mirror of
https://github.com/kubevela/kubevela.git
synced 2026-02-14 10:00:06 +00:00
36f217e258
* feat: implement output resource existence validation in component, trait, and policy definitions Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add validation tests for ComponentDefinition and TraitDefinition outputs - Implement tests for ComponentDefinition with non-existent CRDs in outputs, ensuring they are rejected. - Add tests for valid outputs in ComponentDefinition, confirming acceptance. - Include tests for mixed valid and non-K8s outputs in ComponentDefinition, verifying they pass validation. - Test handling of empty outputs in ComponentDefinition, ensuring they are accepted. - Introduce tests for invalid apiVersion formats in ComponentDefinition, confirming rejection. - Add tests for TraitDefinition with mixed valid and invalid outputs, ensuring proper rejection. - Create YAML manifests for valid and invalid ComponentDefinitions and TraitDefinitions to support e2e tests. - Ensure comprehensive coverage of edge cases in output validation logic. Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> fix: handle errors in resource validation for component, trait, and policy definitions Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> fix: improve error handling in Go module tidy and resource validation Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add webhook debugging setup and validation tests for ComponentDefinition and TraitDefinition Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add VS Code launch configuration for debugging webhook validation Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> refactor: streamline error handling in Go module tidy and remove obsolete test manifests Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add mock context support for CUE template compilation Signed-off-by: Reetika Malhotra <malhotra.reetika25@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: enhance validation for WorkflowStepDefinition resources and improve output resource checks Signed-off-by: viskumar <viskumar@guidewire.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: implement resource validation for CUE templates and add unit tests Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: enhance logging and validation for component, policy, and trait definitions Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: improve error handling and logging in validation handlers for component, policy, trait, and workflow step definitions Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Remove testUnknownResource folder from repository Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: implement structured logging for validation handlers and remove deprecated request_logger Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: enhance structured logging and error handling in admission validation handlers Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: improve logging messages in validating handlers for better clarity Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: refactor logging field definitions for consistency and improve error handling in resource validation Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> chore: add license header to invalid_resource_check.go and invalid_resource_check_test.go Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: enhance validation tests for WorkflowStepDefinition and improve error messages Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add e2e-test-local target for k3d cluster setup and webhook validation Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add webhook configuration for workflow step definitions with validation rules Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: update e2e-test-local configuration and improve Ingress API version compatibility Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add installation of FluxCD CRDs in pre-hook to prevent webhook validation errors Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add ValidateResourcesExist feature gate and enhance resource validation in webhook handlers Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: enhance resource validation in e2e tests and improve addon definition checks Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: enhance addon definition detection by using owner references for validation Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: add ValidateResourcesExist feature gate and implement webhook validation for resource existence Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: update Ingress API version to v1 and adjust service references in tests Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> chore: remove webhook test commands and related YAML files from makefiles and tests Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> chore: remove architecture section from webhook debugging guide Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> feat: update webhook setup script with k3d host gateway IP note and improve cluster creation logic Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> * Fix: Correct path in Ingress resource definition in template tests Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> * Chore: add empty line to re-trigger failing workflow Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com> * Chore: remove space to re-trigger workflow Signed-off-by: Chaitanya Reddy Onteddu <co@guidewire.com> --------- Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com> Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com> Signed-off-by: Chaitanya Reddy Onteddu <co@guidewire.com> Co-authored-by: Chaitanya Reddy Onteddu <chaitanyareddy0702@gmail.com> Co-authored-by: Amit Singh <amisingh@guidewire.com>
159 lines
9.6 KiB
Go
159 lines
9.6 KiB
Go
/*
|
|
Copyright 2021 The KubeVela Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package features
|
|
|
|
import (
|
|
"k8s.io/apimachinery/pkg/util/runtime"
|
|
"k8s.io/apiserver/pkg/util/feature"
|
|
"k8s.io/component-base/featuregate"
|
|
)
|
|
|
|
const (
|
|
// Compatibility Features
|
|
|
|
// DeprecatedPolicySpec enable the use of deprecated policy spec
|
|
DeprecatedPolicySpec featuregate.Feature = "DeprecatedPolicySpec"
|
|
// LegacyObjectTypeIdentifier enable the use of legacy object type identifier for selecting ref-object
|
|
LegacyObjectTypeIdentifier featuregate.Feature = "LegacyObjectTypeIdentifier"
|
|
// DeprecatedObjectLabelSelector enable the use of deprecated object label selector for selecting ref-object
|
|
DeprecatedObjectLabelSelector featuregate.Feature = "DeprecatedObjectLabelSelector"
|
|
// LegacyResourceTrackerGC enable the gc of legacy resource tracker in managed clusters
|
|
LegacyResourceTrackerGC featuregate.Feature = "LegacyResourceTrackerGC"
|
|
// LegacyResourceOwnerValidation if enabled, the resource dispatch will allow existing resource not to have owner
|
|
// application and the current application will take over it
|
|
LegacyResourceOwnerValidation featuregate.Feature = "LegacyResourceOwnerValidation"
|
|
// DisableReferObjectsFromURL if set, the url ref objects will be disallowed
|
|
DisableReferObjectsFromURL featuregate.Feature = "DisableReferObjectsFromURL"
|
|
|
|
// ApplyResourceByReplace enforces the modification of resource through PUT requests.
|
|
// If not set, the resource modification will use patch requests (three-way-strategy-merge-patch).
|
|
// The side effect of enabling this feature is that the request traffic will increase due to
|
|
// the increase of bytes transferred and the more frequent resource mutation failure due to the
|
|
// potential conflicts.
|
|
// If set, KubeVela controller will enforce strong restriction on the managed resource that external
|
|
// system would be unable to make modifications to the KubeVela managed resource. In other words,
|
|
// no merge for modifications from multiple sources. Only KubeVela keeps the Source-of-Truth for the
|
|
// resource.
|
|
ApplyResourceByReplace featuregate.Feature = "ApplyResourceByReplace"
|
|
|
|
// Edge Features
|
|
|
|
// AuthenticateApplication enable the authentication for application
|
|
AuthenticateApplication featuregate.Feature = "AuthenticateApplication"
|
|
// ValidateDefinitionPermissions enables RBAC validation for definition access in applications
|
|
ValidateDefinitionPermissions featuregate.Feature = "ValidateDefinitionPermissions"
|
|
// GzipResourceTracker enables the gzip compression for ResourceTracker. It can be useful if you have large
|
|
// application that needs to dispatch lots of resources or large resources (like CRD or huge ConfigMap),
|
|
// which at the cost of slower processing speed due to the extra overhead for compression and decompression.
|
|
GzipResourceTracker featuregate.Feature = "GzipResourceTracker"
|
|
// ZstdResourceTracker enables the zstd compression for ResourceTracker.
|
|
// Refer to GzipResourceTracker for its use-cases. It is much faster and more
|
|
// efficient than gzip, about 2x faster and compresses to smaller size.
|
|
// If you are dealing with very large ResourceTrackers (1MB or so), it should
|
|
// have almost NO performance penalties compared to no compression at all.
|
|
// If dealing with smaller ResourceTrackers (10KB - 1MB), the performance
|
|
// penalties are minimal.
|
|
ZstdResourceTracker featuregate.Feature = "ZstdResourceTracker"
|
|
|
|
// GzipApplicationRevision serves the same purpose as GzipResourceTracker,
|
|
// but for ApplicationRevision.
|
|
GzipApplicationRevision featuregate.Feature = "GzipApplicationRevision"
|
|
// ZstdApplicationRevision serves the same purpose as ZstdResourceTracker,
|
|
// but for ApplicationRevision.
|
|
ZstdApplicationRevision featuregate.Feature = "ZstdApplicationRevision"
|
|
|
|
// ApplyOnce enable the apply-once feature for all applications
|
|
// If enabled, no StateKeep will be run, ResourceTracker will also disable the storage of all resource data, only
|
|
// metadata will be kept
|
|
ApplyOnce featuregate.Feature = "ApplyOnce"
|
|
|
|
// MultiStageComponentApply enable multi-stage feature for component
|
|
// If enabled, the dispatch of manifests is performed in batches according to the stage
|
|
MultiStageComponentApply featuregate.Feature = "MultiStageComponentApply"
|
|
|
|
// PreDispatchDryRun enable dryrun before dispatching resources
|
|
// Enable this flag can help prevent unsuccessful dispatch resources entering resourcetracker and improve the
|
|
// user experiences of gc but at the cost of increasing network requests.
|
|
PreDispatchDryRun featuregate.Feature = "PreDispatchDryRun"
|
|
|
|
// ValidateComponentWhenSharding validate component in sharding mode
|
|
// In sharding mode, since ApplicationRevision will not be cached for webhook, the validation of component
|
|
// need to call Kubernetes APIServer which can be slow and take up some network traffic. So by default, the
|
|
// validation of component will be disabled.
|
|
ValidateComponentWhenSharding = "ValidateComponentWhenSharding"
|
|
|
|
// DisableWebhookAutoSchedule disable auto schedule for application mutating webhook when sharding enabled
|
|
// If set to true, the webhook will not make auto schedule for applications and users can make customized
|
|
// scheduler for assigning shards to applications
|
|
DisableWebhookAutoSchedule = "DisableWebhookAutoSchedule"
|
|
|
|
// DisableBootstrapClusterInfo disable the cluster info bootstrap at the starting of the controller
|
|
DisableBootstrapClusterInfo = "DisableBootstrapClusterInfo"
|
|
|
|
// InformerCacheFilterUnnecessaryFields filter unnecessary fields for informer cache
|
|
InformerCacheFilterUnnecessaryFields = "InformerCacheFilterUnnecessaryFields"
|
|
|
|
// SharedDefinitionStorageForApplicationRevision use definition cache to reduce duplicated definition storage
|
|
// for application revision, must be used with InformerCacheFilterUnnecessaryFields
|
|
SharedDefinitionStorageForApplicationRevision = "SharedDefinitionStorageForApplicationRevision"
|
|
|
|
// DisableWorkflowContextConfigMapCache disable the workflow context's configmap informer cache
|
|
DisableWorkflowContextConfigMapCache = "DisableWorkflowContextConfigMapCache"
|
|
|
|
// EnableCueValidation enable strict cue validation fields for the required parameter field verification
|
|
EnableCueValidation = "EnableCueValidation"
|
|
|
|
// EnableApplicationStatusMetrics enable the collection and export of application status metrics and structured logging
|
|
EnableApplicationStatusMetrics = "EnableApplicationStatusMetrics"
|
|
|
|
// ValidateResourcesExist enables webhook validation to check if resource types referenced in
|
|
// ComponentDefinition/TraitDefinition/WorkflowStepDefinition/PolicyDefinition CUE templates exist in the cluster
|
|
ValidateResourcesExist = "ValidateResourcesExist"
|
|
)
|
|
|
|
var defaultFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
|
|
DeprecatedPolicySpec: {Default: false, PreRelease: featuregate.Alpha},
|
|
LegacyObjectTypeIdentifier: {Default: false, PreRelease: featuregate.Alpha},
|
|
DeprecatedObjectLabelSelector: {Default: false, PreRelease: featuregate.Alpha},
|
|
LegacyResourceTrackerGC: {Default: false, PreRelease: featuregate.Beta},
|
|
LegacyResourceOwnerValidation: {Default: false, PreRelease: featuregate.Alpha},
|
|
DisableReferObjectsFromURL: {Default: false, PreRelease: featuregate.Alpha},
|
|
ApplyResourceByReplace: {Default: false, PreRelease: featuregate.Alpha},
|
|
AuthenticateApplication: {Default: false, PreRelease: featuregate.Alpha},
|
|
ValidateDefinitionPermissions: {Default: false, PreRelease: featuregate.Alpha},
|
|
GzipResourceTracker: {Default: false, PreRelease: featuregate.Alpha},
|
|
ZstdResourceTracker: {Default: false, PreRelease: featuregate.Alpha},
|
|
ApplyOnce: {Default: false, PreRelease: featuregate.Alpha},
|
|
MultiStageComponentApply: {Default: false, PreRelease: featuregate.Alpha},
|
|
GzipApplicationRevision: {Default: false, PreRelease: featuregate.Alpha},
|
|
ZstdApplicationRevision: {Default: false, PreRelease: featuregate.Alpha},
|
|
PreDispatchDryRun: {Default: true, PreRelease: featuregate.Alpha},
|
|
ValidateComponentWhenSharding: {Default: false, PreRelease: featuregate.Alpha},
|
|
DisableWebhookAutoSchedule: {Default: false, PreRelease: featuregate.Alpha},
|
|
DisableBootstrapClusterInfo: {Default: false, PreRelease: featuregate.Alpha},
|
|
InformerCacheFilterUnnecessaryFields: {Default: true, PreRelease: featuregate.Alpha},
|
|
SharedDefinitionStorageForApplicationRevision: {Default: true, PreRelease: featuregate.Alpha},
|
|
DisableWorkflowContextConfigMapCache: {Default: true, PreRelease: featuregate.Alpha},
|
|
EnableCueValidation: {Default: false, PreRelease: featuregate.Beta},
|
|
EnableApplicationStatusMetrics: {Default: false, PreRelease: featuregate.Alpha},
|
|
ValidateResourcesExist: {Default: false, PreRelease: featuregate.Alpha},
|
|
}
|
|
|
|
func init() {
|
|
runtime.Must(feature.DefaultMutableFeatureGate.Add(defaultFeatureGates))
|
|
}
|