feat: Add comprehensive webhook validations for CRD configuration#1762
feat: Add comprehensive webhook validations for CRD configuration#1762patrykw-splunk wants to merge 9 commits intodevelopfrom
Conversation
- Add appsRepoPollInterval validation: - Default: 0 (disabled) - Minimum: 0, Maximum: 86400 (1 day) - Values between 1-59 are rejected (must be 0 or >= 60) - Add appSources uniqueness validation: - Location + Scope combination must be unique across appSources - Uses defaults.scope when scope is not specified in appSource - volumeName is NOT part of uniqueness check - Add unit tests for all new validations
- Validate that premiumAppsProps.type is required when scope is 'premiumApps' - Check both source-level and defaults-level premiumAppsProps.type - Add unit tests for premiumAppsProps validation scenarios
- Validate that environment variable names in spec.extraEnv are unique - Report duplicate names with reference to the first occurrence - Add unit tests for extraEnv uniqueness validation
- Validate that secret names in spec.imagePullSecrets are unique - Report duplicate names with reference to the first occurrence - Add unit tests for imagePullSecrets uniqueness validation
- Validate livenessProbe, readinessProbe, and startupProbe configurations - initialDelaySeconds: minimum 0 - timeoutSeconds: minimum 1 - periodSeconds: minimum 1 - failureThreshold: minimum 1 - Add unit tests for probe validation scenarios
- Validate that memory request does not exceed memory limit - Validate that cpu request does not exceed cpu limit - Add unit tests for resource requirements validation
- Validate that indexes require at least one volume to be configured - Validate that index volumeName references an existing volume in volumes list - Validate that index has volumeName or defaults.volumeName provided - Update and add unit tests for SmartStore validation
- Validate that ephemeralStorage is mutually exclusive with storageClassName - Validate that ephemeralStorage is mutually exclusive with storageCapacity - Add unit tests for ephemeralStorage mutual exclusivity scenarios
|
CLA Assistant Lite bot: I have read the CLA Document and I hereby sign the CLA Patryk Wasielewski seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. |
|
CLA Assistant Lite bot: All contributors have NOT signed the COC Document I have read the Code of Conduct and I hereby accept the Terms Patryk Wasielewski seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. |
|
I have read the Code of Conduct and I hereby accept the Terms |
| } | ||
|
|
||
| // Validate imagePullSecrets uniqueness by Name | ||
| seenSecretNames := make(map[string]int) // map name -> first index seen |
There was a problem hiding this comment.
We could extract this code into a separate function since the same code is used more than once.
- Add ValidationContext to carry Kubernetes client for resource lookups - Extend Validator interface with context-aware validation methods - Implement ValidateImagePullSecretsExistence to verify secrets exist - Update all CRD validators with context-aware validation functions - Pass manager client to webhook server for API access - Update ValidationWebhook.md documentation with new validation rules - Add unit tests for imagePullSecrets existence validation This enables the webhook to reject CRs that reference non-existent secrets in spec.imagePullSecrets, providing early feedback to users.
2 participants
Description
This PR enhances the Splunk Operator's webhook validation layer with comprehensive validation rules to catch configuration errors early and provide clear error messages to users.
Key Changes
Testing and Verification
Added Unit tests
Related Issues
N/A
PR Checklist