Search in sources :

Example 1 with Operation

use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.

the class BackupConfigStorageTypeValidator method validate.

@Override
public void validate(BackupConfigReview review) throws ValidationFailed {
    Operation operation = review.getRequest().getOperation();
    if (operation == Operation.CREATE || operation == Operation.UPDATE) {
        String storageType = review.getRequest().getObject().getSpec().getStorage().getType();
        if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3() == null) {
            final String message = "Invalid backup configuration," + " source s3 must be set when source type is s3";
            fail(message);
        }
        if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3().getBucket() == null) {
            final String message = "Invalid backup configuration," + " source s3 bucket must be set when source type is s3";
            fail(message);
        }
        if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3().getAwsCredentials() == null) {
            final String message = "Invalid backup configuration," + " source s3 credentials must be set when source type is s3";
            fail(message);
        }
        if (storageType.equals("s3Compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible() == null) {
            final String message = "Invalid backup configuration," + " source s3Compatible must be set when source type is s3Compatible";
            fail(message);
        }
        if (storageType.equals("s3Compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible().getBucket() == null) {
            final String message = "Invalid backup configuration," + " source s3Compatible bucket must be set when source type is s3Compatible";
            fail(message);
        }
        if (storageType.equals("s3Compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible().getAwsCredentials() == null) {
            final String message = "Invalid backup configuration," + " source s3Compatible credentials must be set when source type is s3Compatible";
            fail(message);
        }
        if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs() == null) {
            final String message = "Invalid backup configuration," + " source gcs must be set when source type is gcs";
            fail(message);
        }
        if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs().getBucket() == null) {
            final String message = "Invalid backup configuration," + " source gcs bucket must be set when source type is gcs";
            fail(message);
        }
        if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs().getCredentials() == null) {
            final String message = "Invalid backup configuration," + " source gcs credentials must be set when source type is gcs";
            fail(message);
        }
        if (storageType.equals("azureBlob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob() == null) {
            final String message = "Invalid backup configuration," + " source azureBlob must be set when source type is azureBlob";
            fail(message);
        }
        if (storageType.equals("azureBlob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob().getBucket() == null) {
            final String message = "Invalid backup configuration," + " source azureBlob bucket must be set when source type is azureBlob";
            fail(message);
        }
        if (storageType.equals("azureBlob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob().getAzureCredentials() == null) {
            final String message = "Invalid backup configuration," + " source azureBlob credentials must be set when source type is azureBlob";
            fail(message);
        }
        if (ImmutableList.of("s3Compatible", "gcs", "azureBlob").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getS3() != null) {
            final String message = "Invalid backup configuration," + " source s3 must not be set when source type is " + storageType;
            fail(message);
        }
        if (ImmutableList.of("s3", "gcs", "azureBlob").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getS3Compatible() != null) {
            final String message = "Invalid backup configuration," + " source s3Compatible must not be set when source type is " + storageType;
            fail(message);
        }
        if (ImmutableList.of("s3", "s3Compatible", "azureBlob").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getGcs() != null) {
            final String message = "Invalid backup configuration," + " source gcs must not be set when source type is " + storageType;
            fail(message);
        }
        if (ImmutableList.of("s3", "s3Compatible", "gcs").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getAzureBlob() != null) {
            final String message = "Invalid backup configuration," + " source azureBlob must not be set when source type is " + storageType;
            fail(message);
        }
    }
}
Also used : Operation(io.stackgres.operatorframework.admissionwebhook.Operation)

Example 2 with Operation

use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.

the class BlocklistValidator method validate.

@Override
public void validate(PgConfigReview review) throws ValidationFailed {
    Operation operation = review.getRequest().getOperation();
    if (operation == Operation.CREATE || operation == Operation.UPDATE) {
        Map<String, String> confProperties = review.getRequest().getObject().getSpec().getPostgresqlConf();
        String[] blocklistedProperties = confProperties.keySet().stream().filter(BLOCKLIST::contains).toArray(String[]::new);
        int blocklistCount = blocklistedProperties.length;
        if (blocklistCount > 0) {
            throw new ValidationFailed("Invalid postgres configuration, properties: " + String.join(", ", blocklistedProperties) + " cannot be settled");
        }
    }
}
Also used : ValidationFailed(io.stackgres.operatorframework.admissionwebhook.validating.ValidationFailed) Operation(io.stackgres.operatorframework.admissionwebhook.Operation)

Example 3 with Operation

use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.

the class PgBouncerBlocklistValidator method validate.

@Override
public void validate(PoolingReview review) throws ValidationFailed {
    Operation operation = review.getRequest().getOperation();
    if (operation == Operation.CREATE || operation == Operation.UPDATE) {
        var databases = review.getRequest().getObject().getSpec().getPgBouncer().getPgbouncerIni().getDatabases();
        var users = review.getRequest().getObject().getSpec().getPgBouncer().getPgbouncerIni().getUsers();
        Set<String> blocklistedProperties = new HashSet<>();
        if (databases != null) {
            Set<String> collect = databases.entrySet().stream().flatMap(t -> t.getValue().keySet().stream()).filter(BLOCKLIST::contains).collect(Collectors.toSet());
            blocklistedProperties.addAll(collect);
        }
        if (users != null) {
            Set<String> collect = users.entrySet().stream().flatMap(t -> t.getValue().keySet().stream()).filter(BLOCKLIST::contains).collect(Collectors.toSet());
            blocklistedProperties.addAll(collect);
        }
        if (!blocklistedProperties.isEmpty()) {
            throw new ValidationFailed("Invalid PgBouncer configuration, properties: [" + String.join(", ", blocklistedProperties) + "] cannot be set");
        }
    }
}
Also used : ValidationFailed(io.stackgres.operatorframework.admissionwebhook.validating.ValidationFailed) Operation(io.stackgres.operatorframework.admissionwebhook.Operation) HashSet(java.util.HashSet)

Example 4 with Operation

use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.

the class BackupConfigStorageValidator method validate.

@Override
public void validate(BackupConfigReview review) throws ValidationFailed {
    Operation operation = review.getRequest().getOperation();
    if (operation == Operation.CREATE || operation == Operation.UPDATE) {
        String namespace = review.getRequest().getObject().getMetadata().getNamespace();
        String storageType = review.getRequest().getObject().getSpec().getStorage().getType();
        if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3() != null) {
            AwsCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getS3().getAwsCredentials();
            checkSecret(namespace, storageType, "accessKeyId", credentials.getSecretKeySelectors().getAccessKeyId());
            checkSecret(namespace, storageType, "secretAccessKey", credentials.getSecretKeySelectors().getSecretAccessKey());
        }
        if (storageType.equals("s3compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible() != null) {
            AwsCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getS3Compatible().getAwsCredentials();
            checkSecret(namespace, storageType, "accessKeyId", credentials.getSecretKeySelectors().getAccessKeyId());
            checkSecret(namespace, storageType, "secretAccessKey", credentials.getSecretKeySelectors().getSecretAccessKey());
        }
        if (storageType.equals("azureblob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob() != null) {
            AzureBlobStorageCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getAzureBlob().getAzureCredentials();
            checkSecret(namespace, storageType, "account", credentials.getSecretKeySelectors().getAccount());
            checkSecret(namespace, storageType, "accessKey", credentials.getSecretKeySelectors().getAccessKey());
        }
        if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs() != null && review.getRequest().getObject().getSpec().getStorage().getGcs().getCredentials().getSecretKeySelectors() != null) {
            GoogleCloudCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getGcs().getCredentials();
            checkSecret(namespace, storageType, "serviceAccountJsonKey", credentials.getSecretKeySelectors().getServiceAccountJsonKey());
        }
    }
}
Also used : GoogleCloudCredentials(io.stackgres.common.crd.storages.GoogleCloudCredentials) AwsCredentials(io.stackgres.common.crd.storages.AwsCredentials) AzureBlobStorageCredentials(io.stackgres.common.crd.storages.AzureBlobStorageCredentials) Operation(io.stackgres.operatorframework.admissionwebhook.Operation)

Aggregations

Operation (io.stackgres.operatorframework.admissionwebhook.Operation)4 ValidationFailed (io.stackgres.operatorframework.admissionwebhook.validating.ValidationFailed)2 AwsCredentials (io.stackgres.common.crd.storages.AwsCredentials)1 AzureBlobStorageCredentials (io.stackgres.common.crd.storages.AzureBlobStorageCredentials)1 GoogleCloudCredentials (io.stackgres.common.crd.storages.GoogleCloudCredentials)1 HashSet (java.util.HashSet)1