on.validate not triggered when updating a CR
cannibalisticcow opened this issue · comments
Keywords
Admission control validate
Problem
I'm looking to implement a validation on the spec for a custom CR, when I run the operator locally on startup the validate handler is hit, but it doesn't look like it goes in to the defined function, but also once the operator loops through all of the specified objects and is in an idle state, I then update one of the CR specs and it doesn't look like the on.validate is checked and it goes straight in to the on.update handler.
For reference I am debugging the code locally and connecting to a remote OKD cluster that the CRs are on.
Any advice would be greatly appreciated. Thank you.
An incredibly cut down version of the controller.
import kopf
from pydantic import ValidationError
import config
from managers import cluster_monitor_manager
@kopf.on.startup()
def configure(settings: kopf.OperatorSettings, **_):
settings.posting.enabled = False
settings.execution.max_workers = 1
settings.persistence.finalizer = config.FINALIZER
settings.persistence.progress_storage = kopf.MultiProgressStorage(
[
kopf.AnnotationsProgressStorage(prefix=config.PROGRESS_ANNOTATION),
StatusStorage(),
]
)
settings.admission.server = kopf.WebhookServer()
@kopf.on.validate(
config.GROUP, config.VERSION, config.KIND, field="spec", operation="UPDATE"
)
def validate(spec, **_):
raise kopf.AdmissionError("Testing!", code=400)
@kopf.on.create(config.GROUP, config.VERSION, config.KIND)
@kopf.on.update(config.GROUP, config.VERSION, config.KIND)
@kopf.on.resume(config.GROUP, config.VERSION, config.KIND)
def on_create_or_update(
name: str,
namespace: str,
spec,
status,
annotations,
logger,
patch,
**kwargs,
):
pass
Closing as I've worked out what I was doping wrong and how to get this working in an Openshift / OKD cluster.
When I have time I might write a small guide to help others.