validate cross-referenced parameters

Author: limak9182

cmd/main.go

@@ -21,6 +21,7 @@ import (
 	"crypto/tls"
 	"flag"
 	"fmt"
+	"maps"
 	"os"
 	"path/filepath"
 	"time"
@@ -42,6 +43,7 @@ import (
 
 	"go.uber.org/zap/zapcore"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
@@ -329,10 +331,14 @@ func main() {
 			}
 		}
 
+		validators := make(map[schema.GroupVersionResource]validation.Validator, len(validation.DefaultValidators))
+		maps.Copy(validators, validation.DefaultValidators)
+		validation.RegisterPostgresClusterCrossValidation(validators, mgr.GetAPIReader())
+
 		webhookServer := validation.NewWebhookServer(validation.WebhookServerOptions{
 			Port:         9443,
 			CertDir:      "/tmp/k8s-webhook-server/serving-certs",
-			Validators:   validation.DefaultValidators,
+			Validators:   validators,
 			ReadTimeout:  readTimeout,
 			WriteTimeout: writeTimeout,
 		})

pkg/splunk/enterprise/validation/postgrescluster_validation.go

@@ -17,14 +17,18 @@ limitations under the License.
 package validation
 
 import (
+	"context"
+	"strconv"
+
 	"k8s.io/apimachinery/pkg/util/validation/field"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	enterpriseApi "github.com/splunk/splunk-operator/api/v4"
 	hba "github.com/splunk/splunk-operator/pkg/postgresql/cluster/core"
 )
 
 // ValidatePostgresClusterCreate validates a PostgresCluster on CREATE.
-func ValidatePostgresClusterCreate(obj *enterpriseApi.PostgresCluster) field.ErrorList {
+func ValidatePostgresClusterCreate(obj *enterpriseApi.PostgresCluster, reader client.Reader) field.ErrorList {
 	var allErrs field.ErrorList
 
 	if len(obj.Spec.PgHBA) > 0 {
@@ -36,12 +40,16 @@ func ValidatePostgresClusterCreate(obj *enterpriseApi.PostgresCluster) field.Err
 		}
 	}
 
+	if reader != nil {
+		allErrs = append(allErrs, validateAgainstClass(obj, reader)...)
+	}
+
 	return allErrs
 }
 
 // ValidatePostgresClusterUpdate validates a PostgresCluster on UPDATE.
-func ValidatePostgresClusterUpdate(obj, oldObj *enterpriseApi.PostgresCluster) field.ErrorList {
-	return ValidatePostgresClusterCreate(obj)
+func ValidatePostgresClusterUpdate(obj, oldObj *enterpriseApi.PostgresCluster, reader client.Reader) field.ErrorList {
+	return ValidatePostgresClusterCreate(obj, reader)
 }
 
 // GetPostgresClusterWarningsOnCreate returns warnings for PostgresCluster CREATE.
@@ -53,3 +61,97 @@ func GetPostgresClusterWarningsOnCreate(obj *enterpriseApi.PostgresCluster) []st
 func GetPostgresClusterWarningsOnUpdate(obj, oldObj *enterpriseApi.PostgresCluster) []string {
 	return nil
 }
+
+func validateAgainstClass(obj *enterpriseApi.PostgresCluster, reader client.Reader) field.ErrorList {
+	var allErrs field.ErrorList
+
+	class := &enterpriseApi.PostgresClusterClass{}
+	if err := reader.Get(context.Background(), client.ObjectKey{Name: obj.Spec.Class}, class); err != nil {
+		allErrs = append(allErrs, field.Invalid(
+			field.NewPath("spec").Child("class"),
+			obj.Spec.Class,
+			"referenced PostgresClusterClass not found"))
+		return allErrs
+	}
+
+	classConfig := class.Spec.Config
+
+	// Merge completeness: after overlaying cluster on class, instances/postgresVersion/storage must be resolved
+	mergedInstances := obj.Spec.Instances
+	mergedVersion := obj.Spec.PostgresVersion
+	mergedStorage := obj.Spec.Storage
+	if classConfig != nil {
+		if mergedInstances == nil {
+			mergedInstances = classConfig.Instances
+		}
+		if mergedVersion == nil {
+			mergedVersion = classConfig.PostgresVersion
+		}
+		if mergedStorage == nil {
+			mergedStorage = classConfig.Storage
+		}
+	}
+	specPath := field.NewPath("spec")
+	if mergedInstances == nil {
+		allErrs = append(allErrs, field.Required(specPath.Child("instances"),
+			"must be set in PostgresCluster or PostgresClusterClass"))
+	}
+	if mergedVersion == nil {
+		allErrs = append(allErrs, field.Required(specPath.Child("postgresVersion"),
+			"must be set in PostgresCluster or PostgresClusterClass"))
+	}
+	if mergedStorage == nil {
+		allErrs = append(allErrs, field.Required(specPath.Child("storage"),
+			"must be set in PostgresCluster or PostgresClusterClass"))
+	}
+
+	if classConfig == nil {
+		return allErrs
+	}
+
+	// Storage: cluster cannot be lower than class
+	if obj.Spec.Storage != nil && classConfig.Storage != nil {
+		if obj.Spec.Storage.Cmp(*classConfig.Storage) < 0 {
+			allErrs = append(allErrs, field.Invalid(
+				field.NewPath("spec").Child("storage"),
+				obj.Spec.Storage.String(),
+				"storage cannot be lower than class default ("+classConfig.Storage.String()+")"))
+		}
+	}
+
+	// PostgresVersion: cluster major version cannot be lower than class
+	if obj.Spec.PostgresVersion != nil && classConfig.PostgresVersion != nil {
+		clusterMajor := parseMajorVersion(*obj.Spec.PostgresVersion)
+		classMajor := parseMajorVersion(*classConfig.PostgresVersion)
+		if clusterMajor > 0 && classMajor > 0 && clusterMajor < classMajor {
+			allErrs = append(allErrs, field.Invalid(
+				field.NewPath("spec").Child("postgresVersion"),
+				*obj.Spec.PostgresVersion,
+				"postgresVersion cannot be lower than class default ("+*classConfig.PostgresVersion+")"))
+		}
+	}
+
+	// ConnectionPoolerEnabled: cannot enable if class disables
+	if obj.Spec.ConnectionPoolerEnabled != nil && *obj.Spec.ConnectionPoolerEnabled {
+		classDisabled := classConfig.ConnectionPoolerEnabled == nil || !*classConfig.ConnectionPoolerEnabled
+		if classDisabled {
+			allErrs = append(allErrs, field.Invalid(
+				field.NewPath("spec").Child("connectionPoolerEnabled"),
+				true,
+				"connectionPoolerEnabled cannot be enabled when disabled in PostgresClusterClass"))
+		}
+	}
+
+	return allErrs
+}
+
+func parseMajorVersion(version string) int {
+	for i, ch := range version {
+		if ch == '.' {
+			v, _ := strconv.Atoi(version[:i])
+			return v
+		}
+	}
+	v, _ := strconv.Atoi(version)
+	return v
+}