From 32f73b1739654cc0b2e946954d70af86950dc7da Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Wed, 28 Aug 2024 11:17:49 -0400 Subject: [PATCH] Move webhook registration behind feature gate flag Move webhook registration behind feature gate flags similar to controller registration. Signed-off-by: Bryan Cox --- api/v1beta1/azuremanagedcluster_webhook.go | 12 --- .../azuremanagedcluster_webhook_test.go | 7 -- .../azuremanagedclustertemplate_webhook.go | 12 --- .../azuremanagedcontrolplane_webhook.go | 10 -- .../azuremanagedcontrolplane_webhook_test.go | 6 -- ...zuremanagedcontrolplanetemplate_webhook.go | 10 -- .../azuremanagedmachinepool_webhook.go | 10 -- .../azuremanagedmachinepool_webhook_test.go | 6 -- ...azuremanagedmachinepooltemplate_webhook.go | 9 -- exp/api/v1beta1/azuremachinepool_webhook.go | 11 +- .../v1beta1/azuremachinepool_webhook_test.go | 6 -- .../azuremachinepoolmachine_webhook.go | 13 --- main.go | 100 +++++++++--------- 13 files changed, 52 insertions(+), 160 deletions(-) diff --git a/api/v1beta1/azuremanagedcluster_webhook.go b/api/v1beta1/azuremanagedcluster_webhook.go index e0b0c66df6c..25385fc8ba6 100644 --- a/api/v1beta1/azuremanagedcluster_webhook.go +++ b/api/v1beta1/azuremanagedcluster_webhook.go @@ -18,13 +18,9 @@ package v1beta1 import ( "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - - "sigs.k8s.io/cluster-api-provider-azure/feature" ) // SetupWebhookWithManager sets up and registers the webhook with the manager. @@ -40,14 +36,6 @@ var _ webhook.Validator = &AzureManagedCluster{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (r *AzureManagedCluster) ValidateCreate() (admission.Warnings, error) { - // NOTE: AzureManagedCluster relies upon MachinePools, which is behind a feature gate flag. - // The webhook must prevent creating new objects in case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "can be set only if the Cluster API 'MachinePool' feature flag is enabled", - ) - } return nil, nil } diff --git a/api/v1beta1/azuremanagedcluster_webhook_test.go b/api/v1beta1/azuremanagedcluster_webhook_test.go index e97807aacb9..8afba26adc1 100644 --- a/api/v1beta1/azuremanagedcluster_webhook_test.go +++ b/api/v1beta1/azuremanagedcluster_webhook_test.go @@ -22,7 +22,6 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilfeature "k8s.io/component-base/featuregate/testing" - "k8s.io/utils/ptr" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" capifeature "sigs.k8s.io/cluster-api/feature" @@ -142,12 +141,6 @@ func TestAzureManagedCluster_ValidateCreateFailure(t *testing.T) { featureGateEnabled *bool expectError bool }{ - { - name: "feature gate explicitly disabled", - amc: getKnownValidAzureManagedCluster(), - featureGateEnabled: ptr.To(false), - expectError: true, - }, { name: "feature gate implicitly enabled", amc: getKnownValidAzureManagedCluster(), diff --git a/api/v1beta1/azuremanagedclustertemplate_webhook.go b/api/v1beta1/azuremanagedclustertemplate_webhook.go index b8627f5f66e..c162b47da70 100644 --- a/api/v1beta1/azuremanagedclustertemplate_webhook.go +++ b/api/v1beta1/azuremanagedclustertemplate_webhook.go @@ -18,13 +18,9 @@ package v1beta1 import ( "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - - "sigs.k8s.io/cluster-api-provider-azure/feature" ) // SetupWebhookWithManager sets up and registers the webhook with the manager. @@ -40,14 +36,6 @@ var _ webhook.Validator = &AzureManagedClusterTemplate{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. func (r *AzureManagedClusterTemplate) ValidateCreate() (admission.Warnings, error) { - // NOTE: AzureManagedClusterTemplate relies upon MachinePools, which is behind a feature gate flag. - // The webhook must prevent creating new objects in case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "cannot be set if the Cluster API 'MachinePool' feature flag is not enabled", - ) - } return nil, nil } diff --git a/api/v1beta1/azuremanagedcontrolplane_webhook.go b/api/v1beta1/azuremanagedcontrolplane_webhook.go index 029945c29ad..e13507f6b76 100644 --- a/api/v1beta1/azuremanagedcontrolplane_webhook.go +++ b/api/v1beta1/azuremanagedcontrolplane_webhook.go @@ -31,12 +31,10 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "sigs.k8s.io/cluster-api-provider-azure/feature" "sigs.k8s.io/cluster-api-provider-azure/util/versions" webhookutils "sigs.k8s.io/cluster-api-provider-azure/util/webhook" ) @@ -111,14 +109,6 @@ func (mw *azureManagedControlPlaneWebhook) ValidateCreate(_ context.Context, obj if !ok { return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlane") } - // NOTE: AzureManagedControlPlane relies upon MachinePools, which is behind a feature gate flag. - // The webhook must prevent creating new objects in case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "can be set only if the Cluster API 'MachinePool' feature flag is enabled", - ) - } return nil, m.Validate(mw.Client) } diff --git a/api/v1beta1/azuremanagedcontrolplane_webhook_test.go b/api/v1beta1/azuremanagedcontrolplane_webhook_test.go index e24a9c24e7d..ed93590c093 100644 --- a/api/v1beta1/azuremanagedcontrolplane_webhook_test.go +++ b/api/v1beta1/azuremanagedcontrolplane_webhook_test.go @@ -1664,12 +1664,6 @@ func TestAzureManagedControlPlane_ValidateCreateFailure(t *testing.T) { featureGateEnabled *bool expectError bool }{ - { - name: "feature gate explicitly disabled", - amcp: getKnownValidAzureManagedControlPlane(), - featureGateEnabled: ptr.To(false), - expectError: true, - }, { name: "feature gate implicitly enabled", amcp: getKnownValidAzureManagedControlPlane(), diff --git a/api/v1beta1/azuremanagedcontrolplanetemplate_webhook.go b/api/v1beta1/azuremanagedcontrolplanetemplate_webhook.go index 18f73e91246..b249f3ff833 100644 --- a/api/v1beta1/azuremanagedcontrolplanetemplate_webhook.go +++ b/api/v1beta1/azuremanagedcontrolplanetemplate_webhook.go @@ -23,12 +23,10 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "sigs.k8s.io/cluster-api-provider-azure/feature" "sigs.k8s.io/cluster-api-provider-azure/util/versions" webhookutils "sigs.k8s.io/cluster-api-provider-azure/util/webhook" ) @@ -66,14 +64,6 @@ func (mcpw *azureManagedControlPlaneTemplateWebhook) ValidateCreate(_ context.Co if !ok { return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") } - // NOTE: AzureManagedControlPlaneTemplate relies upon MachinePools, which is behind a feature gate flag. - // The webhook must prevent creating new objects in case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "can be set only if the Cluster API 'MachinePool' feature flag is enabled", - ) - } return nil, mcp.validateManagedControlPlaneTemplate(mcpw.Client) } diff --git a/api/v1beta1/azuremanagedmachinepool_webhook.go b/api/v1beta1/azuremanagedmachinepool_webhook.go index 3c2cc657cc0..3afe5093f23 100644 --- a/api/v1beta1/azuremanagedmachinepool_webhook.go +++ b/api/v1beta1/azuremanagedmachinepool_webhook.go @@ -32,12 +32,10 @@ import ( "k8s.io/utils/ptr" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" clusterctlv1alpha3 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "sigs.k8s.io/cluster-api-provider-azure/feature" azureutil "sigs.k8s.io/cluster-api-provider-azure/util/azure" webhookutils "sigs.k8s.io/cluster-api-provider-azure/util/webhook" ) @@ -91,14 +89,6 @@ func (mw *azureManagedMachinePoolWebhook) ValidateCreate(_ context.Context, obj if !ok { return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") } - // NOTE: AzureManagedMachinePool relies upon MachinePools, which is behind a feature gate flag. - // The webhook must prevent creating new objects in case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "can be set only if the Cluster API 'MachinePool' feature flag is enabled", - ) - } var errs []error diff --git a/api/v1beta1/azuremanagedmachinepool_webhook_test.go b/api/v1beta1/azuremanagedmachinepool_webhook_test.go index f3b0603fb02..b68a0184465 100644 --- a/api/v1beta1/azuremanagedmachinepool_webhook_test.go +++ b/api/v1beta1/azuremanagedmachinepool_webhook_test.go @@ -1312,12 +1312,6 @@ func TestAzureManagedMachinePool_ValidateCreateFailure(t *testing.T) { featureGateEnabled *bool expectError bool }{ - { - name: "feature gate explicitly disabled", - ammp: getKnownValidAzureManagedMachinePool(), - featureGateEnabled: ptr.To(false), - expectError: true, - }, { name: "feature gate implicitly enabled", ammp: getKnownValidAzureManagedMachinePool(), diff --git a/api/v1beta1/azuremanagedmachinepooltemplate_webhook.go b/api/v1beta1/azuremanagedmachinepooltemplate_webhook.go index 1db56744687..c976648a52f 100644 --- a/api/v1beta1/azuremanagedmachinepooltemplate_webhook.go +++ b/api/v1beta1/azuremanagedmachinepooltemplate_webhook.go @@ -25,12 +25,10 @@ import ( kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "sigs.k8s.io/cluster-api-provider-azure/feature" webhookutils "sigs.k8s.io/cluster-api-provider-azure/util/webhook" ) @@ -79,13 +77,6 @@ func (mpw *azureManagedMachinePoolTemplateWebhook) ValidateCreate(_ context.Cont return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") } - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "can be set only if the Cluster API 'MachinePool' feature flag is enabled", - ) - } - var errs []error errs = append(errs, validateMaxPods( diff --git a/exp/api/v1beta1/azuremachinepool_webhook.go b/exp/api/v1beta1/azuremachinepool_webhook.go index a19b3f707f3..d4188441005 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook.go +++ b/exp/api/v1beta1/azuremachinepool_webhook.go @@ -29,13 +29,11 @@ import ( kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/validation/field" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" - "sigs.k8s.io/cluster-api-provider-azure/feature" azureutil "sigs.k8s.io/cluster-api-provider-azure/util/azure" ) @@ -73,14 +71,7 @@ func (ampw *azureMachinePoolWebhook) ValidateCreate(_ context.Context, obj runti if !ok { return nil, apierrors.NewBadRequest("expected an AzureMachinePool") } - // NOTE: AzureMachinePool is behind MachinePool feature gate flag; the webhook - // must prevent creating new objects in case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "can be set only if the MachinePool feature flag is enabled", - ) - } + return nil, amp.Validate(nil, ampw.Client) } diff --git a/exp/api/v1beta1/azuremachinepool_webhook_test.go b/exp/api/v1beta1/azuremachinepool_webhook_test.go index e1324deee98..b754999fe53 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook_test.go +++ b/exp/api/v1beta1/azuremachinepool_webhook_test.go @@ -706,12 +706,6 @@ func TestAzureMachinePool_ValidateCreateFailure(t *testing.T) { featureGateEnabled *bool expectError bool }{ - { - name: "feature gate explicitly disabled", - amp: getKnownValidAzureMachinePool(), - featureGateEnabled: ptr.To(false), - expectError: true, - }, { name: "feature gate implicitly enabled", amp: getKnownValidAzureMachinePool(), diff --git a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go b/exp/api/v1beta1/azuremachinepoolmachine_webhook.go index 6b9278ee2cd..0b81e54f62d 100644 --- a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go +++ b/exp/api/v1beta1/azuremachinepoolmachine_webhook.go @@ -19,13 +19,9 @@ package v1beta1 import ( "github.com/pkg/errors" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - capifeature "sigs.k8s.io/cluster-api/feature" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - - "sigs.k8s.io/cluster-api-provider-azure/feature" ) // SetupWebhookWithManager sets up and registers the webhook with the manager. @@ -46,15 +42,6 @@ func (ampm *AzureMachinePoolMachine) ValidateCreate() (admission.Warnings, error // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. func (ampm *AzureMachinePoolMachine) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - // NOTE: AzureMachinePoolMachine is behind MachinePool feature gate flag; the webhook - // must prevent creating new objects new case the feature flag is disabled. - if !feature.Gates.Enabled(capifeature.MachinePool) { - return nil, field.Forbidden( - field.NewPath("spec"), - "can be set only if the MachinePool feature flag is enabled", - ) - } - oldMachine, ok := old.(*AzureMachinePoolMachine) if !ok { return nil, errors.New("expected and AzureMachinePoolMachine") diff --git a/main.go b/main.go index 2c1b98e0bcd..664bdab4416 100644 --- a/main.go +++ b/main.go @@ -593,6 +593,11 @@ func registerWebhooks(mgr manager.Manager) { os.Exit(1) } + if err := infrav1.SetupAzureMachineWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachine") + os.Exit(1) + } + if err := (&infrav1.AzureMachineTemplate{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachineTemplate") os.Exit(1) @@ -603,66 +608,63 @@ func registerWebhooks(mgr manager.Manager) { os.Exit(1) } - if err := (&infrav1exp.AzureMachinePoolMachine{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePoolMachine") - os.Exit(1) - } - - // NOTE: AzureManagedCluster is behind AKS feature gate flag; the webhook - // is going to prevent creating or updating new objects in case the feature flag is disabled - if err := (&infrav1.AzureManagedCluster{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedCluster") - os.Exit(1) - } + if feature.Gates.Enabled(capifeature.MachinePool) { + if err := infrav1exp.SetupAzureMachinePoolWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePool") + os.Exit(1) + } - if err := (&infrav1.AzureManagedClusterTemplate{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedClusterTemplate") - os.Exit(1) - } + if err := (&infrav1exp.AzureMachinePoolMachine{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePoolMachine") + os.Exit(1) + } - if err := infrav1exp.SetupAzureMachinePoolWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePool") - os.Exit(1) - } + if err := infrav1.SetupAzureManagedMachinePoolWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedMachinePool") + os.Exit(1) + } - if err := infrav1.SetupAzureMachineWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachine") - os.Exit(1) - } + if err := infrav1.SetupAzureManagedMachinePoolTemplateWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedMachinePoolTemplate") + os.Exit(1) + } - if err := infrav1.SetupAzureManagedMachinePoolWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedMachinePool") - os.Exit(1) - } + if err := (&infrav1.AzureManagedCluster{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedCluster") + os.Exit(1) + } - if err := infrav1.SetupAzureManagedMachinePoolTemplateWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedMachinePoolTemplate") - os.Exit(1) - } + if err := (&infrav1.AzureManagedClusterTemplate{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedClusterTemplate") + os.Exit(1) + } - if err := infrav1.SetupAzureManagedControlPlaneWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedControlPlane") - os.Exit(1) - } + if err := infrav1.SetupAzureManagedControlPlaneWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedControlPlane") + os.Exit(1) + } - if err := infrav1.SetupAzureManagedControlPlaneTemplateWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedControlPlaneTemplate") - os.Exit(1) + if err := infrav1.SetupAzureManagedControlPlaneTemplateWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureManagedControlPlaneTemplate") + os.Exit(1) + } } - if err := infrav1alpha.SetupAzureASOManagedClusterWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureASOManagedCluster") - os.Exit(1) - } + if feature.Gates.Enabled(feature.ASOAPI) { + if err := infrav1alpha.SetupAzureASOManagedClusterWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureASOManagedCluster") + os.Exit(1) + } - if err := infrav1alpha.SetupAzureASOManagedControlPlaneWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureASOManagedControlPlane") - os.Exit(1) - } + if err := infrav1alpha.SetupAzureASOManagedControlPlaneWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureASOManagedControlPlane") + os.Exit(1) + } - if err := infrav1alpha.SetupAzureASOManagedMachinePoolWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "AzureASOManagedMachinePool") - os.Exit(1) + if err := infrav1alpha.SetupAzureASOManagedMachinePoolWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "AzureASOManagedMachinePool") + os.Exit(1) + } } if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil {