Add image validation for opestack machine

Signed-off-by: smoshiur1237 <[email protected]>

Author: smoshiur1237

api/v1beta1/types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
+	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/utils/ptr"
 
 	"sigs.k8s.io/cluster-api-provider-openstack/pkg/utils/optional"
@@ -75,6 +76,24 @@ func (f *ImageFilter) IsZero() bool {
 	return f.Name == nil && len(f.Tags) == 0
 }
 
+// Validate performs validation on [ImageParam], returning a list of field errors using the provided base path.
+// It is intended to be used in the validation webhooks of resources containing [ImageParam].
+func (i *ImageParam) Validate(base field.Path) field.ErrorList {
+	var errors field.ErrorList
+	// Not possible to validate the image if it is missing
+	if i == nil {
+		errors = append(errors, field.Required(&base, "Image is required"))
+		return errors
+	}
+	if i.Filter.Name == nil || i.Filter.Tags == nil {
+		errors = append(errors, field.Required(base.Child("Image filter"), "Either Name or Tags of image are missing"))
+	}
+	if i.ImageRef.Name == "" {
+		errors = append(errors, field.Required(base.Child("ORC image Referecne"), "ORC image is missing"))
+	}
+	return errors
+}
+
 type ExternalRouterIPParam struct {
 	// The FixedIP in the corresponding subnet
 	FixedIP string `json:"fixedIP,omitempty"`

pkg/webhooks/openstackmachine_webhook.go

@@ -48,7 +48,7 @@ type openStackMachineWebhook struct{}
 var _ webhook.CustomValidator = &openStackMachineWebhook{}
 
 // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackMachineWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackMachineWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
 	var allErrs field.ErrorList
 	newObj, err := castToOpenStackMachine(objRaw)
 	if err != nil {
@@ -68,12 +68,13 @@ func (*openStackMachineWebhook) ValidateCreate(_ context.Context, objRaw runtime
 			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "ports"), "cannot have security groups when DisablePortSecurity is set to true"))
 		}
 	}
+	webhook.validate(newObj)
 
 	return aggregateObjErrors(newObj.GroupVersionKind().GroupKind(), newObj.Name, allErrs)
 }
 
 // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackMachineWebhook) ValidateUpdate(_ context.Context, oldObjRaw, newObjRaw runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackMachineWebhook) ValidateUpdate(_ context.Context, oldObjRaw, newObjRaw runtime.Object) (admission.Warnings, error) {
 	newObj, err := castToOpenStackMachine(newObjRaw)
 	if err != nil {
 		return nil, err
@@ -117,11 +118,13 @@ func (*openStackMachineWebhook) ValidateUpdate(_ context.Context, oldObjRaw, new
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "cannot be modified"))
 	}
 
+	webhook.validate(newObj)
+
 	return aggregateObjErrors(newObj.GroupVersionKind().GroupKind(), newObj.Name, allErrs)
 }
 
 // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackMachineWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackMachineWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
@@ -132,3 +135,14 @@ func castToOpenStackMachine(obj runtime.Object) (*infrav1.OpenStackMachine, erro
 	}
 	return cast, nil
 }
+
+func (webhook *openStackMachineWebhook) validate(newObj *infrav1.OpenStackMachine) error {
+	var allErrs field.ErrorList
+
+	allErrs = append(allErrs, newObj.Spec.Image.Validate(*field.NewPath("Spec", "Image"))...)
+
+	if len(allErrs) == 0 {
+		return nil
+	}
+	return apierrors.NewInvalid(infrav1.SchemeGroupVersion.WithKind("OpenStackMachine").GroupKind(), newObj.Name, allErrs)
+}

pkg/webhooks/openstackmachinetemplate_webhook.go

@@ -48,7 +48,7 @@ type openStackMachineTemplateWebhook struct{}
 var _ webhook.CustomValidator = &openStackMachineTemplateWebhook{}
 
 // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackMachineTemplateWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackMachineTemplateWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
 	newObj, err := castToOpenStackMachineTemplate(objRaw)
 	if err != nil {
 		return nil, err
@@ -60,11 +60,13 @@ func (*openStackMachineTemplateWebhook) ValidateCreate(_ context.Context, objRaw
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "template", "spec", "providerID"), "cannot be set in templates"))
 	}
 
+	webhook.validate(newObj)
+
 	return aggregateObjErrors(newObj.GroupVersionKind().GroupKind(), newObj.Name, allErrs)
 }
 
 // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldObjRaw, newObjRaw runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldObjRaw, newObjRaw runtime.Object) (admission.Warnings, error) {
 	var allErrs field.ErrorList
 	oldObj, err := castToOpenStackMachineTemplate(oldObjRaw)
 	if err != nil {
@@ -88,11 +90,13 @@ func (*openStackMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldO
 		)
 	}
 
+	webhook.validate(newObj)
+
 	return aggregateObjErrors(newObj.GroupVersionKind().GroupKind(), newObj.Name, allErrs)
 }
 
 // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackMachineTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackMachineTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
@@ -103,3 +107,14 @@ func castToOpenStackMachineTemplate(obj runtime.Object) (*infrav1.OpenStackMachi
 	}
 	return cast, nil
 }
+
+func (webhook *openStackMachineTemplateWebhook) validate(newObj *infrav1.OpenStackMachineTemplate) error {
+	var allErrs field.ErrorList
+
+	allErrs = append(allErrs, newObj.Spec.Template.Spec.Image.Validate(*field.NewPath("Spec", "Template", "Spec", "Image"))...)
+
+	if len(allErrs) == 0 {
+		return nil
+	}
+	return apierrors.NewInvalid(infrav1.SchemeGroupVersion.WithKind("OpenStackMachineTemplate").GroupKind(), newObj.Name, allErrs)
+}

pkg/webhooks/openstackserver_webhook.go

@@ -50,7 +50,7 @@ type openStackServerWebhook struct{}
 var _ webhook.CustomValidator = &openStackServerWebhook{}
 
 // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackServerWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackServerWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
 	var allErrs field.ErrorList
 	newObj, err := castToOpenStackServer(objRaw)
 	if err != nil {
@@ -71,11 +71,13 @@ func (*openStackServerWebhook) ValidateCreate(_ context.Context, objRaw runtime.
 		}
 	}
 
+	webhook.validate(newObj)
+
 	return aggregateObjErrors(newObj.GroupVersionKind().GroupKind(), newObj.Name, allErrs)
 }
 
 // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackServerWebhook) ValidateUpdate(ctx context.Context, oldObjRaw, newObjRaw runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackServerWebhook) ValidateUpdate(ctx context.Context, oldObjRaw, newObjRaw runtime.Object) (admission.Warnings, error) {
 	oldObj, err := castToOpenStackServer(oldObjRaw)
 	if err != nil {
 		return nil, err
@@ -120,11 +122,13 @@ func (*openStackServerWebhook) ValidateUpdate(ctx context.Context, oldObjRaw, ne
 		)
 	}
 
+	webhook.validate(newObj)
+
 	return aggregateObjErrors(newObj.GroupVersionKind().GroupKind(), newObj.Name, allErrs)
 }
 
 // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type.
-func (*openStackServerWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
+func (webhook *openStackServerWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
@@ -135,3 +139,14 @@ func castToOpenStackServer(obj runtime.Object) (*infrav1alpha1.OpenStackServer,
 	}
 	return cast, nil
 }
+
+func (webhook *openStackServerWebhook) validate(newObj *infrav1alpha1.OpenStackServer) error {
+	var allErrs field.ErrorList
+
+	allErrs = append(allErrs, newObj.Spec.Image.Validate(*field.NewPath("Spec", "Image"))...)
+
+	if len(allErrs) == 0 {
+		return nil
+	}
+	return apierrors.NewInvalid(infrav1.SchemeGroupVersion.WithKind("OpenStackServer").GroupKind(), newObj.Name, allErrs)
+}