13155111976

Committed 05 Feb 2025 10:17AM UTC coverage: 80.617% (-0.03%) from 80.646%

Build # 13155111976

Build Type

push

github

Committed by

web-flow

Commit Message

update go version (#504)

Run Details

14 of 16 new or added lines in 6 files covered. (87.5%)

7 existing lines in 2 files now uncovered.

2820 of 3498 relevant lines covered (80.62%)

0.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

73.91

/api/v1/servicebinding_validating_webhook.go

/*


Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1

import (
        "fmt"
        "reflect"
        "time"

        "github.com/SAP/sap-btp-service-operator/api/common"
        "k8s.io/apimachinery/pkg/runtime"
        ctrl "sigs.k8s.io/controller-runtime"
        logf "sigs.k8s.io/controller-runtime/pkg/log"
        "sigs.k8s.io/controller-runtime/pkg/webhook"
        "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// log is for logging in this package.
var servicebindinglog = logf.Log.WithName("servicebinding-resource")

func (sb *ServiceBinding) SetupWebhookWithManager(mgr ctrl.Manager) error {
        return ctrl.NewWebhookManagedBy(mgr).
                For(sb).
                Complete()
}

// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!

// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
// +kubebuilder:webhook:verbs=create;update,path=/validate-services-cloud-sap-com-v1-servicebinding,mutating=false,failurePolicy=fail,groups=services.cloud.sap.com,resources=servicebindings,versions=v1,name=vservicebinding.kb.io,sideEffects=None,admissionReviewVersions=v1beta1;v1

var _ webhook.Validator = &ServiceBinding{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (sb *ServiceBinding) ValidateCreate() (admission.Warnings, error) {
        servicebindinglog.Info("validate create", "name", sb.ObjectMeta.Name)
        if sb.Spec.CredRotationPolicy != nil {
                if err := sb.validateCredRotatingConfig(); err != nil {
                        return nil, err
                }
        }
        return nil, nil
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (sb *ServiceBinding) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
        servicebindinglog.Info("validate update", "name", sb.ObjectMeta.Name)
        if sb.Spec.CredRotationPolicy != nil {
                if err := sb.validateCredRotatingConfig(); err != nil {
                        return nil, err
                }
        }

        oldBinding := old.(*ServiceBinding)
        isStale := false
        if oldBinding.Labels != nil {
                if _, ok := oldBinding.Labels[common.StaleBindingIDLabel]; ok {
                        if sb.Spec.CredRotationPolicy.Enabled {
                                return nil, fmt.Errorf("enabling cred rotation for rotated binding is not allowed")
                        }
                        if !sb.validateRotationLabels(oldBinding) {
                                return nil, fmt.Errorf("modifying rotation labels is not allowed")
                        }
                        isStale = true
                }
        }

        specChanged := sb.specChanged(oldBinding)
        if specChanged && (sb.Status.BindingID != "" || isStale) {
                return nil, fmt.Errorf("updating service bindings is not supported")
        }
        return nil, nil
}

func (sb *ServiceBinding) validateRotationLabels(old *ServiceBinding) bool {
        if sb.ObjectMeta.Labels[common.StaleBindingIDLabel] != old.ObjectMeta.Labels[common.StaleBindingIDLabel] {
                return false
        }
        return sb.ObjectMeta.Labels[common.StaleBindingRotationOfLabel] == old.ObjectMeta.Labels[common.StaleBindingRotationOfLabel]
}

func (sb *ServiceBinding) specChanged(oldBinding *ServiceBinding) bool {
        oldSpec := oldBinding.Spec.DeepCopy()
        newSpec := sb.Spec.DeepCopy()

        //allow changing cred rotation config
        oldSpec.CredRotationPolicy = nil
        newSpec.CredRotationPolicy = nil

        //allow changing SecretTemplate
        oldSpec.SecretTemplate = ""
        newSpec.SecretTemplate = ""

        return !reflect.DeepEqual(oldSpec, newSpec)
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (sb *ServiceBinding) ValidateDelete() (admission.Warnings, error) {
        servicebindinglog.Info("validate delete", "name", sb.ObjectMeta.Name)

        // TODO(user): fill in your validation logic upon object deletion.
        return nil, nil
}

func (sb *ServiceBinding) validateCredRotatingConfig() error {
        _, err := time.ParseDuration(sb.Spec.CredRotationPolicy.RotatedBindingTTL)
        if err != nil {
                return err
        }
        _, err = time.ParseDuration(sb.Spec.CredRotationPolicy.RotationFrequency)
        if err != nil {
                return err
        }

        return nil
}

1	/*
2
3
4	Licensed under the Apache License, Version 2.0 (the "License");
5	you may not use this file except in compliance with the License.
6	You may obtain a copy of the License at
7
8	http://www.apache.org/licenses/LICENSE-2.0
9
10	Unless required by applicable law or agreed to in writing, software
11	distributed under the License is distributed on an "AS IS" BASIS,
12	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	See the License for the specific language governing permissions and
14	limitations under the License.
15	*/
16
17	package v1
18
19	import (
20	"fmt"
21	"reflect"
22	"time"
23
24	"github.com/SAP/sap-btp-service-operator/api/common"
25	"k8s.io/apimachinery/pkg/runtime"
26	ctrl "sigs.k8s.io/controller-runtime"
27	logf "sigs.k8s.io/controller-runtime/pkg/log"
28	"sigs.k8s.io/controller-runtime/pkg/webhook"
29	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
30	)
31
32	// log is for logging in this package.
33	var servicebindinglog = logf.Log.WithName("servicebinding-resource")
34
35	func (sb *ServiceBinding) SetupWebhookWithManager(mgr ctrl.Manager) error {	×
36	return ctrl.NewWebhookManagedBy(mgr).	×
37	For(sb).	×
38	Complete()	×
39	}	×
40
41	// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
42
43	// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
44	// +kubebuilder:webhook:verbs=create;update,path=/validate-services-cloud-sap-com-v1-servicebinding,mutating=false,failurePolicy=fail,groups=services.cloud.sap.com,resources=servicebindings,versions=v1,name=vservicebinding.kb.io,sideEffects=None,admissionReviewVersions=v1beta1;v1
45
46	var _ webhook.Validator = &ServiceBinding{}
47
48	// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
49	func (sb *ServiceBinding) ValidateCreate() (admission.Warnings, error) {	1✔
50	servicebindinglog.Info("validate create", "name", sb.ObjectMeta.Name)	1✔
51	if sb.Spec.CredRotationPolicy != nil {	2✔
52	if err := sb.validateCredRotatingConfig(); err != nil {	1✔
53	return nil, err	×
54	}	×
55	}
56	return nil, nil	1✔
57	}
58
59	// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
60	func (sb *ServiceBinding) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {	1✔
61	servicebindinglog.Info("validate update", "name", sb.ObjectMeta.Name)	1✔
62	if sb.Spec.CredRotationPolicy != nil {	2✔
63	if err := sb.validateCredRotatingConfig(); err != nil {	2✔
64	return nil, err	1✔
65	}	1✔
66	}
67
68	oldBinding := old.(*ServiceBinding)	1✔
69	isStale := false	1✔
70	if oldBinding.Labels != nil {	2✔
71	if _, ok := oldBinding.Labels[common.StaleBindingIDLabel]; ok {	2✔
72	if sb.Spec.CredRotationPolicy.Enabled {	2✔
73	return nil, fmt.Errorf("enabling cred rotation for rotated binding is not allowed")	1✔
74	}	1✔
75	if !sb.validateRotationLabels(oldBinding) {	×
76	return nil, fmt.Errorf("modifying rotation labels is not allowed")	×
77	}	×
78	isStale = true	×
79	}
80	}
81
82	specChanged := sb.specChanged(oldBinding)	1✔
83	if specChanged && (sb.Status.BindingID != "" \|\| isStale) {	2✔
84	return nil, fmt.Errorf("updating service bindings is not supported")	1✔
85	}	1✔
86	return nil, nil	1✔
87	}
88
89	func (sb ServiceBinding) validateRotationLabels(old ServiceBinding) bool {	×
NEW 90	if sb.ObjectMeta.Labels[common.StaleBindingIDLabel] != old.ObjectMeta.Labels[common.StaleBindingIDLabel] {	×
91	return false	×
92	}	×
NEW 93	return sb.ObjectMeta.Labels[common.StaleBindingRotationOfLabel] == old.ObjectMeta.Labels[common.StaleBindingRotationOfLabel]	×
94	}
95
96	func (sb ServiceBinding) specChanged(oldBinding ServiceBinding) bool {	1✔
97	oldSpec := oldBinding.Spec.DeepCopy()	1✔
98	newSpec := sb.Spec.DeepCopy()	1✔
99		1✔
100	//allow changing cred rotation config	1✔
101	oldSpec.CredRotationPolicy = nil	1✔
102	newSpec.CredRotationPolicy = nil	1✔
103		1✔
104	//allow changing SecretTemplate	1✔
105	oldSpec.SecretTemplate = ""	1✔
106	newSpec.SecretTemplate = ""	1✔
107		1✔
108	return !reflect.DeepEqual(oldSpec, newSpec)	1✔
109	}	1✔
110
111	// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
112	func (sb *ServiceBinding) ValidateDelete() (admission.Warnings, error) {	1✔
113	servicebindinglog.Info("validate delete", "name", sb.ObjectMeta.Name)	1✔
114		1✔
115	// TODO(user): fill in your validation logic upon object deletion.	1✔
116	return nil, nil	1✔
117	}	1✔
118
119	func (sb *ServiceBinding) validateCredRotatingConfig() error {	1✔
120	_, err := time.ParseDuration(sb.Spec.CredRotationPolicy.RotatedBindingTTL)	1✔
121	if err != nil {	2✔
122	return err	1✔
123	}	1✔
124	_, err = time.ParseDuration(sb.Spec.CredRotationPolicy.RotationFrequency)	1✔
125	if err != nil {	1✔
126	return err	×
127	}	×
128
129	return nil	1✔
130	}

SAP / sap-btp-service-operator / 13155111976

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous