feat(webhook): dataset validation rules + tests

Author: Rajneesh180

pkg/webhook/handler/register.go

@@ -19,6 +19,7 @@ package handler
 import (
 	"github.com/fluid-cloudnative/fluid/pkg/common"
 	"github.com/fluid-cloudnative/fluid/pkg/webhook/handler/mutating"
+	"github.com/fluid-cloudnative/fluid/pkg/webhook/handler/validating"
 	"github.com/go-logr/logr"
 	"k8s.io/apimachinery/pkg/util/sets"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -41,7 +42,7 @@ var (
 
 func init() {
 	addHandlers(mutating.HandlerMap)
-	// addHandlers(validating.HandlerMap)
+	addHandlers(validating.HandlerMap)
 }
 
 // Register registers the handlers to the manager

pkg/webhook/handler/validating/validating_handler.go

@@ -1,43 +1,71 @@
 package validating
 
 import (
-    "context"
-    "encoding/json"
-    "net/http"
+	"context"
+	"encoding/json"
+	"net/http"
 
-    "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	v1alpha1 "github.com/fluid-cloudnative/fluid/api/v1alpha1"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // ValidatingHandler implements admission webhook for validating Fluid CRDs.
 type ValidatingHandler struct {
-    decoder *admission.Decoder
+	decoder *admission.Decoder
 }
 
 func NewValidatingHandler() *ValidatingHandler {
-    return &ValidatingHandler{}
+	return &ValidatingHandler{}
 }
 
 func (h *ValidatingHandler) Handle(ctx context.Context, req admission.Request) admission.Response {
-    // Generic validation: ensure object contains metadata.name
-    var obj map[string]interface{}
-    if err := json.Unmarshal(req.Object.Raw, &obj); err != nil {
-        return admission.Errored(http.StatusBadRequest, err)
-    }
-
-    metadata, ok := obj["metadata"].(map[string]interface{})
-    if !ok {
-        return admission.Denied("metadata.name is required")
-    }
-    name, ok := metadata["name"].(string)
-    if !ok || name == "" {
-        return admission.Denied("metadata.name is required")
-    }
-
-    // Passed basic validation
-    return admission.Allowed("validation passed")
+	// Try to decode into a known type (Dataset) when possible
+	var ds v1alpha1.Dataset
+	if h.decoder != nil {
+		if err := h.decoder.Decode(req, &ds); err == nil {
+			// Perform Dataset-specific validations
+			// Require either Mounts or Runtimes to be present
+			if len(ds.Spec.Mounts) == 0 && len(ds.Spec.Runtimes) == 0 {
+				return admission.Denied("dataset.spec must contain at least one mount or runtime")
+			}
+
+			// Validate mounts
+			for _, m := range ds.Spec.Mounts {
+				if m.MountPoint == "" {
+					return admission.Denied("mount.mountPoint must not be empty")
+				}
+			}
+
+			// Validate runtimes
+			for _, r := range ds.Spec.Runtimes {
+				if r.Name == "" || r.Namespace == "" {
+					return admission.Denied("runtime entries must include name and namespace")
+				}
+			}
+
+			return admission.Allowed("dataset validation passed")
+		}
+	}
+
+	// Fallback generic validation: ensure object contains metadata.name
+	var obj map[string]interface{}
+	if err := json.Unmarshal(req.Object.Raw, &obj); err != nil {
+		return admission.Errored(http.StatusBadRequest, err)
+	}
+
+	metadata, ok := obj["metadata"].(map[string]interface{})
+	if !ok {
+		return admission.Denied("metadata.name is required")
+	}
+	name, ok := metadata["name"].(string)
+	if !ok || name == "" {
+		return admission.Denied("metadata.name is required")
+	}
+
+	return admission.Allowed("validation passed")
 }
 
 func (h *ValidatingHandler) InjectDecoder(d *admission.Decoder) error {
-    h.decoder = d
-    return nil
+	h.decoder = d
+	return nil
 }

pkg/webhook/handler/validating/validating_handler_test.go

@@ -4,10 +4,13 @@ import (
 	"context"
 	"testing"
 
+	"encoding/json"
+
 	"github.com/stretchr/testify/assert"
 	admissionv1 "k8s.io/api/admission/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	v1alpha1 "github.com/fluid-cloudnative/fluid/api/v1alpha1"
 )
 
 func TestValidatingHandler_Basic(t *testing.T) {
@@ -30,3 +33,42 @@ func TestValidatingHandler_Basic(t *testing.T) {
 	assert.False(t, resp.Allowed)
 	assert.Contains(t, resp.Result.Message, "metadata.name is required")
 }
+
+func TestValidatingHandler_Dataset(t *testing.T) {
+	h := NewValidatingHandler()
+	// prepare decoder with scheme so that typed decoding works
+	scheme := runtime.NewScheme()
+	err := v1alpha1.AddToScheme(scheme)
+	if err != nil {
+		t.Fatalf("failed to add v1alpha1 to scheme: %v", err)
+	}
+	dec := admission.NewDecoder(scheme)
+	h.InjectDecoder(dec)
+
+	// Dataset missing mounts and runtimes -> denied
+	ds := &v1alpha1.Dataset{}
+	raw, _ := json.Marshal(ds)
+	req := admission.Request{
+		AdmissionRequest: admissionv1.AdmissionRequest{
+			Object: runtime.RawExtension{Raw: raw},
+		},
+	}
+	resp := h.Handle(context.Background(), req)
+	assert.False(t, resp.Allowed)
+
+	// Dataset with a valid mount -> allowed
+	ds = &v1alpha1.Dataset{}
+	ds.Spec.Mounts = []v1alpha1.Mount{{MountPoint: "/data"}}
+	raw, _ = json.Marshal(ds)
+	req.AdmissionRequest.Object.Raw = raw
+	resp = h.Handle(context.Background(), req)
+	assert.True(t, resp.Allowed)
+
+	// Dataset with invalid mount (too short) -> denied
+	ds = &v1alpha1.Dataset{}
+	ds.Spec.Mounts = []v1alpha1.Mount{{MountPoint: "abc"}}
+	raw, _ = json.Marshal(ds)
+	req.AdmissionRequest.Object.Raw = raw
+	resp = h.Handle(context.Background(), req)
+	assert.False(t, resp.Allowed)
+}