adds validation of the json schema (#27)

* adds validation of the json schema

* Update mutating_admission_webhook.go

* Update validating_admission_webhoook.go

* reworked to use FF CR as the webhook trigger

* reworked to use FF CR as the webhook trigger

* removed kustomize change

* removed kustomize change

* Update main.go

Co-authored-by: Thomas Schuetz <[email protected]>

Author: AlexsJones

PROJECT

@@ -12,27 +12,6 @@ resources:
   domain: openfeature.dev
   group: core
   kind: FeatureFlagConfiguration
-  path: github.com/open-feature/open-feature-operator/api/v1alpha1
+  path: github.com/open-feature/open-feature-operator/apis/core/v1alpha1
   version: v1alpha1
-- api:
-    crdVersion: v1
-    namespaced: true
-  controller: true
-  domain: openfeature.dev
-  group: core
-  kind: Deployment
-  path: github.com/open-feature/open-feature-operator/api/v1alpha1
-  version: v1alpha1
-  webhooks:
-    defaulting: true
-    validation: true
-    webhookVersion: v1
-- group: apps
-  kind: Deployment
-  path: k8s.io/api/apps/v1
-  version: v1
-  webhooks:
-    defaulting: true
-    validation: true
-    webhookVersion: v1
 version: "3"

apis/core/v1alpha1/featureflagconfiguration_types.go

@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"github.com/open-feature/open-feature-operator/pkg/utils"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -62,3 +64,29 @@ type FeatureFlagConfigurationList struct {
 func init() {
 	SchemeBuilder.Register(&FeatureFlagConfiguration{}, &FeatureFlagConfigurationList{})
 }
+
+func GetFfReference(ff *FeatureFlagConfiguration) metav1.OwnerReference {
+	return metav1.OwnerReference{
+		APIVersion: ff.APIVersion,
+		Kind:       ff.Kind,
+		Name:       ff.Name,
+		UID:        ff.UID,
+		Controller: utils.TrueVal(),
+	}
+}
+
+func GenerateFfConfigMap(name string, namespace string, references []metav1.OwnerReference, spec FeatureFlagConfigurationSpec) corev1.ConfigMap {
+	return corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+			Annotations: map[string]string{
+				"openfeature.dev/featureflagconfiguration": name,
+			},
+			OwnerReferences: references,
+		},
+		Data: map[string]string{
+			"config.yaml": spec.FeatureFlagSpec,
+		},
+	}
+}

apis/core/v1alpha1/zz_generated.deepcopy.go

@@ -4,6 +4,4 @@ metadata:
   name: featureflagconfiguration-sample
 spec:
   featureFlagSpec: |
-    {
-      "foo" : "bar"
-    } 
+    {} 

config/samples/config_v1alpha1_featureflagconfiguration.yaml

@@ -19,4 +19,27 @@ spec:
       - name: nginx
         image: nginx:1.14.2
         ports:
-        - containerPort: 80
+        - containerPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment-2
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 5 # tells deployment to run 2 pods matching the template
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        openfeature.dev: "enabled"
+        openfeature.dev/featureflagconfiguration: "featureflagconfiguration-sample"
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80

config/samples/deployment-2.yaml

@@ -13,7 +13,7 @@ webhooks:
       namespace: system
       path: /mutate-v1-pod
   failurePolicy: Ignore
-  name: mpod.kb.io
+  name: mutate.openfeature.dev
   rules:
   - apiGroups:
     - ""
@@ -25,3 +25,30 @@ webhooks:
     resources:
     - pods
   sideEffects: NoneOnDryRun
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  creationTimestamp: null
+  name: validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-v1alpha1-featureflagconfiguration
+  failurePolicy: Fail
+  name: validate.featureflagconfiguration.openfeature.dev
+  rules:
+  - apiGroups:
+    - core.openfeature.dev
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - featureflagconfigurations
+  sideEffects: None

config/samples/deployment.yaml

@@ -18,21 +18,22 @@ package controllers
 
 import (
 	"context"
+	"time"
+
 	"github.com/go-logr/logr"
 	"github.com/open-feature/open-feature-operator/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/record"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
-	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	configv1alpha1 "github.com/open-feature/open-feature-operator/apis/core/v1alpha1"
+	corev1alpha1 "github.com/open-feature/open-feature-operator/apis/core/v1alpha1"
 )
 
 // FeatureFlagConfigurationReconciler reconciles a FeatureFlagConfiguration object
@@ -70,7 +71,7 @@ func (r *FeatureFlagConfigurationReconciler) Reconcile(ctx context.Context, req
 	r.Log = log.FromContext(ctx)
 	r.Log.Info("Reconciling" + crdName)
 
-	ffconf := &configv1alpha1.FeatureFlagConfiguration{}
+	ffconf := &corev1alpha1.FeatureFlagConfiguration{}
 	if err := r.Client.Get(ctx, req.NamespacedName, ffconf); err != nil {
 		if errors.IsNotFound(err) {
 			// taking down all associated K8s resources is handled by K8s
@@ -124,7 +125,7 @@ func (r *FeatureFlagConfigurationReconciler) Reconcile(ctx context.Context, req
 		// Append OwnerReference if not set
 		if !r.featureFlagResourceIsOwner(ffconf, cm) {
 			r.Log.Info("Setting owner reference for " + cm.Name)
-			cm.OwnerReferences = append(cm.OwnerReferences, utils.GetFfReference(ffconf))
+			cm.OwnerReferences = append(cm.OwnerReferences, corev1alpha1.GetFfReference(ffconf))
 			err := r.Client.Update(ctx, &cm)
 			if err != nil {
 				return r.finishReconcile(err, true)
@@ -138,7 +139,7 @@ func (r *FeatureFlagConfigurationReconciler) Reconcile(ctx context.Context, req
 		// Update ConfigMap Spec
 		r.Log.Info("Updating ConfigMap Spec " + cm.Name)
 		cm.Data = map[string]string{
-			"config.yaml": ffconf.Spec.FeatureFlagSpec,
+			"config.json": ffconf.Spec.FeatureFlagSpec,
 		}
 		err := r.Client.Update(ctx, &cm)
 		if err != nil {
@@ -148,9 +149,9 @@ func (r *FeatureFlagConfigurationReconciler) Reconcile(ctx context.Context, req
 
 	if !cmExists {
 		ffOwnerRefs := []metav1.OwnerReference{
-			utils.GetFfReference(ffconf),
+			corev1alpha1.GetFfReference(ffconf),
 		}
-		cm := utils.GenerateFfConfigMap(ffconf.Name, ffconf.Namespace, ffOwnerRefs, ffconf.Spec)
+		cm := corev1alpha1.GenerateFfConfigMap(ffconf.Name, ffconf.Namespace, ffOwnerRefs, ffconf.Spec)
 
 		podList := &corev1.PodList{}
 		if err := r.List(ctx, podList); err != nil {
@@ -178,7 +179,7 @@ func (r *FeatureFlagConfigurationReconciler) Reconcile(ctx context.Context, req
 // SetupWithManager sets up the controller with the Manager.
 func (r *FeatureFlagConfigurationReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
-		For(&configv1alpha1.FeatureFlagConfiguration{}).
+		For(&corev1alpha1.FeatureFlagConfiguration{}).
 		Owns(&corev1.ConfigMap{}).
 		Complete(r)
 }
@@ -200,9 +201,9 @@ func (r *FeatureFlagConfigurationReconciler) finishReconcile(err error, requeueI
 	return ctrl.Result{Requeue: true, RequeueAfter: interval}, nil
 }
 
-func (r *FeatureFlagConfigurationReconciler) featureFlagResourceIsOwner(ff *configv1alpha1.FeatureFlagConfiguration, cm corev1.ConfigMap) bool {
+func (r *FeatureFlagConfigurationReconciler) featureFlagResourceIsOwner(ff *corev1alpha1.FeatureFlagConfiguration, cm corev1.ConfigMap) bool {
 	for _, cmOwner := range cm.OwnerReferences {
-		if cmOwner.UID == utils.GetFfReference(ff).UID {
+		if cmOwner.UID == corev1alpha1.GetFfReference(ff).UID {
 			return true
 		}
 	}

config/webhook/manifests.yaml

@@ -6,6 +6,7 @@ require (
 	github.com/go-logr/logr v1.2.0
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.17.0
+	github.com/xeipuuv/gojsonschema v1.2.0
 	k8s.io/api v0.23.0
 	k8s.io/apimachinery v0.23.0
 	k8s.io/client-go v0.23.0
@@ -47,6 +48,8 @@ require (
 	github.com/prometheus/procfs v0.6.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/testify v1.7.1 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.1 // indirect
@@ -73,4 +76,4 @@ require (
 	sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
-)
+)

controllers/featureflagconfiguration_controller.go

@@ -478,6 +478,12 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=