Fixed webhook and added webhook tests.

dranicu · dranicu · commit b2d8132da322 · 2025-06-27T09:17:57.000Z
diff --git a/api/v1beta2/ocimanagedcontrolplane_webhook.go b/api/v1beta2/ocimanagedcontrolplane_webhook.go
@@ -17,7 +17,6 @@ limitations under the License.
 package v1beta2
 
 import (
-	"github.com/oracle/oci-go-sdk/v65/common"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -58,7 +57,7 @@ func (c *OCIManagedControlPlane) ValidateCreate() (admission.Warnings, error) {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("Name"), c.Name, "Name cannot be more than 31 characters"))
 	}
 
-	if c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.IsOpenIdConnectAuthEnabled == *common.Bool(true) {
+	if c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig != nil && c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.IsOpenIdConnectAuthEnabled {
 		if c.Spec.ClusterType != EnhancedClusterType {
 			allErrs = append(allErrs, field.Invalid(field.NewPath("ClusterType"), c.Spec.ClusterType, "ClusterType needs to be set to ENHANCED_CLUSTER for OpenIdConnectTokenAuthenticationConfig to be enabled."))
 		}
diff --git a/api/v1beta2/ocimanagedcontrolplane_webhook_test.go b/api/v1beta2/ocimanagedcontrolplane_webhook_test.go
@@ -20,6 +20,8 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/oracle/oci-go-sdk/v65/common"
+
 	"github.com/onsi/gomega"
 	. "github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -79,6 +81,85 @@ func TestOCIManagedControlPlane_ValidateCreate(t *testing.T) {
 			},
 			expectErr: false,
 		},
+		{
+			name: "OpenIdConnectAuthEnabledWithValidConfig",
+			c: &OCIManagedControlPlane{
+				Spec: OCIManagedControlPlaneSpec{
+					ClusterType: EnhancedClusterType,
+					ClusterOption: ClusterOptions{
+						OpenIdConnectTokenAuthenticationConfig: &OpenIDConnectTokenAuthenticationConfig{
+							IsOpenIdConnectAuthEnabled: *common.Bool(true),
+							ClientId:                   common.String("client-id"),
+							IssuerUrl:                  common.String("issuer-url"),
+						},
+					},
+				},
+			},
+			expectErr: false,
+		},
+		{
+			name: "OpenIdConnectAuthEnabledWithInvalidClusterType",
+			c: &OCIManagedControlPlane{
+				Spec: OCIManagedControlPlaneSpec{
+					ClusterType: BasicClusterType,
+					ClusterOption: ClusterOptions{
+						OpenIdConnectTokenAuthenticationConfig: &OpenIDConnectTokenAuthenticationConfig{
+							IsOpenIdConnectAuthEnabled: *common.Bool(true),
+							ClientId:                   common.String("client-id"),
+							IssuerUrl:                  common.String("issuer-url"),
+						},
+					},
+				},
+			},
+			errorMgsShouldContain: "ClusterType needs to be set to ENHANCED_CLUSTER for OpenIdConnectTokenAuthenticationConfig to be enabled.",
+			expectErr:             true,
+		},
+		{
+			name: "OpenIdConnectAuthEnabledWithMissingClientId",
+			c: &OCIManagedControlPlane{
+				Spec: OCIManagedControlPlaneSpec{
+					ClusterType: EnhancedClusterType,
+					ClusterOption: ClusterOptions{
+						OpenIdConnectTokenAuthenticationConfig: &OpenIDConnectTokenAuthenticationConfig{
+							IsOpenIdConnectAuthEnabled: *common.Bool(true),
+							IssuerUrl:                  common.String("issuer-url"),
+						},
+					},
+				},
+			},
+			errorMgsShouldContain: "ClientId cannot be empty when OpenIdConnectAuth is enabled.",
+			expectErr:             true,
+		},
+		{
+			name: "OpenIdConnectAuthEnabledWithMissingIssuerUrl",
+			c: &OCIManagedControlPlane{
+				Spec: OCIManagedControlPlaneSpec{
+					ClusterType: EnhancedClusterType,
+					ClusterOption: ClusterOptions{
+						OpenIdConnectTokenAuthenticationConfig: &OpenIDConnectTokenAuthenticationConfig{
+							IsOpenIdConnectAuthEnabled: *common.Bool(true),
+							ClientId:                   common.String("client-id"),
+						},
+					},
+				},
+			},
+			errorMgsShouldContain: "IssuerUrl cannot be empty when OpenIdConnectAuth is enabled.",
+			expectErr:             true,
+		},
+		{
+			name: "OpenIdConnectAuthDisabled",
+			c: &OCIManagedControlPlane{
+				Spec: OCIManagedControlPlaneSpec{
+					ClusterType: BasicClusterType,
+					ClusterOption: ClusterOptions{
+						OpenIdConnectTokenAuthenticationConfig: &OpenIDConnectTokenAuthenticationConfig{
+							IsOpenIdConnectAuthEnabled: *common.Bool(false),
+						},
+					},
+				},
+			},
+			expectErr: false,
+		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
diff --git a/config/default/manager_image_patch.yaml b/config/default/manager_image_patch.yaml
@@ -8,5 +8,5 @@ spec:
     spec:
       containers:
         # Change the value of image field below to your controller image URL
-        - image: ghcr.io/oracle/cluster-api-oci-controller-amd64:dev
+        - image:  ghcr.io/oracle/cluster-api-oci-controller-amd64:dev
           name: manager

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@ limitations under the License.`
`17`	`17`	`package v1beta2`
`18`	`18`
`19`	`19`	`import (`
`20`		`- "github.com/oracle/oci-go-sdk/v65/common"`
`21`	`20`	`apierrors "k8s.io/apimachinery/pkg/api/errors"`
`22`	`21`	`"k8s.io/apimachinery/pkg/runtime"`
`23`	`22`	`"k8s.io/apimachinery/pkg/util/validation/field"`
`@@ -58,7 +57,7 @@ func (c *OCIManagedControlPlane) ValidateCreate() (admission.Warnings, error) {`
`58`	`57`	`allErrs = append(allErrs, field.Invalid(field.NewPath("Name"), c.Name, "Name cannot be more than 31 characters"))`
`59`	`58`	`}`
`60`	`59`
`61`		`- if c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.IsOpenIdConnectAuthEnabled == *common.Bool(true) {`
	`60`	`+ if c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig != nil && c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.IsOpenIdConnectAuthEnabled {`
`62`	`61`	`if c.Spec.ClusterType != EnhancedClusterType {`
`63`	`62`	`allErrs = append(allErrs, field.Invalid(field.NewPath("ClusterType"), c.Spec.ClusterType, "ClusterType needs to be set to ENHANCED_CLUSTER for OpenIdConnectTokenAuthenticationConfig to be enabled."))`
`64`	`63`	`}`