mirror of
https://github.com/kubevirt/containerized-data-importer.git
synced 2025-06-03 06:30:22 +00:00
ab8b9c025e
* Handle labels length correctly Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Handle service name generation correctly Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Remove not needed labels Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Store import pod name in annotation Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Enable long DV name Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Handle name with dot when creating service/label name Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Test long names on import, upload and clone Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Store upload pod name in annotation Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Store importer scratch pvc name in annotation Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Quick fix for tests (need improvements) Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Cleanup handling scratch name Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Ensure pod/service name conflicts are handled Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Handle client errors when trying to get the import pod Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Style improvements, and other code review fixes. Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Store clone source pod name in an annotation Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Correct name initialization and tests Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Do not init name if pod already exists. It is not needed. The situation of having a pod but not name on annotation can happen after the upgrade, when we have a legacy pvc and pod already existing, but clone operation not finished. But when we already have the pod, then in the code (currently) we do not need the name from annotation. Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Cleanup scratch name handling Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Use constant for max dv name in validation Signed-off-by: Bartosz Rybacki <brybacki@redhat.com> * Simplify clone source pod name initialization Signed-off-by: Bartosz Rybacki <brybacki@redhat.com>
397 lines
13 KiB
Go
397 lines
13 KiB
Go
/*
|
|
* This file is part of the CDI project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* Copyright 2019 Red Hat, Inc.
|
|
*
|
|
*/
|
|
|
|
package webhooks
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
|
|
. "github.com/onsi/ginkgo"
|
|
. "github.com/onsi/gomega"
|
|
|
|
"k8s.io/api/admission/v1beta1"
|
|
corev1 "k8s.io/api/core/v1"
|
|
k8sv1 "k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/api/resource"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
fakeclient "k8s.io/client-go/kubernetes/fake"
|
|
|
|
cdicorev1alpha1 "kubevirt.io/containerized-data-importer/pkg/apis/core/v1alpha1"
|
|
)
|
|
|
|
var _ = Describe("Validating Webhook", func() {
|
|
Context("with DataVolume admission review", func() {
|
|
It("should accept DataVolume with HTTP source on create", func() {
|
|
dataVolume := newHTTPDataVolume("testDV", "http://www.example.com")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
})
|
|
|
|
It("should reject DataVolume when target pvc exists", func() {
|
|
dataVolume := newPVCDataVolume("testDV", "testNamespace", "test")
|
|
pvc := &corev1.PersistentVolumeClaim{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: dataVolume.Name,
|
|
Namespace: dataVolume.Namespace,
|
|
},
|
|
Spec: *dataVolume.Spec.PVC,
|
|
}
|
|
resp := validateDataVolumeCreate(dataVolume, pvc)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should accept DataVolume with Registry source on create", func() {
|
|
dataVolume := newRegistryDataVolume("testDV", "docker://registry:5000/test")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
})
|
|
|
|
It("should accept DataVolume with PVC source on create", func() {
|
|
dataVolume := newPVCDataVolume("testDV", "testNamespace", "test")
|
|
pvc := &corev1.PersistentVolumeClaim{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: dataVolume.Spec.Source.PVC.Name,
|
|
Namespace: dataVolume.Spec.Source.PVC.Namespace,
|
|
},
|
|
Spec: *dataVolume.Spec.PVC,
|
|
}
|
|
resp := validateDataVolumeCreate(dataVolume, pvc)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
})
|
|
|
|
It("should accept DataVolume with PVC initialized create", func() {
|
|
dataVolume := newHTTPDataVolume("testDV", "http://www.example.com")
|
|
pvc := &corev1.PersistentVolumeClaim{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: dataVolume.Name,
|
|
Namespace: dataVolume.Namespace,
|
|
Annotations: map[string]string{
|
|
"cdi.kubevirt.io/storage.populatedFor": dataVolume.Name,
|
|
},
|
|
},
|
|
Spec: *dataVolume.Spec.PVC,
|
|
}
|
|
resp := validateDataVolumeCreate(dataVolume, pvc)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
})
|
|
|
|
It("should reject DataVolume with PVC source on create if PVC does not exist", func() {
|
|
dataVolume := newPVCDataVolume("testDV", "testNamespace", "test")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should reject invalid DataVolume source PVC namespace on create", func() {
|
|
dataVolume := newPVCDataVolume("testDV", "", "test")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should reject invalid DataVolume source PVC name on create", func() {
|
|
dataVolume := newPVCDataVolume("testDV", "testNamespace", "")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should reject DataVolume with name length greater than 253 characters", func() {
|
|
longName := "the-name-length-of-this-datavolume-is-greater-then-253-characters" +
|
|
"123456789-123456789-123456789-123456789-123456789-123456789-123456789-123456789-123456789-123456789-" +
|
|
"123456789-123456789-123456789-123456789-123456789-123456789-123456789-123456789-123456789-123456789"
|
|
dataVolume := newHTTPDataVolume(
|
|
longName,
|
|
"http://www.example.com")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should reject DataVolume source with invalid URL on create", func() {
|
|
dataVolume := newHTTPDataVolume("testDV", "invalidurl")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should reject DataVolume with multiple sources on create", func() {
|
|
dataVolume := newDataVolumeWithMultipleSources("testDV")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should reject DataVolume with empty PVC create", func() {
|
|
dataVolume := newDataVolumeWithEmptyPVCSpec("testDV", "http://www.example.com")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should reject DataVolume with PVC size 0", func() {
|
|
dataVolume := newDataVolumeWithPVCSizeZero("testDV", "http://www.example.com")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should accept DataVolume with Blank source and no content type", func() {
|
|
dataVolume := newBlankDataVolume("blank")
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
|
|
})
|
|
|
|
It("should accept DataVolume with Blank source and kubevirt contentType", func() {
|
|
dataVolume := newBlankDataVolume("blank")
|
|
dataVolume.Spec.ContentType = cdicorev1alpha1.DataVolumeKubeVirt
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
|
|
})
|
|
|
|
It("should reject DataVolume with Blank source and archive contentType", func() {
|
|
dataVolume := newBlankDataVolume("blank")
|
|
dataVolume.Spec.ContentType = cdicorev1alpha1.DataVolumeArchive
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
|
|
})
|
|
|
|
It("should reject DataVolume with invalid contentType", func() {
|
|
dataVolume := newHTTPDataVolume("testDV", "http://www.example.com")
|
|
dataVolume.Spec.ContentType = "invalid"
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
|
|
})
|
|
|
|
It("should accept DataVolume with archive contentType", func() {
|
|
dataVolume := newHTTPDataVolume("testDV", "http://www.example.com")
|
|
dataVolume.Spec.ContentType = cdicorev1alpha1.DataVolumeArchive
|
|
resp := validateDataVolumeCreate(dataVolume)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
|
|
})
|
|
|
|
It("should reject invalid DataVolume spec update", func() {
|
|
newDataVolume := newPVCDataVolume("testDV", "newNamespace", "testName")
|
|
newBytes, _ := json.Marshal(&newDataVolume)
|
|
|
|
oldDataVolume := newDataVolume.DeepCopy()
|
|
oldDataVolume.Spec.Source.PVC.Namespace = "oldNamespace"
|
|
oldBytes, _ := json.Marshal(oldDataVolume)
|
|
|
|
ar := &v1beta1.AdmissionReview{
|
|
Request: &v1beta1.AdmissionRequest{
|
|
Operation: v1beta1.Update,
|
|
Resource: metav1.GroupVersionResource{
|
|
Group: cdicorev1alpha1.SchemeGroupVersion.Group,
|
|
Version: cdicorev1alpha1.SchemeGroupVersion.Version,
|
|
Resource: "datavolumes",
|
|
},
|
|
Object: runtime.RawExtension{
|
|
Raw: newBytes,
|
|
},
|
|
OldObject: runtime.RawExtension{
|
|
Raw: oldBytes,
|
|
},
|
|
},
|
|
}
|
|
|
|
resp := validateAdmissionReview(ar)
|
|
Expect(resp.Allowed).To(Equal(false))
|
|
})
|
|
|
|
It("should accept object meta update", func() {
|
|
newDataVolume := newPVCDataVolume("testDV", "newNamespace", "testName")
|
|
newBytes, _ := json.Marshal(&newDataVolume)
|
|
|
|
oldDataVolume := newDataVolume.DeepCopy()
|
|
oldDataVolume.Annotations = map[string]string{"foo": "bar"}
|
|
oldBytes, _ := json.Marshal(oldDataVolume)
|
|
|
|
ar := &v1beta1.AdmissionReview{
|
|
Request: &v1beta1.AdmissionRequest{
|
|
Operation: v1beta1.Update,
|
|
Resource: metav1.GroupVersionResource{
|
|
Group: cdicorev1alpha1.SchemeGroupVersion.Group,
|
|
Version: cdicorev1alpha1.SchemeGroupVersion.Version,
|
|
Resource: "datavolumes",
|
|
},
|
|
Object: runtime.RawExtension{
|
|
Raw: newBytes,
|
|
},
|
|
OldObject: runtime.RawExtension{
|
|
Raw: oldBytes,
|
|
},
|
|
},
|
|
}
|
|
|
|
resp := validateAdmissionReview(ar)
|
|
Expect(resp.Allowed).To(Equal(true))
|
|
})
|
|
})
|
|
})
|
|
|
|
func newHTTPDataVolume(name, url string) *cdicorev1alpha1.DataVolume {
|
|
httpSource := cdicorev1alpha1.DataVolumeSource{
|
|
HTTP: &cdicorev1alpha1.DataVolumeSourceHTTP{URL: url},
|
|
}
|
|
pvc := newPVCSpec(5, "M")
|
|
return newDataVolume(name, httpSource, pvc)
|
|
}
|
|
|
|
func newRegistryDataVolume(name, url string) *cdicorev1alpha1.DataVolume {
|
|
registrySource := cdicorev1alpha1.DataVolumeSource{
|
|
Registry: &cdicorev1alpha1.DataVolumeSourceRegistry{URL: url},
|
|
}
|
|
pvc := newPVCSpec(5, "M")
|
|
return newDataVolume(name, registrySource, pvc)
|
|
}
|
|
|
|
func newBlankDataVolume(name string) *cdicorev1alpha1.DataVolume {
|
|
blankSource := cdicorev1alpha1.DataVolumeSource{
|
|
Blank: &cdicorev1alpha1.DataVolumeBlankImage{},
|
|
}
|
|
pvc := newPVCSpec(5, "M")
|
|
return newDataVolume(name, blankSource, pvc)
|
|
}
|
|
|
|
func newPVCDataVolume(name, pvcNamespace, pvcName string) *cdicorev1alpha1.DataVolume {
|
|
pvcSource := cdicorev1alpha1.DataVolumeSource{
|
|
PVC: &cdicorev1alpha1.DataVolumeSourcePVC{
|
|
Namespace: pvcNamespace,
|
|
Name: pvcName,
|
|
},
|
|
}
|
|
pvc := newPVCSpec(5, "M")
|
|
return newDataVolume(name, pvcSource, pvc)
|
|
}
|
|
|
|
func newDataVolumeWithEmptyPVCSpec(name, url string) *cdicorev1alpha1.DataVolume {
|
|
|
|
httpSource := cdicorev1alpha1.DataVolumeSource{
|
|
HTTP: &cdicorev1alpha1.DataVolumeSourceHTTP{URL: url},
|
|
}
|
|
|
|
return newDataVolume(name, httpSource, nil)
|
|
}
|
|
|
|
func newDataVolumeWithMultipleSources(name string) *cdicorev1alpha1.DataVolume {
|
|
source := cdicorev1alpha1.DataVolumeSource{
|
|
HTTP: &cdicorev1alpha1.DataVolumeSourceHTTP{URL: "http://www.example.com"},
|
|
S3: &cdicorev1alpha1.DataVolumeSourceS3{URL: "http://s3.examples3.com"},
|
|
}
|
|
pvc := newPVCSpec(5, "M")
|
|
|
|
return newDataVolume(name, source, pvc)
|
|
}
|
|
|
|
func newDataVolumeWithPVCSizeZero(name, url string) *cdicorev1alpha1.DataVolume {
|
|
|
|
httpSource := cdicorev1alpha1.DataVolumeSource{
|
|
HTTP: &cdicorev1alpha1.DataVolumeSourceHTTP{URL: url},
|
|
}
|
|
pvc := newPVCSpec(0, "M")
|
|
|
|
return newDataVolume(name, httpSource, pvc)
|
|
}
|
|
|
|
func newDataVolume(name string, source cdicorev1alpha1.DataVolumeSource, pvc *corev1.PersistentVolumeClaimSpec) *cdicorev1alpha1.DataVolume {
|
|
namespace := k8sv1.NamespaceDefault
|
|
dv := &cdicorev1alpha1.DataVolume{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
Namespace: namespace,
|
|
SelfLink: fmt.Sprintf("/apis/%s/namespaces/%s/datavolumes/%s", cdicorev1alpha1.SchemeGroupVersion.String(), namespace, name),
|
|
},
|
|
TypeMeta: metav1.TypeMeta{
|
|
APIVersion: cdicorev1alpha1.SchemeGroupVersion.String(),
|
|
Kind: "DataVolume",
|
|
},
|
|
Status: cdicorev1alpha1.DataVolumeStatus{},
|
|
Spec: cdicorev1alpha1.DataVolumeSpec{
|
|
Source: source,
|
|
PVC: pvc,
|
|
},
|
|
}
|
|
|
|
return dv
|
|
|
|
}
|
|
|
|
func newPVCSpec(sizeValue int64, sizeFormat resource.Format) *corev1.PersistentVolumeClaimSpec {
|
|
requests := make(map[corev1.ResourceName]resource.Quantity)
|
|
requests["storage"] = *resource.NewQuantity(sizeValue, sizeFormat)
|
|
|
|
pvc := &corev1.PersistentVolumeClaimSpec{
|
|
AccessModes: []corev1.PersistentVolumeAccessMode{
|
|
corev1.ReadWriteOnce,
|
|
},
|
|
Resources: corev1.ResourceRequirements{
|
|
Requests: requests,
|
|
},
|
|
}
|
|
return pvc
|
|
}
|
|
|
|
func validateDataVolumeCreate(dv *cdicorev1alpha1.DataVolume, objects ...runtime.Object) *v1beta1.AdmissionResponse {
|
|
client := fakeclient.NewSimpleClientset(objects...)
|
|
wh := NewDataVolumeValidatingWebhook(client)
|
|
|
|
dvBytes, _ := json.Marshal(dv)
|
|
ar := &v1beta1.AdmissionReview{
|
|
Request: &v1beta1.AdmissionRequest{
|
|
Operation: v1beta1.Create,
|
|
Resource: metav1.GroupVersionResource{
|
|
Group: cdicorev1alpha1.SchemeGroupVersion.Group,
|
|
Version: cdicorev1alpha1.SchemeGroupVersion.Version,
|
|
Resource: "datavolumes",
|
|
},
|
|
Object: runtime.RawExtension{
|
|
Raw: dvBytes,
|
|
},
|
|
},
|
|
}
|
|
|
|
return serve(ar, wh)
|
|
}
|
|
|
|
func validateAdmissionReview(ar *v1beta1.AdmissionReview, objects ...runtime.Object) *v1beta1.AdmissionResponse {
|
|
client := fakeclient.NewSimpleClientset(objects...)
|
|
wh := NewDataVolumeValidatingWebhook(client)
|
|
return serve(ar, wh)
|
|
}
|
|
|
|
func serve(ar *v1beta1.AdmissionReview, handler http.Handler) *v1beta1.AdmissionResponse {
|
|
reqBytes, _ := json.Marshal(ar)
|
|
req, err := http.NewRequest("POST", "/foobar", bytes.NewReader(reqBytes))
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
rr := httptest.NewRecorder()
|
|
handler.ServeHTTP(rr, req)
|
|
|
|
var response v1beta1.AdmissionReview
|
|
err = json.NewDecoder(rr.Body).Decode(&response)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
return response.Response
|
|
}
|