diff --git a/internal/webhook/managedcluster_webhook.go b/internal/webhook/managedcluster_webhook.go index 21d57237b..602621ac1 100644 --- a/internal/webhook/managedcluster_webhook.go +++ b/internal/webhook/managedcluster_webhook.go @@ -74,23 +74,28 @@ func (v *ManagedClusterValidator) ValidateCreate(ctx context.Context, obj runtim } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (v *ManagedClusterValidator) ValidateUpdate(ctx context.Context, _ runtime.Object, newObj runtime.Object) (admission.Warnings, error) { +func (v *ManagedClusterValidator) ValidateUpdate(ctx context.Context, oldObj runtime.Object, newObj runtime.Object) (admission.Warnings, error) { + oldManagedCluster, ok := oldObj.(*hmcv1alpha1.ManagedCluster) + if !ok { + return nil, apierrors.NewBadRequest(fmt.Sprintf("expected ManagedCluster but got a %T", oldObj)) + } newManagedCluster, ok := newObj.(*hmcv1alpha1.ManagedCluster) if !ok { return nil, apierrors.NewBadRequest(fmt.Sprintf("expected ManagedCluster but got a %T", newObj)) } + if oldManagedCluster.Spec.Template != newManagedCluster.Spec.Template { + template, err := v.getManagedClusterTemplate(ctx, newManagedCluster.Namespace, newManagedCluster.Spec.Template) + if err != nil { + return nil, fmt.Errorf("%s: %v", invalidManagedClusterMsg, err) + } - template, err := v.getManagedClusterTemplate(ctx, newManagedCluster.Namespace, newManagedCluster.Spec.Template) - if err != nil { - return nil, fmt.Errorf("%s: %v", invalidManagedClusterMsg, err) - } - - if err := isTemplateValid(template); err != nil { - return nil, fmt.Errorf("%s: %v", invalidManagedClusterMsg, err) - } + if err := isTemplateValid(template); err != nil { + return nil, fmt.Errorf("%s: %v", invalidManagedClusterMsg, err) + } - if err := validateK8sCompatibility(ctx, v.Client, template, newManagedCluster); err != nil { - return admission.Warnings{"Failed to validate k8s version compatibility with ServiceTemplates"}, fmt.Errorf("failed to validate k8s compatibility: %v", err) + if err := validateK8sCompatibility(ctx, v.Client, template, newManagedCluster); err != nil { + return admission.Warnings{"Failed to validate k8s version compatibility with ServiceTemplates"}, fmt.Errorf("failed to validate k8s compatibility: %v", err) + } } return nil, nil diff --git a/internal/webhook/managedcluster_webhook_test.go b/internal/webhook/managedcluster_webhook_test.go index b1157f1c3..b7bf00779 100644 --- a/internal/webhook/managedcluster_webhook_test.go +++ b/internal/webhook/managedcluster_webhook_test.go @@ -34,6 +34,7 @@ import ( var ( testTemplateName = "template-test" + newTemplateName = "new-template-name" testNamespace = "test" mgmt = management.NewManagement( @@ -43,8 +44,18 @@ var ( ControlPlaneProviders: []v1alpha1.ProviderTuple{{Name: "k0s"}}, }), ) +) + +func TestManagedClusterValidateCreate(t *testing.T) { + g := NewWithT(t) + + ctx := admission.NewContextWithRequest(context.Background(), admission.Request{ + AdmissionRequest: admissionv1.AdmissionRequest{ + Operation: admissionv1.Create, + }, + }) - createAndUpdateTests = []struct { + tests := []struct { name string managedCluster *v1alpha1.ManagedCluster existingObjects []runtime.Object @@ -121,17 +132,7 @@ var ( warnings: admission.Warnings{"Failed to validate k8s version compatibility with ServiceTemplates"}, }, } -) - -func TestManagedClusterValidateCreate(t *testing.T) { - g := NewWithT(t) - - ctx := admission.NewContextWithRequest(context.Background(), admission.Request{ - AdmissionRequest: admissionv1.AdmissionRequest{ - Operation: admissionv1.Create, - }, - }) - for _, tt := range createAndUpdateTests { + for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := fake.NewClientBuilder().WithScheme(scheme.Scheme).WithRuntimeObjects(tt.existingObjects...).Build() validator := &ManagedClusterValidator{Client: c} @@ -158,11 +159,58 @@ func TestManagedClusterValidateUpdate(t *testing.T) { Operation: admissionv1.Update, }, }) - for _, tt := range createAndUpdateTests { + + tests := []struct { + name string + oldManagedCluster *v1alpha1.ManagedCluster + newManagedCluster *v1alpha1.ManagedCluster + existingObjects []runtime.Object + err string + warnings admission.Warnings + }{ + { + name: "should fail if the new cluster template was found but is invalid (some validation error)", + oldManagedCluster: managedcluster.NewManagedCluster(managedcluster.WithClusterTemplate(testTemplateName)), + newManagedCluster: managedcluster.NewManagedCluster(managedcluster.WithClusterTemplate(newTemplateName)), + existingObjects: []runtime.Object{ + mgmt, + template.NewClusterTemplate( + template.WithName(newTemplateName), + template.WithValidationStatus(v1alpha1.TemplateValidationStatus{ + Valid: false, + ValidationError: "validation error example", + }), + ), + }, + err: "the ManagedCluster is invalid: the template is not valid: validation error example", + }, + { + name: "should succeed if template is not changed", + oldManagedCluster: managedcluster.NewManagedCluster( + managedcluster.WithClusterTemplate(testTemplateName), + managedcluster.WithConfig(`{"foo":"bar"}`), + ), + newManagedCluster: managedcluster.NewManagedCluster( + managedcluster.WithClusterTemplate(testTemplateName), + managedcluster.WithConfig(`{"a":"b"}`), + ), + existingObjects: []runtime.Object{ + mgmt, + template.NewClusterTemplate( + template.WithName(testTemplateName), + template.WithValidationStatus(v1alpha1.TemplateValidationStatus{ + Valid: false, + ValidationError: "validation error example", + }), + ), + }, + }, + } + for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := fake.NewClientBuilder().WithScheme(scheme.Scheme).WithRuntimeObjects(tt.existingObjects...).Build() validator := &ManagedClusterValidator{Client: c} - warn, err := validator.ValidateUpdate(ctx, managedcluster.NewManagedCluster(), tt.managedCluster) + warn, err := validator.ValidateUpdate(ctx, tt.oldManagedCluster, tt.newManagedCluster) if tt.err != "" { g.Expect(err).To(HaveOccurred()) if err.Error() != tt.err {