diff --git a/api/policies/v1/admissionpolicy_webhook.go b/api/policies/v1/admissionpolicy_webhook.go index 02c45766..445c39d5 100644 --- a/api/policies/v1/admissionpolicy_webhook.go +++ b/api/policies/v1/admissionpolicy_webhook.go @@ -121,6 +121,13 @@ func (v *admissionPolicyValidator) ValidateUpdate(_ context.Context, oldObj, new } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (v *admissionPolicyValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (v *admissionPolicyValidator) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + admissionPolicy, ok := obj.(*AdmissionPolicy) + if !ok { + return nil, fmt.Errorf("expected an AdmissionPolicy object, got %T", obj) + } + + v.logger.Info("Validating AdmissionPolicy delete", "name", admissionPolicy.GetName()) + return nil, nil } diff --git a/api/policies/v1/admissionpolicy_webhook_test.go b/api/policies/v1/admissionpolicy_webhook_test.go index f0630ad5..1efef29a 100644 --- a/api/policies/v1/admissionpolicy_webhook_test.go +++ b/api/policies/v1/admissionpolicy_webhook_test.go @@ -22,6 +22,7 @@ import ( "github.com/stretchr/testify/require" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + corev1 "k8s.io/api/core/v1" "github.com/kubewarden/kubewarden-controller/internal/constants" ) @@ -178,3 +179,21 @@ func TestAdmissionPolicyValidateUpdateWithErrors(t *testing.T) { require.Error(t, err) assert.Empty(t, warnings) } + +func TestAdmissionPolicyValidateDelete(t *testing.T) { + validator := admissionPolicyValidator{logger: logr.Discard()} + policy := NewAdmissionPolicyFactory().Build() + + warnings, err := validator.ValidateDelete(context.Background(), policy) + require.NoError(t, err) + assert.Empty(t, warnings) +} + +func TestAdmissionPolicyValidateDeleteWithInvalidType(t *testing.T) { + validator := admissionPolicyValidator{logger: logr.Discard()} + obj := &corev1.Pod{} + + warnings, err := validator.ValidateDelete(context.Background(), obj) + require.ErrorContains(t, err, "expected an AdmissionPolicy object, got *v1.Pod") + assert.Empty(t, warnings) +} diff --git a/api/policies/v1/admissionpolicygroup_webhook.go b/api/policies/v1/admissionpolicygroup_webhook.go index 150b36a4..8dd4dbbf 100644 --- a/api/policies/v1/admissionpolicygroup_webhook.go +++ b/api/policies/v1/admissionpolicygroup_webhook.go @@ -124,6 +124,13 @@ func (v *admissionPolicyGroupValidator) ValidateUpdate(_ context.Context, oldObj } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (v *admissionPolicyGroupValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (v *admissionPolicyGroupValidator) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + admissionPolicyGroup, ok := obj.(*AdmissionPolicyGroup) + if !ok { + return nil, fmt.Errorf("expected an AdmissionPolicyGroup object, got %T", obj) + } + + v.logger.Info("Validating AdmissionPolicyGroup delete", "name", admissionPolicyGroup.GetName()) + return nil, nil } diff --git a/api/policies/v1/admissionpolicygroup_webhook_test.go b/api/policies/v1/admissionpolicygroup_webhook_test.go index 7a5e4a1f..1eff951c 100644 --- a/api/policies/v1/admissionpolicygroup_webhook_test.go +++ b/api/policies/v1/admissionpolicygroup_webhook_test.go @@ -23,6 +23,7 @@ import ( "github.com/stretchr/testify/require" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + corev1 "k8s.io/api/core/v1" "github.com/kubewarden/kubewarden-controller/internal/constants" ) @@ -179,3 +180,21 @@ func TestAdmissionPolicyGroupValidateUpdateWithErrors(t *testing.T) { require.Error(t, err) assert.Empty(t, warnings) } + +func TestAdmissionPolicyGroupValidateDelete(t *testing.T) { + validator := admissionPolicyGroupValidator{logger: logr.Discard()} + policy := NewAdmissionPolicyGroupFactory().Build() + + warnings, err := validator.ValidateDelete(context.Background(), policy) + require.NoError(t, err) + assert.Empty(t, warnings) +} + +func TestAdmissionPolicyGroupValidateDeleteWithInvalidType(t *testing.T) { + validator := admissionPolicyGroupValidator{logger: logr.Discard()} + obj := &corev1.Pod{} + + warnings, err := validator.ValidateDelete(context.Background(), obj) + require.ErrorContains(t, err, "expected an AdmissionPolicyGroup object, got *v1.Pod") + assert.Empty(t, warnings) +} diff --git a/api/policies/v1/clusteradmissionpolicy_webhook.go b/api/policies/v1/clusteradmissionpolicy_webhook.go index 0aa89cfe..8d7e3d97 100644 --- a/api/policies/v1/clusteradmissionpolicy_webhook.go +++ b/api/policies/v1/clusteradmissionpolicy_webhook.go @@ -126,6 +126,13 @@ func (v *clusterAdmissionPolicyValidator) ValidateUpdate(_ context.Context, oldO } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (v *clusterAdmissionPolicyValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (v *clusterAdmissionPolicyValidator) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + clusterAdmissionPolicy, ok := obj.(*ClusterAdmissionPolicy) + if !ok { + return nil, fmt.Errorf("expected a ClusterAdmissionPolicy object, got %T", obj) + } + + v.logger.Info("Validating ClusterAdmissionPolicy delete", "name", clusterAdmissionPolicy.GetName()) + return nil, nil } diff --git a/api/policies/v1/clusteradmissionpolicy_webhook_test.go b/api/policies/v1/clusteradmissionpolicy_webhook_test.go index f1b0aa4c..fec66e6b 100644 --- a/api/policies/v1/clusteradmissionpolicy_webhook_test.go +++ b/api/policies/v1/clusteradmissionpolicy_webhook_test.go @@ -23,6 +23,7 @@ import ( "github.com/stretchr/testify/require" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + corev1 "k8s.io/api/core/v1" "github.com/kubewarden/kubewarden-controller/internal/constants" ) @@ -179,3 +180,21 @@ func TestClusterAdmissionPolicyValidateUpdateWithErrors(t *testing.T) { require.Error(t, err) assert.Empty(t, warnings) } + +func TestClusterAdmissionPolicyValidateDelete(t *testing.T) { + validator := clusterAdmissionPolicyValidator{logger: logr.Discard()} + policy := NewClusterAdmissionPolicyFactory().Build() + + warnings, err := validator.ValidateDelete(context.Background(), policy) + require.NoError(t, err) + assert.Empty(t, warnings) +} + +func TestClusterAdmissionPolicyValidateDeleteWithInvalidType(t *testing.T) { + validator := clusterAdmissionPolicyValidator{logger: logr.Discard()} + obj := &corev1.Pod{} + + warnings, err := validator.ValidateDelete(context.Background(), obj) + require.ErrorContains(t, err, "expected a ClusterAdmissionPolicy object, got *v1.Pod") + assert.Empty(t, warnings) +} diff --git a/api/policies/v1/clusteradmissionpolicygroup_webhook.go b/api/policies/v1/clusteradmissionpolicygroup_webhook.go index c379b9ec..b4aa82ac 100644 --- a/api/policies/v1/clusteradmissionpolicygroup_webhook.go +++ b/api/policies/v1/clusteradmissionpolicygroup_webhook.go @@ -124,6 +124,13 @@ func (v *clusterAdmissionPolicyGroupValidator) ValidateUpdate(_ context.Context, } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (v *clusterAdmissionPolicyGroupValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (v *clusterAdmissionPolicyGroupValidator) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + clusterAdmissionPolicyGroup, ok := obj.(*ClusterAdmissionPolicyGroup) + if !ok { + return nil, fmt.Errorf("expected a ClusterAdmissionPolicyGroup object, got %T", obj) + } + + v.logger.Info("Validating ClusterAdmissionPolicyGroup delete", "name", clusterAdmissionPolicyGroup.GetName()) + return nil, nil } diff --git a/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go b/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go index 1f3aea03..0c6113e4 100644 --- a/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go +++ b/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go @@ -23,6 +23,7 @@ import ( "github.com/stretchr/testify/require" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + corev1 "k8s.io/api/core/v1" "github.com/kubewarden/kubewarden-controller/internal/constants" ) @@ -179,3 +180,21 @@ func TestClusterAdmissionPolicyGroupValidateUpdateWithErrors(t *testing.T) { require.Error(t, err) assert.Empty(t, warnings) } + +func TestClusterAdmissionPolicyGroupValidateDelete(t *testing.T) { + validator := clusterAdmissionPolicyGroupValidator{logger: logr.Discard()} + policy := NewClusterAdmissionPolicyGroupFactory().Build() + + warnings, err := validator.ValidateDelete(context.Background(), policy) + require.NoError(t, err) + assert.Empty(t, warnings) +} + +func TestClusteerAdmissionPolicyGroupValidateDeleteWithInvalidType(t *testing.T) { + validator := clusterAdmissionPolicyGroupValidator{logger: logr.Discard()} + obj := &corev1.Pod{} + + warnings, err := validator.ValidateDelete(context.Background(), obj) + require.ErrorContains(t, err, "expected a ClusterAdmissionPolicyGroup object, got *v1.Pod") + assert.Empty(t, warnings) +} diff --git a/api/policies/v1/policyserver_webhook.go b/api/policies/v1/policyserver_webhook.go index 1c6028d3..64a89b8a 100644 --- a/api/policies/v1/policyserver_webhook.go +++ b/api/policies/v1/policyserver_webhook.go @@ -120,7 +120,14 @@ func (v *policyServerValidator) ValidateUpdate(ctx context.Context, _, newObj ru } // ValdidaeDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (v *policyServerValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (v *policyServerValidator) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + policyServer, ok := obj.(*PolicyServer) + if !ok { + return nil, fmt.Errorf("expected a PolicyServer object, got %T", obj) + } + + v.logger.Info("Validating PolicyServer delete", "name", policyServer.GetName()) + return nil, nil }