Defaulting to the latest tag if no tag was specified.

In the current code, we handle differently build/sign and deploying a
pre-built kmod.

This is the current behavior:
* If a `build`/`sign` section is set in the module, and the image tag
  isn't specified, then we will return an error.
* If there are no `build`/`sign` section, and the image tag isn't
  specified, then we will default to the `latest` tag.

This change is adjusting the behavior of both workflow to always default
to the `latest` image tag if it is not specified in the `Module`.

Signed-off-by: Yoni Bettan <[email protected]>

Author: ybettan

cmd/webhook-server/main.go

@@ -82,6 +82,10 @@ func main() {
 		if err = webhook.NewModuleValidator(logger).SetupWebhookWithManager(mgr); err != nil {
 			cmd.FatalError(setupLogger, err, "unable to create webhook", "webhook", "ModuleValidator")
 		}
+
+		if err = webhook.NewModuleDefaulter(logger).SetupWebhookWithManager(mgr); err != nil {
+			cmd.FatalError(setupLogger, err, "unable to create mutating webhook", "webhook", "ModuleDefaulter")
+		}
 	}
 
 	if enableManagedClusterModule {
@@ -90,6 +94,10 @@ func main() {
 		if err = hub.NewManagedClusterModuleValidator(logger).SetupWebhookWithManager(mgr); err != nil {
 			cmd.FatalError(setupLogger, err, "unable to create webhook", "webhook", "ManagedClusterModuleValidator")
 		}
+
+		if err = hub.NewManagedClusterModuleDefaulter(logger).SetupWebhookWithManager(mgr); err != nil {
+			cmd.FatalError(setupLogger, err, "unable to create mutating webhook", "webhook", "ManagedClusterModuleDefaulter")
+		}
 	}
 
 	if enableNamespaceDeletion {

config/webhook-hub/manifests.yaml

@@ -1,5 +1,31 @@
 ---
 apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-hub-kmm-sigs-x-k8s-io-v1beta1-managedclustermodule
+  failurePolicy: Fail
+  name: vmanageclustermodule.kb.io
+  rules:
+  - apiGroups:
+    - hub.kmm.sigs.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - managedclustermodules
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration

config/webhook/manifests.yaml

@@ -1,5 +1,31 @@
 ---
 apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-kmm-sigs-x-k8s-io-v1beta1-module
+  failurePolicy: Fail
+  name: vmodule.kb.io
+  rules:
+  - apiGroups:
+    - kmm.sigs.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - modules
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration

internal/webhook/hub/managedclustermodule_webhook.go renamed to internal/webhook/hub/managedclustermodule.go

@@ -0,0 +1,68 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package hub
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-logr/logr"
+	"github.com/kubernetes-sigs/kernel-module-management/api-hub/v1beta1"
+	kmmv1beta1 "github.com/kubernetes-sigs/kernel-module-management/api/v1beta1"
+	"github.com/kubernetes-sigs/kernel-module-management/internal/webhook"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+type ManagedClusterModuleDefaulter struct {
+	logger          logr.Logger
+	moduleDefaulter *webhook.ModuleDefaulter
+}
+
+func NewManagedClusterModuleDefaulter(logger logr.Logger) *ManagedClusterModuleDefaulter {
+	return &ManagedClusterModuleDefaulter{
+		logger:          logger,
+		moduleDefaulter: webhook.NewModuleDefaulter(logger),
+	}
+}
+
+func (mcmd *ManagedClusterModuleDefaulter) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	// controller-runtime will set the path to `mutate-<group>-<version>-<resource> so we
+	// need to make sure it is set correctly in the +kubebuilder annotation below.
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(&v1beta1.ManagedClusterModule{}).
+		WithDefaulter(mcmd).
+		Complete()
+}
+
+//+kubebuilder:webhook:path=/mutate-hub-kmm-sigs-x-k8s-io-v1beta1-managedclustermodule,mutating=true,failurePolicy=fail,sideEffects=None,groups=hub.kmm.sigs.x-k8s.io,resources=managedclustermodules,verbs=create;update,versions=v1beta1,name=vmanageclustermodule.kb.io,admissionReviewVersions=v1
+
+// Default implements webhook.Default so a webhook will be registered for the type
+func (mcmd *ManagedClusterModuleDefaulter) Default(ctx context.Context, obj runtime.Object) error {
+
+	mcm, ok := obj.(*v1beta1.ManagedClusterModule)
+	if !ok {
+		return fmt.Errorf("bad type for the object; expected %T, got %T", mcm, obj)
+	}
+
+	mcmd.logger.Info("Mutating ManagedClusterModule creation", "name", mcm.Name, "namespace", mcm.Namespace)
+
+	mod := &kmmv1beta1.Module{
+		Spec: mcm.Spec.ModuleSpec,
+	}
+	return mcmd.moduleDefaulter.Default(ctx, mod)
+}

internal/webhook/hub/managedclustermodule_mutator.go

@@ -0,0 +1,103 @@
+package hub
+
+import (
+	"context"
+
+	kmmhub "github.com/kubernetes-sigs/kernel-module-management/api-hub/v1beta1"
+	kmm "github.com/kubernetes-sigs/kernel-module-management/api/v1beta1"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = FDescribe("Default", func() {
+
+	var (
+		ctx  context.Context
+		mcmd *ManagedClusterModuleDefaulter
+	)
+
+	BeforeEach(func() {
+
+		mcmd = NewManagedClusterModuleDefaulter(GinkgoLogr)
+	})
+
+	It("should fail if it got the wrong type", func() {
+
+		err := mcmd.Default(ctx, nil)
+		Expect(err).To(HaveOccurred())
+	})
+
+	It("should default the container image tag to `latest`", func() {
+
+		mcm := kmmhub.ManagedClusterModule{
+			Spec: kmmhub.ManagedClusterModuleSpec{
+				ModuleSpec: kmm.ModuleSpec{
+					ModuleLoader: kmm.ModuleLoaderSpec{
+						Container: kmm.ModuleLoaderContainerSpec{
+							ContainerImage: "myregistry.com/org/image",
+						},
+					},
+				},
+			},
+		}
+
+		err := mcmd.Default(ctx, &mcm)
+		Expect(err).NotTo(HaveOccurred())
+		Expect(mcm.Spec.ModuleSpec.ModuleLoader.Container.ContainerImage).To(Equal("myregistry.com/org/image:latest"))
+	})
+
+	//It("should not default the container image tag to `latest` if a sha is speciied", func() {
+
+	//	mod := kmmv1beta1.Module{
+	//		Spec: kmmv1beta1.ModuleSpec{
+	//			ModuleLoader: kmmv1beta1.ModuleLoaderSpec{
+	//				Container: kmmv1beta1.ModuleLoaderContainerSpec{
+	//					ContainerImage: "myregistry.com/org/image@99999",
+	//				},
+	//			},
+	//		},
+	//	}
+
+	//	err := mcmd.Default(ctx, &mod)
+	//	Expect(err).NotTo(HaveOccurred())
+	//	Expect(mod.Spec.ModuleLoader.Container.ContainerImage).To(Equal("myregistry.com/org/image@99999"))
+	//})
+
+	//It("should not default the container image tag to `latest` if a tag is speciied", func() {
+
+	//	mod := kmmv1beta1.Module{
+	//		Spec: kmmv1beta1.ModuleSpec{
+	//			ModuleLoader: kmmv1beta1.ModuleLoaderSpec{
+	//				Container: kmmv1beta1.ModuleLoaderContainerSpec{
+	//					ContainerImage: "myregistry.com/org/image:mytag",
+	//				},
+	//			},
+	//		},
+	//	}
+
+	//	err := mcmd.Default(ctx, &mod)
+	//	Expect(err).NotTo(HaveOccurred())
+	//	Expect(mod.Spec.ModuleLoader.Container.ContainerImage).To(Equal("myregistry.com/org/image:mytag"))
+	//})
+
+	//It("should default the kernel-mappings image tags to `latest`", func() {
+
+	//	mod := kmmv1beta1.Module{
+	//		Spec: kmmv1beta1.ModuleSpec{
+	//			ModuleLoader: kmmv1beta1.ModuleLoaderSpec{
+	//				Container: kmmv1beta1.ModuleLoaderContainerSpec{
+	//					KernelMappings: []kmmv1beta1.KernelMapping{
+	//						{
+	//							ContainerImage: "myregistry.com/org/image",
+	//						},
+	//					},
+	//				},
+	//			},
+	//		},
+	//	}
+
+	//	err := mcmd.Default(ctx, &mod)
+	//	Expect(err).NotTo(HaveOccurred())
+	//	Expect(mod.Spec.ModuleLoader.Container.KernelMappings[0].ContainerImage).To(Equal("myregistry.com/org/image:latest"))
+	//})
+})

internal/webhook/hub/managedclustermodule_mutator_test.go

@@ -0,0 +1,13 @@
+package hub
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestSuite(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Webhook-Hub Suite")
+}

internal/webhook/hub/suite_test.go

@@ -0,0 +1,88 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package webhook
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/go-logr/logr"
+	kmmv1beta1 "github.com/kubernetes-sigs/kernel-module-management/api/v1beta1"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+const defaultTag = "latest"
+
+type ModuleDefaulter struct {
+	logger logr.Logger
+}
+
+func NewModuleDefaulter(logger logr.Logger) *ModuleDefaulter {
+	return &ModuleDefaulter{logger: logger}
+}
+
+func (md *ModuleDefaulter) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	// controller-runtime will set the path to `mutate-<group>-<version>-<resource> so we
+	// need to make sure it is set correctly in the +kubebuilder annotation below.
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(&kmmv1beta1.Module{}).
+		WithDefaulter(md).
+		Complete()
+}
+
+//+kubebuilder:webhook:path=/mutate-kmm-sigs-x-k8s-io-v1beta1-module,mutating=true,failurePolicy=fail,sideEffects=None,groups=kmm.sigs.x-k8s.io,resources=modules,verbs=create;update,versions=v1beta1,name=vmodule.kb.io,admissionReviewVersions=v1
+
+// Default implements webhook.Default so a webhook will be registered for the type
+func (md *ModuleDefaulter) Default(ctx context.Context, obj runtime.Object) error {
+
+	mod, ok := obj.(*kmmv1beta1.Module)
+	if !ok {
+		return fmt.Errorf("bad type for the object; expected %T, got %T", mod, obj)
+	}
+
+	md.logger.Info("Mutating Module creation", "name", mod.Name, "namespace", mod.Namespace)
+
+	setDefaultContainerImageTagIfNeeded(mod)
+	setDefaultKernelMappingTagsIfNeeded(mod)
+
+	return nil
+}
+
+func setDefaultContainerImageTagIfNeeded(mod *kmmv1beta1.Module) {
+
+	setDefaultTagIfNeeded(&mod.Spec.ModuleLoader.Container.ContainerImage)
+}
+
+func setDefaultKernelMappingTagsIfNeeded(mod *kmmv1beta1.Module) {
+
+	for i := range mod.Spec.ModuleLoader.Container.KernelMappings {
+		setDefaultTagIfNeeded(&mod.Spec.ModuleLoader.Container.KernelMappings[i].ContainerImage)
+	}
+}
+
+func setDefaultTagIfNeeded(image *string) {
+
+	if *image == "" {
+		return
+	}
+
+	if !strings.Contains(*image, ":") && !strings.Contains(*image, "@") {
+		*image = fmt.Sprintf("%s:%s", *image, defaultTag)
+	}
+}