Remove use of hardcoded system namespace from service template validator

k0rdent · Nov 8, 2024 · e91ed86 · e91ed86
1 parent 5684350
commit e91ed86
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 11 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -356,7 +356,7 @@ func setupWebhooks(mgr ctrl.Manager, currentNamespace string) error {
 		setupLog.Error(err, "unable to create webhook", "webhook", "ClusterTemplate")
 		return err
 	}
-	if err := (&hmcwebhook.ServiceTemplateValidator{}).SetupWebhookWithManager(mgr); err != nil {
+	if err := (&hmcwebhook.ServiceTemplateValidator{SystemNamespace: currentNamespace}).SetupWebhookWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create webhook", "webhook", "ServiceTemplate")
 		return err
 	}

diff --git a/internal/controller/multiclusterservice_controller.go b/internal/controller/multiclusterservice_controller.go
@@ -115,8 +115,8 @@ func (r *MultiClusterServiceReconciler) reconcileUpdate(ctx context.Context, mcs
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	// By using DefaultSystemNamespace we are enforcing that MultiClusterService
-	// may only use ServiceTemplates that are present in the system namespace.
+	// We are enforcing that MultiClusterService may only use
+	// ServiceTemplates that are present in the system namespace.
 	opts, err := helmChartOpts(ctx, r.Client, r.SystemNamespace, mcs.Spec.Services)
 	if err != nil {
 		return ctrl.Result{}, err

diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go
@@ -169,7 +169,7 @@ var _ = BeforeSuite(func() {
 	err = (&hmcwebhook.ClusterTemplateValidator{}).SetupWebhookWithManager(mgr)
 	Expect(err).NotTo(HaveOccurred())
 
-	err = (&hmcwebhook.ServiceTemplateValidator{}).SetupWebhookWithManager(mgr)
+	err = (&hmcwebhook.ServiceTemplateValidator{SystemNamespace: testSystemNamespace}).SetupWebhookWithManager(mgr)
 	Expect(err).NotTo(HaveOccurred())
 
 	err = (&hmcwebhook.ProviderTemplateValidator{}).SetupWebhookWithManager(mgr)

diff --git a/internal/webhook/template_webhook.go b/internal/webhook/template_webhook.go
@@ -27,7 +27,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"github.com/Mirantis/hmc/api/v1alpha1"
-	"github.com/Mirantis/hmc/internal/utils"
 )
 
 type ClusterTemplateValidator struct {
@@ -89,6 +88,7 @@ func (*ClusterTemplateValidator) Default(context.Context, runtime.Object) error
 
 type ServiceTemplateValidator struct {
 	client.Client
+	SystemNamespace string
 }
 
 func (v *ServiceTemplateValidator) SetupWebhookWithManager(mgr ctrl.Manager) error {
@@ -134,8 +134,8 @@ func (v *ServiceTemplateValidator) ValidateDelete(ctx context.Context, obj runti
 		return admission.Warnings{"The ServiceTemplate object can't be removed if ManagedCluster objects referencing it still exist"}, errTemplateDeletionForbidden
 	}
 
-	// MultiClusterServices can only refer to serviceTemplates in hmc-system namespace.
-	if tmpl.Namespace == utils.DefaultSystemNamespace {
+	// MultiClusterServices can only refer to serviceTemplates in system namespace.
+	if tmpl.Namespace == v.SystemNamespace {
 		multiSvcClusters := &v1alpha1.MultiClusterServiceList{}
 		if err := v.Client.List(ctx, multiSvcClusters,
 			client.MatchingFields{v1alpha1.ServicesTemplateKey: tmpl.Name},

diff --git a/internal/webhook/template_webhook_test.go b/internal/webhook/template_webhook_test.go
@@ -24,7 +24,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"github.com/Mirantis/hmc/api/v1alpha1"
-	"github.com/Mirantis/hmc/internal/utils"
 	"github.com/Mirantis/hmc/test/objects/managedcluster"
 	"github.com/Mirantis/hmc/test/objects/multiclusterservice"
 	"github.com/Mirantis/hmc/test/objects/template"
@@ -139,8 +138,8 @@ func TestServiceTemplateValidateDelete(t *testing.T) {
 			existingObjects: []runtime.Object{managedcluster.NewManagedCluster()},
 		},
 		{
-			title:    "should fail if a MultiClusterService is referencing serviceTemplate in hmc-system namespace",
-			template: template.NewServiceTemplate(template.WithNamespace(utils.DefaultSystemNamespace), template.WithName(tmpl.Name)),
+			title:    "should fail if a MultiClusterService is referencing serviceTemplate in system namespace",
+			template: template.NewServiceTemplate(template.WithNamespace(testSystemNamespace), template.WithName(tmpl.Name)),
 			existingObjects: []runtime.Object{
 				multiclusterservice.NewMultiClusterService(
 					multiclusterservice.WithName("mymulticlusterservice"),
@@ -163,7 +162,7 @@ func TestServiceTemplateValidateDelete(t *testing.T) {
 				WithIndex(&v1alpha1.ManagedCluster{}, v1alpha1.ServicesTemplateKey, v1alpha1.ExtractServiceTemplateFromManagedCluster).
 				WithIndex(&v1alpha1.MultiClusterService{}, v1alpha1.ServicesTemplateKey, v1alpha1.ExtractServiceTemplateFromMultiClusterService).
 				Build()
-			validator := &ServiceTemplateValidator{Client: c}
+			validator := &ServiceTemplateValidator{Client: c, SystemNamespace: testSystemNamespace}
 			warn, err := validator.ValidateDelete(ctx, tt.template)
 			if tt.err != "" {
 				g.Expect(err).To(MatchError(tt.err))