new way of doin

2023-11-16 19:42:02 +10:00
parent 77ec717184
commit 1eaf295724
341 changed files with 19416 additions and 0 deletions
--- a/helm-charts/dashy/charts/common/templates/lib/webhook/_admissionReviewVersions.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/webhook/_admissionReviewVersions.tpl
@@ -0,0 +1,8 @@
+{{- define "tc.v1.common.lib.webhook.admissionReviewVersions" -}}
+  {{- $admissionReviewVersions := .admissionReviewVersions -}}
+  {{- $rootCtx := .rootCtx }}
+admissionReviewVersions:
+  {{- range $admissionReviewVersions }}
+  - {{ tpl . $rootCtx }}
+  {{- end -}}
+{{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/webhook/_clientConfig.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/webhook/_clientConfig.tpl
@@ -0,0 +1,22 @@
+{{- define "tc.v1.common.lib.webhook.clientConfig" -}}
+  {{- $clientConfig := .clientConfig -}}
+  {{- $rootCtx := .rootCtx }}
+clientConfig:
+  {{- if $clientConfig.caBundle }}
+  caBundle: {{ tpl $clientConfig.caBundle $rootCtx | quote }}
+  {{- end -}}
+  {{- if $clientConfig.url }}
+  url: {{ tpl $clientConfig.url $rootCtx | quote }}
+  {{- end -}}
+  {{- if $clientConfig.service }}
+  service:
+    name: {{ tpl $clientConfig.service.name $rootCtx }}
+    namespace: {{ tpl $clientConfig.service.namespace $rootCtx }}
+    {{- with $clientConfig.service.path }}
+    path: {{ tpl . $rootCtx | quote }}
+    {{- end -}}
+    {{- with $clientConfig.service.port }}
+    port: {{ tpl . $rootCtx }}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/webhook/_rules.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/webhook/_rules.tpl
@@ -0,0 +1,26 @@
+{{- define "tc.v1.common.lib.webhook.rules" -}}
+  {{- $rules := .rules -}}
+  {{- $rootCtx := .rootCtx }}
+rules:
+  {{- range $rule := $rules }}
+  - apiVersions:
+    {{- range $rule.apiVersions }}
+      - {{ tpl . $rootCtx | quote }}
+    {{- end }}
+    apiGroups:
+    {{- range $rule.apiGroups }}
+      - {{ tpl . $rootCtx | quote }}
+    {{- end }}
+    operations:
+    {{- range $rule.operations }}
+      - {{ tpl . $rootCtx | quote }}
+    {{- end }}
+    resources:
+    {{- range $rule.resources }}
+      - {{ tpl . $rootCtx | quote }}
+    {{- end -}}
+    {{- with $rule.scope }}
+    scope: {{ tpl . $rootCtx | quote }}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/webhook/_validation.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/webhook/_validation.tpl
@@ -0,0 +1,152 @@
+{{- define "tc.v1.common.lib.webhook.validation" -}}
+  {{- $objectData := .objectData -}}
+  {{- $rootCtx := .rootCtx -}}
+
+  {{- if not $objectData.type -}}
+    {{- fail (printf "Webhook - Expected <type> in <webhook.%v> to not be empty" $objectData.shortName) -}}
+  {{- end -}}
+
+  {{- $type := tpl $objectData.type $rootCtx -}}
+  {{- $types := (list "validating" "mutating") -}}
+  {{- if not (mustHas $type $types) -}}
+    {{- fail (printf "Webhook - Expected <type> in <webhook.%v> to be one of [%s], but got [%v]" $objectData.shortName (join ", " $types) $type) -}}
+  {{- end -}}
+
+  {{- if not $objectData.webhooks -}}
+    {{- fail (printf "Webhook - Expected <webhooks> in <webhook.%v> to not be empty" $objectData.shortName) -}}
+  {{- end -}}
+
+  {{- if not (kindIs "slice" $objectData.webhooks) -}}
+    {{- fail (printf "Webhook - Expected <webhooks> in <webhook.%v> to be a list, but got [%v]" $objectData.shortName (kindOf $objectData.webhooks)) -}}
+  {{- end -}}
+
+  {{- range $webhook := $objectData.webhooks -}}
+    {{- if not $webhook.name -}}
+      {{- fail (printf "Webhook - Expected <name> in <webhook.%v> to not be empty" $objectData.shortName) -}}
+    {{- end -}}
+
+    {{- $webhookName := tpl $webhook.name $rootCtx -}}
+
+    {{- if not $webhook.admissionReviewVersions -}}
+      {{- fail (printf "Webhook - Expected <admissionReviewVersions> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+    {{- end -}}
+
+    {{- range $adm := $webhook.admissionReviewVersions -}}
+      {{- if not (kindIs "string" $adm) -}}
+        {{- fail (printf "Webhook - Expected <admissionReviewVersions> in <webhook.%v.%v> to be a string" $objectData.shortName $webhookName) -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{- if not $webhook.clientConfig -}}
+      {{- fail (printf "Webhook - Expected <clientConfig> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+    {{- end -}}
+
+    {{- with $webhook.clientConfig -}}
+      {{- if and .url .service -}}
+        {{- fail (printf "Webhook - Expected either <url> or <service> in <webhook.%v.%v> to be defined, but got both" $objectData.shortName $webhookName) -}}
+      {{- end -}}
+
+      {{- $service := .service -}}
+
+      {{- if $service -}}
+        {{- if not $service.name -}}
+          {{- fail (printf "Webhook - Expected <service.name> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+        {{- end -}}
+
+        {{- if not $service.namespace -}}
+          {{- fail (printf "Webhook - Expected <service.namespace> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{- if not $webhook.rules -}}
+      {{- fail (printf "Webhook - Expected <rules> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+    {{- end -}}
+
+    {{- if not (kindIs "slice" $webhook.rules) -}}
+      {{- fail (printf "Webhook - Expected <rules> in <webhook.%v.%v> to be a list, but got [%v]" $objectData.shortName $webhookName (kindOf $webhook.rules)) -}}
+    {{- end -}}
+
+    {{- range $rule := $webhook.rules -}}
+      {{- if not $rule.apiGroups -}}
+        {{- fail (printf "Webhook - Expected <apiGroups> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+      {{- end -}}
+
+      {{- if not $rule.apiVersions -}}
+        {{- fail (printf "Webhook - Expected <apiVersions> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+      {{- end -}}
+
+      {{- if not $rule.operations -}}
+        {{- fail (printf "Webhook - Expected <operations> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+      {{- end -}}
+
+      {{- if not $rule.resources -}}
+        {{- fail (printf "Webhook - Expected <resources> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+      {{- end -}}
+
+      {{- $scopes := (list "Cluster" "Namespaced" "*") -}}
+      {{- with $rule.scope -}}
+        {{- $scope := tpl . $rootCtx -}}
+        {{- if not (mustHas $scope $scopes) -}}
+          {{- fail (printf "Webhook - Expected <scope> in <webhook.%v.%v> to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $scopes) $scope) -}}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{- with $webhook.failurePolicy -}}
+      {{- $policy := tpl . $rootCtx -}}
+      {{- $failPolicies := (list "Ignore" "Fail") -}}
+      {{- if not (mustHas $policy $failPolicies) -}}
+        {{- fail (printf "Webhook - Expected <failurePolicy> in <webhook.%v.%v> to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $failPolicies) $policy) -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{- with $webhook.matchPolicy -}}
+      {{- $policy := tpl . $rootCtx -}}
+      {{- $matchPolicies := (list "Exact" "Equivalent") -}}
+      {{- if not (mustHas $policy $matchPolicies) -}}
+        {{- fail (printf "Webhook - Expected <matchPolicy> in <webhook.%v.%v> to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $matchPolicies) $policy) -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{- if and (eq $type "validating") $webhook.reinvocationPolicy -}}
+      {{- fail (printf "Webhook - Expected [mutating] type in <webhook.%v.%v> when <reinvocationPolicy> is defined" $objectData.shortName $webhookName) -}}
+    {{- end -}}
+
+    {{- if and (eq $type "mutating") $webhook.reinvocationPolicy -}}
+      {{- $policy := tpl $webhook.reinvocationPolicy $rootCtx -}}
+      {{- $reinvPolicies := (list "Never" "IfNeeded") -}}
+      {{- if not (mustHas $policy $reinvPolicies) -}}
+        {{- fail (printf "Webhook - Expected <reinvocationPolicy> in <webhook.%v.%v> to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $reinvPolicies) $policy) -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{- with $webhook.sideEffects -}}
+      {{- $effect := tpl . $rootCtx -}}
+      {{- $sideEffects := (list "None" "NoneOnDryRun") -}}
+      {{- if not (mustHas $effect $sideEffects) -}}
+        {{- fail (printf "Webhook - Expected <sideEffects> in <webhook.%v.%v> to be one of [%s], but got [%v]" $objectData.shortName $webhookName (join ", " $sideEffects) $effect) -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{- if (hasKey $webhook "timeoutSeconds") -}}
+      {{- if (kindIs "invalid" $webhook.timeoutSeconds) -}}
+        {{- fail (printf "Webhook - Expected the defined key <timeoutSeconds> in <webhook.%v.%v> to not be empty" $objectData.shortName $webhookName) -}}
+      {{- end -}}
+
+      {{- if not (mustHas (kindOf $webhook.timeoutSeconds) (list "int" "int64" "float64")) -}}
+        {{- fail (printf "Webhook - Expected <timeoutSeconds> in <webhook.%v.%v> to be an integer, but got [%v]" $objectData.shortName $webhookName (kindOf $webhook.timeoutSeconds)) -}}
+      {{- end -}}
+
+      {{- if (lt (int $webhook.timeoutSeconds) 1) -}}
+        {{- fail (printf "Webhook - Expected <timeoutSeconds> in <webhook.%v.%v> to be greater than 0, but got [%v]" $objectData.shortName $webhookName $webhook.timeoutSeconds) -}}
+      {{- end -}}
+
+      {{- if (gt (int $webhook.timeoutSeconds) 30) -}}
+        {{- fail (printf "Webhook - Expected <timeoutSeconds> in <webhook.%v.%v> to be less than 30, but got [%v]" $objectData.shortName $webhookName $webhook.timeoutSeconds) -}}
+      {{- end -}}
+    {{- end -}}
+
+  {{- end -}}
+
+{{- end -}}
--- a/helm-charts/dashy/charts/common/templates/lib/webhook/_webhook.tpl
+++ b/helm-charts/dashy/charts/common/templates/lib/webhook/_webhook.tpl
@@ -0,0 +1,31 @@
+{{- define "tc.v1.common.lib.webhook" -}}
+  {{- $webhook := .webhook -}}
+  {{- $rootCtx := .rootCtx }}
+- name: {{ tpl $webhook.name $rootCtx }}
+  {{- with $webhook.failurePolicy }}
+  failurePolicy: {{ tpl . $rootCtx }}
+  {{- end -}}
+  {{- with $webhook.matchPolicy }}
+  matchPolicy: {{ tpl . $rootCtx }}
+  {{- end -}}
+  {{- with $webhook.reinvocationPolicy }}
+  reinvocationPolicy: {{ tpl . $rootCtx }}
+  {{- end -}}
+  {{- with $webhook.sideEffects }}
+  sideEffects: {{ tpl . $rootCtx }}
+  {{- end -}}
+  {{- with $webhook.timeoutSeconds }}
+  timeoutSeconds: {{ . }}
+  {{- end -}}
+  {{- include "tc.v1.common.lib.webhook.admissionReviewVersions" (dict "rootCtx" $rootCtx "admissionReviewVersions" $webhook.admissionReviewVersions) | trim | nindent 2 -}}
+  {{- include "tc.v1.common.lib.webhook.clientConfig" (dict "rootCtx" $rootCtx "clientConfig" $webhook.clientConfig) | trim | nindent 2 -}}
+  {{- include "tc.v1.common.lib.webhook.rules" (dict "rootCtx" $rootCtx "rules" $webhook.rules) | trim | nindent 2 -}}
+  {{- with $webhook.namespaceSelector }}
+  namespaceSelector:
+    {{- tpl (toYaml $webhook.namespaceSelector) $rootCtx | nindent 2 -}}
+  {{- end -}}
+  {{- with $webhook.objectSelector }}
+  objectSelector:
+    {{- tpl (toYaml $webhook.objectSelector) $rootCtx | nindent 2 -}}
+  {{- end -}}
+{{- end -}}