diff --git a/Makefile b/Makefile index 4dca6847..3a151b06 100644 --- a/Makefile +++ b/Makefile @@ -186,7 +186,7 @@ test-crdvalidator-e2e: ginkgo ## Run the crdvalidator e2e tests. Assumes you hav $(GINKGO) -trace -progress $(FOCUS) cmd/crdvalidator/test/e2e crdvalidator-e2e: KIND_CLUSTER_NAME=crdvalidator-e2e -crdvalidator-e2e: deploy-crdvalidator test-crdvalidator ## Run the crdvalidator e2e tests. Assumes you have already installed the crdvalidator webhook. +crdvalidator-e2e: kind-cluster deploy-crdvalidator test-crdvalidator ## Run the crdvalidator e2e tests. Assumes you have already installed the crdvalidator webhook. ################ # Hack / Tools # diff --git a/cmd/crdvalidator/internal/handlers/crd.go b/cmd/crdvalidator/internal/handlers/crd.go index f88041ad..60226ac1 100644 --- a/cmd/crdvalidator/internal/handlers/crd.go +++ b/cmd/crdvalidator/internal/handlers/crd.go @@ -33,37 +33,43 @@ import ( // CrdValidator houses a client, decoder and Handle function for ensuring // that a CRD create/update request is safe type CrdValidator struct { - Log logr.Logger - Client client.Client + log logr.Logger + client client.Client decoder *admission.Decoder } +func NewCrdValidator(log logr.Logger, client client.Client) CrdValidator { + return CrdValidator{ + log: log.V(1).WithName("crdhandler"), // Default to non-verbose logs + client: client, + } +} + // Handle takes an incoming CRD create/update request and confirms that it is // a safe upgrade based on the crd.Validate() function call -func (v *CrdValidator) Handle(ctx context.Context, req admission.Request) admission.Response { - log := v.Log.V(1).WithName("crdhandler") // Default to non-verbose logs +func (cv *CrdValidator) Handle(ctx context.Context, req admission.Request) admission.Response { incomingCrd := &apiextensionsv1.CustomResourceDefinition{} - err := v.decoder.Decode(req, incomingCrd) + err := cv.decoder.Decode(req, incomingCrd) if err != nil { message := fmt.Sprintf("failed to decode CRD %q", req.Name) - log.V(0).Error(err, message) + cv.log.V(0).Error(err, message) return admission.Errored(http.StatusBadRequest, fmt.Errorf("%s: %w", message, err)) } - err = crd.Validate(ctx, v.Client, incomingCrd) + err = crd.Validate(ctx, cv.client, incomingCrd) if err != nil { message := fmt.Sprintf("failed to validate safety of %s for CRD %q: %s", req.Operation, req.Name, err) - log.V(0).Info(message) + cv.log.V(0).Info(message) return admission.Denied(message) } - log.Info("admission allowed for %s of CRD %q", req.Name, req.Operation) + cv.log.Info("admission allowed for %s of CRD %q", req.Name, req.Operation) return admission.Allowed("") } // InjectDecoder injects a decoder for the CrdValidator. -func (v *CrdValidator) InjectDecoder(d *admission.Decoder) error { - v.decoder = d +func (cv *CrdValidator) InjectDecoder(d *admission.Decoder) error { + cv.decoder = d return nil } diff --git a/cmd/crdvalidator/main.go b/cmd/crdvalidator/main.go index 2826d1cd..3346fc96 100644 --- a/cmd/crdvalidator/main.go +++ b/cmd/crdvalidator/main.go @@ -62,11 +62,9 @@ func main() { // Register CRD validation handler entryLog.Info("registering webhooks to the webhook server") + crdValidatorHandler := handlers.NewCrdValidator(entryLog, mgr.GetClient()) hookServer.Register("/validate-crd", &webhook.Admission{ - Handler: &handlers.CrdValidator{ - Client: mgr.GetClient(), - Log: entryLog, - }, + Handler: &crdValidatorHandler, }) entryLog.Info("starting manager")