("with a valid change", func() {
+			BeforeEach(func() {
+				newDelivery = previousDelivery.DeepCopy()
+				newDelivery.Spec.Resources = newDelivery.Spec.Resources[:1]
+			})
+
+			It("does not return an error", func() {
+				Expect(newDelivery.ValidateUpdate(previousDelivery)).NotTo(HaveOccurred())
+			})
+		})
+
+		Context("Duplicate resource names", func() {
+			BeforeEach(func() {
+				newDelivery = previousDelivery.DeepCopy()
+				newDelivery.Spec.Resources = append(newDelivery.Spec.Resources, v1alpha1.ClusterDeliveryResource{
+					Name: "other-source-provider",
+					TemplateRef: v1alpha1.DeliveryClusterTemplateReference{
+						Kind: "ClusterSourceTemplate",
+						Name: "source-template",
+					},
+				})
+			})
+
+			It("does not return an error", func() {
+				err := newDelivery.ValidateUpdate(previousDelivery)
+				Expect(err).To(HaveOccurred())
+				Expect(err).To(MatchError(ContainSubstring(`spec.resources[2].name "other-source-provider" cannot appear twice`)))
+			})
+
+		})
+
+	})
+
+	Describe("#Delete", func() {
+
+	})
+})
diff --git a/pkg/root/root.go b/pkg/root/root.go
@@ -97,6 +97,12 @@ func (cmd *Command) Execute() error {
 			Complete(); err != nil {
 			return fmt.Errorf("clustertemplate webhook: %w", err)
 		}
+		if err := controllerruntime.NewWebhookManagedBy(mgr).
+			For(&v1alpha1.ClusterDelivery{}).
+			Complete(); err != nil {
+			return fmt.Errorf("clusterdelivery webhook: %w", err)
+		}
+
 	}
 
 	if err := mgr.Start(cmd.Context); err != nil {

diff --git a/tests/integration/delivery/delivery_suite_test.go b/tests/integration/delivery/delivery_suite_test.go
@@ -65,6 +65,9 @@ var _ = BeforeSuite(func() {
 
 	// start kube-apiserver and etcd
 	testEnv = &envtest.Environment{
+		WebhookInstallOptions: envtest.WebhookInstallOptions{
+			Paths: []string{filepath.Join("..", "..", "..", "config", "webhook")},
+		},
 		CRDDirectoryPaths:        []string{filepath.Join("..", "..", "..", "config", "crd", "bases")},
 		AttachControlPlaneOutput: DebugControlPlane, // Set to true for great debug logging
 	}