Documentation
¶
Index ¶
- func SetupWorkspaceWebhookWithManager(mgr ctrl.Manager, operatorSA string, maxWorkspacesPerUser int) error
- type WorkspaceCustomDefaulter
- type WorkspaceCustomValidator
- func (v *WorkspaceCustomValidator) ValidateCreate(ctx context.Context, ws *tenantv1alpha1.Workspace) (admission.Warnings, error)
- func (v *WorkspaceCustomValidator) ValidateDelete(ctx context.Context, ws *tenantv1alpha1.Workspace) (admission.Warnings, error)
- func (v *WorkspaceCustomValidator) ValidateUpdate(ctx context.Context, oldWorkspace, newWorkspace *tenantv1alpha1.Workspace) (admission.Warnings, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SetupWorkspaceWebhookWithManager ¶
func SetupWorkspaceWebhookWithManager(mgr ctrl.Manager, operatorSA string, maxWorkspacesPerUser int) error
SetupWorkspaceWebhookWithManager registers the webhook for Workspace in the manager. operatorSA is the full service account identity of the controller-manager (e.g. "system:serviceaccount:otterscale-system:tenant-operator-controller-manager") used to exempt the operator's own reconciliation updates from workspace-level authorization. maxWorkspacesPerUser limits the number of workspaces a regular user may administer; 0 disables quota enforcement.
Types ¶
type WorkspaceCustomDefaulter ¶
type WorkspaceCustomDefaulter struct{}
WorkspaceCustomDefaulter is responsible for setting default values on the Workspace resource during CREATE and UPDATE operations. It synchronizes member subjects as labels to enable external API label selectors (e.g., "find all workspaces a user belongs to").
NOTE: The +kubebuilder:object:generate=false marker prevents controller-gen from generating DeepCopy methods, as it is used only for temporary operations and does not need to be deeply copied.
func (*WorkspaceCustomDefaulter) Default ¶
func (d *WorkspaceCustomDefaulter) Default(ctx context.Context, ws *tenantv1alpha1.Workspace) error
Default implements admission.Defaulter[*tenantv1alpha1.Workspace] so a webhook will be registered for the Kind Workspace. It ensures that labels with the prefix "user.otterscale.io/" mirror the current member subjects, removing stale entries and preserving all other labels.
type WorkspaceCustomValidator ¶
type WorkspaceCustomValidator struct {
// OperatorSA is the full service account identity of the controller-manager.
// It is injected at startup so the operator works regardless of the namespace it is deployed in.
OperatorSA string
// MaxWorkspacesPerUser limits how many workspaces a regular user may
// administer. 0 disables quota enforcement.
MaxWorkspacesPerUser int
// Reader is used to look up ClusterRoleBindings and existing Workspaces.
Reader client.Reader
}
WorkspaceCustomValidator enforces workspace-level authorization on all mutating operations. Create requests require the caller to list themselves as an admin member and pass the per-user quota. Update and delete requests require workspace-admin (or cluster-level privileged) identity.
The authorization logic itself is kept in internal/workspace/ for testability; this validator is intentionally thin.
func (*WorkspaceCustomValidator) ValidateCreate ¶
func (v *WorkspaceCustomValidator) ValidateCreate(ctx context.Context, ws *tenantv1alpha1.Workspace) (admission.Warnings, error)
ValidateCreate ensures the requesting user is listed as an admin member of the new Workspace and has not exceeded the per-user workspace quota. Privileged callers (system:masters, operator SA, cluster-admin) bypass both checks.
func (*WorkspaceCustomValidator) ValidateDelete ¶
func (v *WorkspaceCustomValidator) ValidateDelete(ctx context.Context, ws *tenantv1alpha1.Workspace) (admission.Warnings, error)
ValidateDelete ensures only workspace admins (or privileged identities) can delete a Workspace.
func (*WorkspaceCustomValidator) ValidateUpdate ¶
func (v *WorkspaceCustomValidator) ValidateUpdate(ctx context.Context, oldWorkspace, newWorkspace *tenantv1alpha1.Workspace) (admission.Warnings, error)
ValidateUpdate ensures only workspace admins (or privileged identities) can modify an existing Workspace. The check uses oldObj so that a user cannot grant themselves admin and approve in the same request.
Source Files