improve run CR's create validation (#22)

shirmoran · web-flow · commit a78b1ef60049 · 2024-03-04T16:52:07.000+02:00
This improvement adds the following validations:

**ConfigMap field:**
- checks that "configMapName" field is not empty.
- checks that the configMap exists.
- check that the configMap has "data.tnf_config.yaml" field, whose value
is not empty.

**Secret field:** changed to *string (optional) in the CRD spec.
Validation checks:
-   If it's nil,  return.
-   If it's not nil:
    -   Check that it's not an empty string.
    -   Check that the secret exists.
- Check that the secret has "data.preflight_dockerconfig.json" field,
whose value is not empty.
diff --git a/api/v1alpha1/cnfcertificationsuiterun_types.go b/api/v1alpha1/cnfcertificationsuiterun_types.go
@@ -38,7 +38,7 @@ type CnfCertificationSuiteRunSpec struct {
 	// ConfigMapName holds the cnf certification suite yaml config.
 	ConfigMapName string `json:"configMapName"`
 	// PreflightSecretName holds the secret name for preflight's dockerconfig.
-	PreflightSecretName string `json:"preflightSecretName"`
+	PreflightSecretName *string `json:"preflightSecretName,omitempty"`
 }
 
 // CnfCertificationSuiteRunStatus defines the observed state of CnfCertificationSuiteRun
diff --git a/api/v1alpha1/cnfcertificationsuiterun_webhook.go b/api/v1alpha1/cnfcertificationsuiterun_webhook.go
@@ -40,6 +40,8 @@ var (
 	configMapLoggerKey       = "configMapName"
 	preflightSecretLoggerKey = "preflightSecretName"
 	logLevelLoggerKey        = "logLevel"
+	namespaceLoggerKey       = "ns"
+	cnfCertSuiteRunLoggerKey = "cnfCertificationSuiteRun"
 )
 
 func (r *CnfCertificationSuiteRun) SetupWebhookWithManager(mgr ctrl.Manager) error {
@@ -97,25 +99,60 @@ func (r *CnfCertificationSuiteRun) ValidateCreate() error {
 
 func (r *CnfCertificationSuiteRun) validateConfigMap() error {
 	configMap := &v1.ConfigMap{}
+
+	if r.Spec.ConfigMapName == "" {
+		err := fmt.Errorf("spec.configMapName must not be an empty string")
+		logger.Error(err, "CnfCertificationSuiteRun's config map name is invalid",
+			configMapLoggerKey, r.Spec.ConfigMapName, namespaceLoggerKey, r.Namespace)
+		return err
+	}
+
+	// Return an error if config map is not found by name and ns, or field is empty
 	err := c.Get(context.TODO(), types.NamespacedName{Name: r.Spec.ConfigMapName, Namespace: r.Namespace}, configMap)
 	if err != nil {
 		logger.Error(err, "CnfCertificationSuiteRun's config map name field is invalid",
-			configMapLoggerKey, r.Spec.ConfigMapName)
+			configMapLoggerKey, r.Spec.ConfigMapName, namespaceLoggerKey, r.Namespace)
 		return err
 	}
-	logger.Info("CnfCertificationSuiteRun's config map name field is valid", configMapLoggerKey, configMap.Name)
-	return err
+
+	// Verify required field exists and that it's not empty
+	if value, exists := configMap.Data["tnf_config.yaml"]; !exists || value == "" {
+		err := fmt.Errorf("config map's 'tnf_config.yaml' field must be set with a non-empty and valid configuration yaml for the CNF Certification Suite")
+		logger.Error(err, "CnfCertificationSuiteRun's config map is invalid",
+			configMapLoggerKey, r.Spec.ConfigMapName, namespaceLoggerKey, r.Namespace)
+		return err
+	}
+
+	logger.Info("CnfCertificationSuiteRun's config map field is valid", configMapLoggerKey, configMap.Name, namespaceLoggerKey, r.Namespace)
+	return nil
 }
 
 func (r *CnfCertificationSuiteRun) validatePreflightSecret() error {
 	preflightSecret := &v1.Secret{}
-	err := c.Get(context.TODO(), types.NamespacedName{Name: r.Spec.PreflightSecretName, Namespace: r.Namespace}, preflightSecret)
+
+	// Nil Preflight Secret is valid
+	if r.Spec.PreflightSecretName == nil {
+		logger.Info("Warning: No preflight secret was set.", cnfCertSuiteRunLoggerKey, r.Name, namespaceLoggerKey, r.Namespace)
+		return nil
+	}
+
+	// Return an error if preflight secret is not found by name and ns, or field is empty
+	err := c.Get(context.TODO(), types.NamespacedName{Name: *r.Spec.PreflightSecretName, Namespace: r.Namespace}, preflightSecret)
 	if err != nil {
 		logger.Error(err, "CnfCertificationSuiteRun's preflight secret name field is invalid",
-			preflightSecretLoggerKey, r.Spec.PreflightSecretName)
+			preflightSecretLoggerKey, r.Spec.PreflightSecretName, namespaceLoggerKey, r.Namespace)
 		return err
 	}
-	logger.Info("CnfCertificationSuiteRun's preflight secret name field is valid", preflightSecretLoggerKey, preflightSecret.Name)
+
+	// Verify required field exists and that it's not empty
+	if value, exists := preflightSecret.Data["preflight_dockerconfig.json"]; !exists || value == nil {
+		err := fmt.Errorf("preflight secret's 'preflight_dockerconfig.json' field must be set with a valid docker config json content")
+		logger.Error(err, "CnfCertificationSuiteRun's preflight secret is invalid",
+			configMapLoggerKey, r.Spec.ConfigMapName, namespaceLoggerKey, r.Namespace)
+		return err
+	}
+
+	logger.Info("CnfCertificationSuiteRun's preflight secret field is valid", preflightSecretLoggerKey, preflightSecret.Name, namespaceLoggerKey, r.Namespace)
 	return nil
 }
 
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/cnf-certifications.redhat.com_cnfcertificationsuiteruns.yaml b/config/crd/bases/cnf-certifications.redhat.com_cnfcertificationsuiteruns.yaml
@@ -67,7 +67,6 @@ spec:
             - configMapName
             - labelsFilter
             - logLevel
-            - preflightSecretName
             - timeout
             type: object
           status:
diff --git a/controllers/cnf-cert-job/cnfcertjob.go b/controllers/cnf-cert-job/cnfcertjob.go
@@ -100,11 +100,6 @@ func newInitialJobPod() *corev1.Pod {
 							ReadOnly:  true,
 							MountPath: definitions.CnfCnfCertSuiteConfigFolder,
 						},
-						{
-							Name:      "cnf-certsuite-preflight-dockerconfig",
-							ReadOnly:  true,
-							MountPath: definitions.CnfPreflightConfigFolder,
-						},
 					},
 				},
 			},
@@ -199,17 +194,29 @@ func WithConfigMap(configMapName string) func(*corev1.Pod) error {
 	}
 }
 
-func WithPreflightSecret(preflightSecretName string) func(*corev1.Pod) error {
+func WithPreflightSecret(preflightSecretName *string) func(*corev1.Pod) error {
 	return func(p *corev1.Pod) error {
+		if preflightSecretName == nil {
+			return nil
+		}
+
 		Volume := corev1.Volume{
 			Name: "cnf-certsuite-preflight-dockerconfig",
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
-					SecretName: preflightSecretName,
+					SecretName: *preflightSecretName,
 				},
 			},
 		}
 		p.Spec.Volumes = append(p.Spec.Volumes, Volume)
+
+		cnfCertCuiteContainer := getCnfCertSuiteContainer(p)
+		volumeMount := corev1.VolumeMount{
+			Name:      "cnf-certsuite-preflight-dockerconfig",
+			ReadOnly:  true,
+			MountPath: definitions.CnfPreflightConfigFolder,
+		}
+		cnfCertCuiteContainer.VolumeMounts = append(cnfCertCuiteContainer.VolumeMounts, volumeMount)
 		return nil
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ type CnfCertificationSuiteRunSpec struct {`
`38`	`38`	`// ConfigMapName holds the cnf certification suite yaml config.`
`39`	`39`	ConfigMapName string `json:"configMapName"`
`40`	`40`	`// PreflightSecretName holds the secret name for preflight's dockerconfig.`
`41`		- PreflightSecretName string `json:"preflightSecretName"`
	`41`	+ PreflightSecretName *string `json:"preflightSecretName,omitempty"`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`// CnfCertificationSuiteRunStatus defines the observed state of CnfCertificationSuiteRun`