feat: implement validation webhook for serviceexport objects #442
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add validation webhook to check slice existence on cluster - Validate namespace is in onboarded application namespaces - Implement unified webhook handler for routing requests - Add comprehensive test coverage for all validation scenarios - Update serviceexport types with proper webhook annotations Fixes kubeslice#358 Signed-off-by: GitHub Copilot <noreply@github.com> Signed-off-by: Priyansh Saxena <130545865+Transcendental-Programmer@users.noreply.github.com>
Transcendental-Programmer
requested review from
Rahul-D78,
bharath-avesha,
gourishkb,
narmidm and
richiesebastian
as code owners
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
At the moment, there's no validation in place for
ServiceExportresources thereby meaning users can reference slices or namespaces that don't actually exist or aren't onboarded. This PR starts to address that by adding a validation webhook that runs on create/update and performs a couple of basic checks:This should prevent some common misconfigurations early on.
To support this, I added a unified webhook handler so we can route validation requests in one place (might help later if we add more webhooks). I also updated the
ServiceExporttypes with the necessary annotations.There’s a bit of test coverage now for the main paths valid/invalid slices, and valid/invalid namespaces. But might still need to flesh that out further depending on edge cases we hit.
No changes to existing behavior just validation layered on top. That said, this does introduce some tight coupling between the
ServiceExportlogic and slice state, so we may need to revisit that if we plan to cache slice data, or support partial validation in disconnected scenarios.Leaving this open for discussion especially interested in feedback around the validation strategy and whether this should eventually move server-side.
Fixes #358.