feat: add support for multiple CRs per namespace

Signed-off-by: Kevin Conner <[email protected]>

Author: knrc

README.md

@@ -108,7 +108,7 @@ The project is at an early stage and therefore has some limitations.
 
 - There is no validation or defaulting for the custom resource.
 - The validation is namespace scoped and cannot be used across multiple namespaces.
-- No more than one validation resource can be used per namespace.
+
 - There are no status fields for the custom resource.
 - The model and signature path must be specified, there is no auto discovery.
 - TLS certificates used by the webhook are self generated.
@@ -131,7 +131,7 @@ spec:
     signaturePath: /data/tensorflow_saved_model/model.sig
 ```
 
-All pods in the namespace where the custom resource exists that have this label `validation.ml.sigstore.dev/ml: "true"` will be validated.
+Pods in the namespace that have the label `validation.ml.sigstore.dev/ml: "<modelvalidation-cr-name>"` will be validated using the specified ModelValidation CR.
 It should be noted that this does not apply to subsequently labeled pods.
 
 ```diff
@@ -140,7 +140,7 @@ kind: Pod
 metadata:
   name: whatever-workload
 +  labels:
-+    validation.ml.sigstore.dev/ml: "true"
++    validation.ml.sigstore.dev/ml: "demo"
 spec:
   restartPolicy: Never
   containers:

config/components/webhook/kustomization.yaml

@@ -30,8 +30,9 @@ patches:
     - op: add
       path: /webhooks/0/objectSelector
       value:
-        matchLabels:
-          validation.ml.sigstore.dev/ml: "true"
+        matchExpressions:
+        - key: "validation.ml.sigstore.dev/ml"
+          operator: Exists
   target:
     kind: MutatingWebhookConfiguration
     name: mutating-webhook-configuration

config/rbac/role.yaml

@@ -4,6 +4,14 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ml.sigstore.dev
   resources:

examples/unsigned.yaml

@@ -21,7 +21,7 @@ kind: Pod
 metadata:
   name: ollama
   labels:
-    validation.ml.sigstore.dev/ml: "true"
+    validation.ml.sigstore.dev/ml: "example"
 spec:
   containers:
   - name: ollama

examples/verify.yaml

@@ -23,7 +23,7 @@ kind: Pod
 metadata:
   name: whatever-workload
   labels:
-    validation.ml.sigstore.dev/ml: "true"
+    validation.ml.sigstore.dev/ml: "oss-na24-slasa-workshop"
 spec:
 #  restartPolicy: Never
   containers:

internal/constants/labels.go

@@ -0,0 +1,15 @@
+package constants
+
+const (
+	// ModelValidationDomain is the domain used for model validation labels
+	ModelValidationDomain = "validation.ml.sigstore.dev"
+
+	// ModelValidationLabel is the label used to enable model validation for a pod
+	ModelValidationLabel = ModelValidationDomain + "/ml"
+
+	// IgnoreNamespaceLabel is the label used to ignore a namespace for model validation
+	IgnoreNamespaceLabel = ModelValidationDomain + "/ignore"
+
+	// ModelValidationInitContainerName is the name of the init container injected for model validation
+	ModelValidationInitContainerName = "model-validation"
+)

internal/webhooks/pod_webhook.go

@@ -30,6 +30,7 @@ func NewPodInterceptor(c client.Client, decoder admission.Decoder) webhook.Admis
 
 // +kubebuilder:rbac:groups=ml.sigstore.dev,resources=modelvalidations,verbs=get;list;watch
 // +kubebuilder:rbac:groups=ml.sigstore.dev,resources=modelvalidations/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch
 
 // podInterceptor extends pods with Model Validation Init-Container if annotation is specified.
 type podInterceptor struct {
@@ -54,36 +55,31 @@ func (p *podInterceptor) Handle(ctx context.Context, req admission.Request) admi
 		logger.Error(err, "failed to get namespace")
 		return admission.Errored(http.StatusInternalServerError, err)
 	}
-	if ns.Labels["validation.ml.sigstore.dev/ignore"] == "true" {
+	if ns.Labels[constants.IgnoreNamespaceLabel] == "true" {
 		logger.Info("Namespace has ignore label, skipping", "namespace", req.Namespace)
 		return admission.Allowed("namespace ignored")
 	}
 
 	logger.Info("Checking pod labels", "labels", pod.Labels)
-	if v := pod.Labels["validation.ml.sigstore.dev/ml"]; v != "true" {
-		logger.Info("Validation label not found or not true", "value", v)
-		return admission.Allowed("no annotation found, no action needed")
+	modelValidationName, ok := pod.Labels[constants.ModelValidationLabel]
+	if !ok || modelValidationName == "" {
+		logger.Info("ModelValidation label not found or empty, skipping injection")
+		return admission.Allowed("no ModelValidation label found, no action needed")
 	}
-	logger.Info("Validation label found, proceeding with injection")
+	logger.Info("ModelValidation label found, proceeding with injection", "modelValidationName", modelValidationName)
 
-	logger.Info("Search associated Model Validation CR", "pod", pod.Name, "namespace", pod.Namespace)
-	rhmvList := &v1alpha1.ModelValidationList{}
-	if err := p.client.List(ctx, rhmvList); err != nil {
-		msg := "failed to get the ModelValidation Spec, skipping injection"
+	logger.Info("Search associated Model Validation CR", "pod", pod.Name, "namespace", pod.Namespace,
+		"modelValidationName", modelValidationName)
+	rhmv := &v1alpha1.ModelValidation{}
+	err := p.client.Get(ctx, client.ObjectKey{Name: modelValidationName, Namespace: pod.Namespace}, rhmv)
+	if err != nil {
+		msg := fmt.Sprintf("failed to get the ModelValidation CR %s/%s", pod.Namespace, modelValidationName)
 		logger.Error(err, msg)
-		return admission.Errored(http.StatusNotFound, err)
+		return admission.Errored(http.StatusBadRequest, err) // Fail deployment if CR not found
 	}
-
-	got := len(rhmvList.Items)
-	if got != 1 {
-		err := fmt.Errorf("got no or to many specs, expect: 1, got: %d", got)
-		logger.Error(err, "skip injection")
-		return admission.Errored(http.StatusBadRequest, err)
-	}
-	rhmv := rhmvList.Items[0]
 	// NOTE: check if validation sidecar is already injected. Then no action needed.
 	for _, c := range pod.Spec.InitContainers {
-		if c.Name == modelValidationInitContainerName {
+		if c.Name == constants.ModelValidationInitContainerName {
 			return admission.Allowed("validation exists, no action needed")
 		}
 	}
@@ -98,7 +94,7 @@ func (p *podInterceptor) Handle(ctx context.Context, req admission.Request) admi
 		vm = append(vm, c.VolumeMounts...)
 	}
 	pp.Spec.InitContainers = append(pp.Spec.InitContainers, corev1.Container{
-		Name:            modelValidationInitContainerName,
+		Name:            constants.ModelValidationInitContainerName,
 		ImagePullPolicy: corev1.PullAlways,
 		Image:           constants.ModelTransparencyCliImage,
 		Command:         []string{"/usr/local/bin/model_signing"},
@@ -149,5 +145,3 @@ func validationConfigToArgs(logger logr.Logger, cfg v1alpha1.ValidationConfig, s
 	logger.Info("missing validation config")
 	return []string{}
 }
-
-const modelValidationInitContainerName = "model-validation"

internal/webhooks/pod_webhook_test.go

@@ -71,7 +71,7 @@ var _ = Describe("Pod webhook", func() {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      Name,
 					Namespace: Namespace,
-					Labels:    map[string]string{"validation.ml.sigstore.dev/ml": "true"},
+					Labels:    map[string]string{constants.ModelValidationLabel: Name},
 				},
 				Spec: corev1.PodSpec{
 					Containers: []corev1.Container{

test/e2e/e2e_suite_test.go

@@ -42,6 +42,14 @@ var (
 	projectImage = "ghcr.io/sigstore/model-validation-operator:v0.0.1"
 )
 
+const (
+	// operatorNamespace is the namespace where the project is deployed in
+	operatorNamespace = "model-validation-operator-system"
+
+	// webhookTestNamespace is the namespace for webhook tests
+	webhookTestNamespace = "e2e-webhook-test-ns"
+)
+
 // TestE2E runs the end-to-end (e2e) test suite for the project. These tests execute in an isolated,
 // temporary environment to validate project changes with the purposed to be used in CI jobs.
 // The default setup requires Kind, builds/loads the Manager Docker image locally, and installs