fix: move secretTemplate validations to validation package

Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
2021-07-30 12:49:20 +01:00 · 2021-07-30 12:49:20 +01:00 · 12363f91e2
commit 12363f91e2
parent 6e8f74b4f8
4 changed files with 21 additions and 16 deletions
--- a/pkg/controller/certificates/internal/secretsmanager/BUILD.bazel
+++ b/pkg/controller/certificates/internal/secretsmanager/BUILD.bazel
@ -17,10 +17,7 @@ go_library(
        "@com_sslmate_software_src_go_pkcs12//:go_default_library",
        "@io_k8s_api//core/v1:go_default_library",
        "@io_k8s_apimachinery//pkg/api/errors:go_default_library",
-        "@io_k8s_apimachinery//pkg/api/validation:go_default_library",
        "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
-        "@io_k8s_apimachinery//pkg/apis/meta/v1/validation:go_default_library",
-        "@io_k8s_apimachinery//pkg/util/validation/field:go_default_library",
        "@io_k8s_client_go//kubernetes:go_default_library",
        "@io_k8s_client_go//listers/core/v1:go_default_library",
    ],
--- a/pkg/controller/certificates/internal/secretsmanager/secret.go
+++ b/pkg/controller/certificates/internal/secretsmanager/secret.go
@ -25,13 +25,9 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/client-go/kubernetes"
 	corelisters "k8s.io/client-go/listers/core/v1"

-	metavalidation "k8s.io/apimachinery/pkg/api/validation"
-	v1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
-
 	apiutil "github.com/jetstack/cert-manager/pkg/api/util"
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
@ -225,15 +221,6 @@ func (s *SecretsManager) setValues(crt *cmapi.Certificate, secret *corev1.Secret
 	}

 	if crt.Spec.SecretTemplate != nil {
-		if err := v1validation.ValidateLabels(
-			crt.Spec.SecretTemplate.Labels, field.NewPath("spec", "SecretTemplate", "labels")); len(err) > 0 {
-			return fmt.Errorf("secretTemplate has invalid labels: %v", err)
-		}
-		if err := metavalidation.ValidateAnnotations(
-			crt.Spec.SecretTemplate.Annotations, field.NewPath("spec", "SecretTemplate", "annotations")); len(err) > 0 {
-			return fmt.Errorf("secretTemplate has invalid annotations: %v", err)
-		}
-
 		for k, v := range crt.Spec.SecretTemplate.Labels {
 			secret.Labels[k] = v
 		}
--- a/pkg/internal/apis/certmanager/validation/BUILD.bazel
+++ b/pkg/internal/apis/certmanager/validation/BUILD.bazel
@ -32,7 +32,9 @@ go_library(
        "@com_github_kr_pretty//:go_default_library",
        "@io_k8s_api//admission/v1:go_default_library",
        "@io_k8s_api//core/v1:go_default_library",
+        "@io_k8s_apimachinery//pkg/api/validation:go_default_library",
        "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
+        "@io_k8s_apimachinery//pkg/apis/meta/v1/validation:go_default_library",
        "@io_k8s_apimachinery//pkg/runtime:go_default_library",
        "@io_k8s_apimachinery//pkg/runtime/schema:go_default_library",
        "@io_k8s_apimachinery//pkg/util/validation/field:go_default_library",
--- a/pkg/internal/apis/certmanager/validation/certificate.go
+++ b/pkg/internal/apis/certmanager/validation/certificate.go
@ -22,6 +22,8 @@ import (
 	"net/mail"

 	admissionv1 "k8s.io/api/admission/v1"
+	apivalidation "k8s.io/apimachinery/pkg/api/validation"
+	metavalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"

@ -86,6 +88,15 @@ func ValidateCertificateSpec(crt *internalcmapi.CertificateSpec, fldPath *field.
 		el = append(el, field.Invalid(fldPath.Child("revisionHistoryLimit"), *crt.RevisionHistoryLimit, "must not be less than 1"))
 	}

+	if crt.SecretTemplate != nil {
+		if len(crt.SecretTemplate.Labels) > 0 {
+			el = append(el, validateSecretTemplateLabels(crt, fldPath)...)
+		}
+		if len(crt.SecretTemplate.Annotations) > 0 {
+			el = append(el, validateSecretTemplateAnnotations(crt, fldPath)...)
+		}
+	}
+
 	return el
 }

@ -165,6 +176,14 @@ func validateUsages(a *internalcmapi.CertificateSpec, fldPath *field.Path) field
 	return el
 }

+func validateSecretTemplateLabels(crt *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList {
+	return metavalidation.ValidateLabels(crt.SecretTemplate.Labels, fldPath.Child("secretTemplate", "labels"))
+}
+
+func validateSecretTemplateAnnotations(crt *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList {
+	return apivalidation.ValidateAnnotations(crt.SecretTemplate.Annotations, fldPath.Child("secretTemplate", "annotations"))
+}
+
 func ValidateDuration(crt *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList {
 	el := field.ErrorList{}