use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.
the class BackupConfigStorageTypeValidator method validate.
@Override
public void validate(BackupConfigReview review) throws ValidationFailed {
Operation operation = review.getRequest().getOperation();
if (operation == Operation.CREATE || operation == Operation.UPDATE) {
String storageType = review.getRequest().getObject().getSpec().getStorage().getType();
if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3() == null) {
final String message = "Invalid backup configuration," + " source s3 must be set when source type is s3";
fail(message);
}
if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3().getBucket() == null) {
final String message = "Invalid backup configuration," + " source s3 bucket must be set when source type is s3";
fail(message);
}
if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3().getAwsCredentials() == null) {
final String message = "Invalid backup configuration," + " source s3 credentials must be set when source type is s3";
fail(message);
}
if (storageType.equals("s3Compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible() == null) {
final String message = "Invalid backup configuration," + " source s3Compatible must be set when source type is s3Compatible";
fail(message);
}
if (storageType.equals("s3Compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible().getBucket() == null) {
final String message = "Invalid backup configuration," + " source s3Compatible bucket must be set when source type is s3Compatible";
fail(message);
}
if (storageType.equals("s3Compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible().getAwsCredentials() == null) {
final String message = "Invalid backup configuration," + " source s3Compatible credentials must be set when source type is s3Compatible";
fail(message);
}
if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs() == null) {
final String message = "Invalid backup configuration," + " source gcs must be set when source type is gcs";
fail(message);
}
if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs().getBucket() == null) {
final String message = "Invalid backup configuration," + " source gcs bucket must be set when source type is gcs";
fail(message);
}
if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs().getCredentials() == null) {
final String message = "Invalid backup configuration," + " source gcs credentials must be set when source type is gcs";
fail(message);
}
if (storageType.equals("azureBlob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob() == null) {
final String message = "Invalid backup configuration," + " source azureBlob must be set when source type is azureBlob";
fail(message);
}
if (storageType.equals("azureBlob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob().getBucket() == null) {
final String message = "Invalid backup configuration," + " source azureBlob bucket must be set when source type is azureBlob";
fail(message);
}
if (storageType.equals("azureBlob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob().getAzureCredentials() == null) {
final String message = "Invalid backup configuration," + " source azureBlob credentials must be set when source type is azureBlob";
fail(message);
}
if (ImmutableList.of("s3Compatible", "gcs", "azureBlob").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getS3() != null) {
final String message = "Invalid backup configuration," + " source s3 must not be set when source type is " + storageType;
fail(message);
}
if (ImmutableList.of("s3", "gcs", "azureBlob").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getS3Compatible() != null) {
final String message = "Invalid backup configuration," + " source s3Compatible must not be set when source type is " + storageType;
fail(message);
}
if (ImmutableList.of("s3", "s3Compatible", "azureBlob").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getGcs() != null) {
final String message = "Invalid backup configuration," + " source gcs must not be set when source type is " + storageType;
fail(message);
}
if (ImmutableList.of("s3", "s3Compatible", "gcs").contains(storageType) && review.getRequest().getObject().getSpec().getStorage().getAzureBlob() != null) {
final String message = "Invalid backup configuration," + " source azureBlob must not be set when source type is " + storageType;
fail(message);
}
}
}
use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.
the class BlocklistValidator method validate.
@Override
public void validate(PgConfigReview review) throws ValidationFailed {
Operation operation = review.getRequest().getOperation();
if (operation == Operation.CREATE || operation == Operation.UPDATE) {
Map<String, String> confProperties = review.getRequest().getObject().getSpec().getPostgresqlConf();
String[] blocklistedProperties = confProperties.keySet().stream().filter(BLOCKLIST::contains).toArray(String[]::new);
int blocklistCount = blocklistedProperties.length;
if (blocklistCount > 0) {
throw new ValidationFailed("Invalid postgres configuration, properties: " + String.join(", ", blocklistedProperties) + " cannot be settled");
}
}
}
use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.
the class PgBouncerBlocklistValidator method validate.
@Override
public void validate(PoolingReview review) throws ValidationFailed {
Operation operation = review.getRequest().getOperation();
if (operation == Operation.CREATE || operation == Operation.UPDATE) {
var databases = review.getRequest().getObject().getSpec().getPgBouncer().getPgbouncerIni().getDatabases();
var users = review.getRequest().getObject().getSpec().getPgBouncer().getPgbouncerIni().getUsers();
Set<String> blocklistedProperties = new HashSet<>();
if (databases != null) {
Set<String> collect = databases.entrySet().stream().flatMap(t -> t.getValue().keySet().stream()).filter(BLOCKLIST::contains).collect(Collectors.toSet());
blocklistedProperties.addAll(collect);
}
if (users != null) {
Set<String> collect = users.entrySet().stream().flatMap(t -> t.getValue().keySet().stream()).filter(BLOCKLIST::contains).collect(Collectors.toSet());
blocklistedProperties.addAll(collect);
}
if (!blocklistedProperties.isEmpty()) {
throw new ValidationFailed("Invalid PgBouncer configuration, properties: [" + String.join(", ", blocklistedProperties) + "] cannot be set");
}
}
}
use of io.stackgres.operatorframework.admissionwebhook.Operation in project stackgres by ongres.
the class BackupConfigStorageValidator method validate.
@Override
public void validate(BackupConfigReview review) throws ValidationFailed {
Operation operation = review.getRequest().getOperation();
if (operation == Operation.CREATE || operation == Operation.UPDATE) {
String namespace = review.getRequest().getObject().getMetadata().getNamespace();
String storageType = review.getRequest().getObject().getSpec().getStorage().getType();
if (storageType.equals("s3") && review.getRequest().getObject().getSpec().getStorage().getS3() != null) {
AwsCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getS3().getAwsCredentials();
checkSecret(namespace, storageType, "accessKeyId", credentials.getSecretKeySelectors().getAccessKeyId());
checkSecret(namespace, storageType, "secretAccessKey", credentials.getSecretKeySelectors().getSecretAccessKey());
}
if (storageType.equals("s3compatible") && review.getRequest().getObject().getSpec().getStorage().getS3Compatible() != null) {
AwsCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getS3Compatible().getAwsCredentials();
checkSecret(namespace, storageType, "accessKeyId", credentials.getSecretKeySelectors().getAccessKeyId());
checkSecret(namespace, storageType, "secretAccessKey", credentials.getSecretKeySelectors().getSecretAccessKey());
}
if (storageType.equals("azureblob") && review.getRequest().getObject().getSpec().getStorage().getAzureBlob() != null) {
AzureBlobStorageCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getAzureBlob().getAzureCredentials();
checkSecret(namespace, storageType, "account", credentials.getSecretKeySelectors().getAccount());
checkSecret(namespace, storageType, "accessKey", credentials.getSecretKeySelectors().getAccessKey());
}
if (storageType.equals("gcs") && review.getRequest().getObject().getSpec().getStorage().getGcs() != null && review.getRequest().getObject().getSpec().getStorage().getGcs().getCredentials().getSecretKeySelectors() != null) {
GoogleCloudCredentials credentials = review.getRequest().getObject().getSpec().getStorage().getGcs().getCredentials();
checkSecret(namespace, storageType, "serviceAccountJsonKey", credentials.getSecretKeySelectors().getServiceAccountJsonKey());
}
}
}
Aggregations