validators

func CheckCRDResourceUniqueness ¶

func CheckCRDResourceUniqueness(rv1 *bundle.RegistryV1) []error

CheckCRDResourceUniqueness checks that the bundle CRD names are unique

func CheckConversionWebhookCRDReferenceUniqueness ¶

func CheckConversionWebhookCRDReferenceUniqueness(rv1 *bundle.RegistryV1) []error

CheckConversionWebhookCRDReferenceUniqueness checks no two (or more) conversion webhooks reference the same CRD.

func CheckConversionWebhookSupport ¶ added in v1.6.0

func CheckConversionWebhookSupport(rv1 *bundle.RegistryV1) []error

CheckConversionWebhookSupport checks that if the bundle cluster service version declares conversion webhook definitions, that the bundle also only supports AllNamespaces install mode. This keeps parity with OLMv0 behavior for conversion webhooks, https://github.com/operator-framework/operator-lifecycle-manager/blob/dfd0b2bea85038d3c0d65348bc812d297f16b8d2/pkg/controller/install/webhook.go#L193

func CheckConversionWebhooksReferenceOwnedCRDs ¶

func CheckConversionWebhooksReferenceOwnedCRDs(rv1 *bundle.RegistryV1) []error

CheckConversionWebhooksReferenceOwnedCRDs checks defined conversion webhooks reference bundle owned CRDs. Errors are sorted by webhook name and CRD name.

func CheckDeploymentNameIsDNS1123SubDomain ¶

func CheckDeploymentNameIsDNS1123SubDomain(rv1 *bundle.RegistryV1) []error

CheckDeploymentNameIsDNS1123SubDomain checks each deployment strategy spec name complies with the Kubernetes resource naming conversions

func CheckDeploymentSpecUniqueness ¶

func CheckDeploymentSpecUniqueness(rv1 *bundle.RegistryV1) []error

CheckDeploymentSpecUniqueness checks that each strategy deployment spec in the csv has a unique name. Errors are sorted by deployment name.

func CheckOwnedCRDExistence ¶

func CheckOwnedCRDExistence(rv1 *bundle.RegistryV1) []error

CheckOwnedCRDExistence checks bundle owned custom resource definitions declared in the csv exist in the bundle

func CheckPackageNameNotEmpty ¶

func CheckPackageNameNotEmpty(rv1 *bundle.RegistryV1) []error

CheckPackageNameNotEmpty checks that PackageName is not empty

func CheckWebhookDeploymentReferentialIntegrity ¶

func CheckWebhookDeploymentReferentialIntegrity(rv1 *bundle.RegistryV1) []error

CheckWebhookDeploymentReferentialIntegrity checks that each webhook definition in the csv references an existing strategy deployment spec. Errors are sorted by strategy deployment spec name, webhook type, and webhook name.

func CheckWebhookNameIsDNS1123SubDomain ¶

func CheckWebhookNameIsDNS1123SubDomain(rv1 *bundle.RegistryV1) []error

CheckWebhookNameIsDNS1123SubDomain checks each webhook configuration name complies with the Kubernetes resource naming conversions

func CheckWebhookNameUniqueness ¶

func CheckWebhookNameUniqueness(rv1 *bundle.RegistryV1) []error

CheckWebhookNameUniqueness checks that each webhook definition of each type (validating, mutating, or conversion) has a unique name. Webhooks of different types can have the same name. Errors are sorted by webhook type and name.

func CheckWebhookRules ¶ added in v1.6.0

func CheckWebhookRules(rv1 *bundle.RegistryV1) []error

CheckWebhookRules ensures webhook rules do not reference forbidden API groups or resources in line with OLMv0 behavior The following are forbidden, rules targeting:

• all API groups (i.e. '*')
• OLMv1 API group (i.e. 'olm.operatorframework.io')
• all resources under the 'admissionregistration.k8s.io' API group
• the 'ValidatingWebhookConfiguration' resource under the 'admissionregistration.k8s.io' API group
• the 'MutatingWebhookConfiguration' resource under the 'admissionregistration.k8s.io' API group

These boundaries attempt to reduce the blast radius of faulty webhooks and avoid deadlocks preventing the user from deleting OLMv1 resources installing and managing the faulty webhook, or deleting faulty admission webhook configurations. See https://github.com/operator-framework/operator-lifecycle-manager/blob/ccf0c4c91f1e7673e87f3a18947f9a1f88d48438/pkg/controller/install/webhook.go#L19 for more details