feat: enable medium test webhooks

Jorres · Jorres · commit 4facf60a4473 · 2025-05-12T20:37:36.000+02:00
diff --git a/api/v1alpha1/storage_webhook.go b/api/v1alpha1/storage_webhook.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"fmt"
 	"math/rand"
+	"reflect"
+	"sort"
 
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/google/go-cmp/cmp"
@@ -443,6 +445,49 @@ func (r *Storage) ValidateUpdate(old runtime.Object) error {
 		return crdCheckError
 	}
 
+	if err := r.validateGrpcPorts(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (r *Storage) validateGrpcPorts() error {
+	servicePorts := []int32{}
+
+	firstPort := int32(GRPCPort)
+	if r.Spec.Service.GRPC.Port != 0 {
+		firstPort = r.Spec.Service.GRPC.Port
+	}
+	servicePorts = append(servicePorts, firstPort)
+	if r.Spec.Service.GRPC.AdditionalPort != 0 {
+		servicePorts = append(servicePorts, r.Spec.Service.GRPC.AdditionalPort)
+	}
+	configuration, err := ParseConfiguration(r.Spec.Configuration)
+	if err != nil {
+		return fmt.Errorf("failed to parse configuration immediately after building it, should not happen, %w", err)
+	}
+
+	configurationPorts := []int32{}
+	if configuration.GrpcConfig.Port != 0 {
+		configurationPorts = append(configurationPorts, configuration.GrpcConfig.Port)
+	}
+	if configuration.GrpcConfig.SslPort != 0 {
+		configurationPorts = append(configurationPorts, configuration.GrpcConfig.SslPort)
+	}
+
+	sort.Slice(servicePorts, func(i, j int) bool {
+		return servicePorts[i] < servicePorts[j]
+	})
+
+	sort.Slice(configurationPorts, func(i, j int) bool {
+		return configurationPorts[i] < configurationPorts[j]
+	})
+
+	if !reflect.DeepEqual(servicePorts, configurationPorts) {
+		return fmt.Errorf("grpc port mismatch: %v in spec.service.grpc, %v in YDB configuration", servicePorts, configurationPorts)
+	}
+
 	return nil
 }
 
diff --git a/internal/configuration/schema/configuration.go b/internal/configuration/schema/configuration.go
@@ -10,6 +10,7 @@ type Configuration struct {
 	DomainsConfig *DomainsConfig `yaml:"domains_config"`
 	Hosts         []Host         `yaml:"hosts,omitempty"`
 	KeyConfig     *KeyConfig     `yaml:"key_config,omitempty"`
+	GrpcConfig    *GrpcConfig    `yaml:"grpc_config,omitempty"`
 }
 
 type Metadata struct {
diff --git a/internal/configuration/schema/grpc.go b/internal/configuration/schema/grpc.go
@@ -0,0 +1,6 @@
+package schema
+
+type GrpcConfig struct {
+	Port    int32 `yaml:"port,omitempty"`
+	SslPort int32 `yaml:"ssl_port,omitempty"`
+}
diff --git a/internal/controllers/databasenodeset/controller_test.go b/internal/controllers/databasenodeset/controller_test.go
@@ -71,7 +71,7 @@ var _ = Describe("DatabaseNodeSet controller medium tests", func() {
 		}
 		Expect(k8sClient.Create(ctx, &namespace)).Should(Succeed())
 
-		storageSample = *testobjects.DefaultStorage(filepath.Join("..", "..", "..", "tests", "data", "storage-mirror-3-dc-config.yaml"))
+		storageSample = *testobjects.DefaultBlock42Storage(filepath.Join("..", "..", "..", "tests", "data", "storage-block-4-2-config.yaml"))
 		Expect(k8sClient.Create(ctx, &storageSample)).Should(Succeed())
 
 		By("checking that Storage created on local cluster...")
@@ -100,10 +100,11 @@ var _ = Describe("DatabaseNodeSet controller medium tests", func() {
 		}, test.Timeout, test.Interval).ShouldNot(HaveOccurred())
 
 		databaseSample = *testobjects.DefaultDatabase()
+		databaseSample.Spec.DatabaseNodeSpec.Nodes = 4
 		databaseSample.Spec.NodeSets = append(databaseSample.Spec.NodeSets, v1alpha1.DatabaseNodeSetSpecInline{
 			Name: testNodeSetName,
 			DatabaseNodeSpec: v1alpha1.DatabaseNodeSpec{
-				Nodes: 1,
+				Nodes: 4,
 			},
 		})
 
@@ -154,23 +155,23 @@ var _ = Describe("DatabaseNodeSet controller medium tests", func() {
 				v1alpha1.AnnotationUpdateStrategyOnDelete: "true",
 			}
 
-			foundDatabase.Spec.NodeSets = append(foundDatabase.Spec.NodeSets, v1alpha1.DatabaseNodeSetSpecInline{
+			foundDatabase.Spec.NodeSets = []v1alpha1.DatabaseNodeSetSpecInline{{
 				Name: testNodeSetName + "-labeled",
 				Labels: map[string]string{
 					testNodeSetLabel: "true",
 				},
 				DatabaseNodeSpec: v1alpha1.DatabaseNodeSpec{
-					Nodes: 1,
+					Nodes: 2,
 				},
-			})
+			}}
 
 			foundDatabase.Spec.NodeSets = append(foundDatabase.Spec.NodeSets, v1alpha1.DatabaseNodeSetSpecInline{
 				Name: testNodeSetName + "-annotated",
 				Annotations: map[string]string{
 					v1alpha1.AnnotationDataCenter: "envtest",
 				},
 				DatabaseNodeSpec: v1alpha1.DatabaseNodeSpec{
-					Nodes: 1,
+					Nodes: 2,
 				},
 			})
 
diff --git a/internal/controllers/storage/controller_test.go b/internal/controllers/storage/controller_test.go
@@ -7,6 +7,8 @@ import (
 	"strings"
 	"testing"
 
+	"gopkg.in/yaml.v3"
+
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	appsv1 "k8s.io/api/apps/v1"
@@ -315,6 +317,10 @@ var _ = Describe("Storage controller medium tests", func() {
 
 			storage.Spec.Service.GRPC.Port = 2137
 
+			configWithNewPorts, err := patchGRPCPortsInConfiguration(storage.Spec.Configuration, 2137, -1)
+			Expect(err).To(BeNil())
+			storage.Spec.Configuration = configWithNewPorts
+
 			Expect(k8sClient.Update(ctx, &storage)).Should(Succeed())
 
 			var svc corev1.Service
@@ -349,9 +355,13 @@ var _ = Describe("Storage controller medium tests", func() {
 				Namespace: testobjects.YdbNamespace,
 			}, &storage)).Should(Succeed())
 
-			storage.Spec.Service.GRPC.Port = 2135
+			storage.Spec.Service.GRPC.Port = v1alpha1.GRPCPort
 			storage.Spec.Service.GRPC.AdditionalPort = 2136
 
+			configWithNewPorts, err := patchGRPCPortsInConfiguration(storage.Spec.Configuration, 2135, 2136)
+			Expect(err).To(BeNil())
+			storage.Spec.Configuration = configWithNewPorts
+
 			Expect(k8sClient.Update(ctx, &storage)).Should(Succeed())
 
 			var svc corev1.Service
@@ -370,7 +380,7 @@ var _ = Describe("Storage controller medium tests", func() {
 
 				ports := svc.Spec.Ports
 				g.Expect(len(ports)).To(Equal(2), "expected 2 ports but got %d", len(ports))
-				g.Expect(ports[0].Port).To(Equal(int32(2135)))
+				g.Expect(ports[0].Port).To(Equal(int32(v1alpha1.GRPCPort)))
 				g.Expect(ports[0].Name).To(Equal(v1alpha1.GRPCServicePortName))
 				g.Expect(ports[1].Port).To(Equal(storage.Spec.Service.GRPC.AdditionalPort))
 				g.Expect(ports[1].Name).To(Equal(v1alpha1.GRPCServiceAdditionalPortName))
@@ -380,5 +390,52 @@ var _ = Describe("Storage controller medium tests", func() {
 				"Service %s/%s should eventually have proper ports", testobjects.YdbNamespace, serviceName,
 			)
 		})
+
+		By("Forbid to edit grpc ports, when out of sync with YDB config...", func() {
+			storage := v1alpha1.Storage{}
+			Expect(k8sClient.Get(ctx, types.NamespacedName{
+				Name:      testobjects.StorageName,
+				Namespace: testobjects.YdbNamespace,
+			}, &storage)).Should(Succeed())
+
+			storage.Spec.Service.GRPC.Port = v1alpha1.GRPCPort
+			By("Specify 2136 in manifest spec...")
+			storage.Spec.Service.GRPC.AdditionalPort = 2136
+
+			By("And then specify 2137 in manifest spec...")
+			configWithNewPorts, err := patchGRPCPortsInConfiguration(storage.Spec.Configuration, v1alpha1.GRPCPort, 2137)
+			Expect(err).To(BeNil())
+			storage.Spec.Configuration = configWithNewPorts
+
+			err = k8sClient.Update(ctx, &storage)
+			Expect(err).To(MatchError(ContainSubstring("grpc port mismatch")))
+		})
 	})
 })
+
+func patchGRPCPortsInConfiguration(in string, port, sslPort int) (string, error) {
+	m := make(map[string]interface{})
+	if err := yaml.Unmarshal([]byte(in), &m); err != nil {
+		return "", err
+	}
+
+	cfg, _ := m["grpc_config"].(map[string]interface{})
+	if cfg == nil {
+		cfg = make(map[string]interface{})
+	}
+
+	if sslPort != -1 {
+		cfg["ssl_port"] = sslPort
+	}
+	if port != -1 {
+		cfg["port"] = port
+	}
+	m["grpc_config"] = cfg
+
+	res, err := yaml.Marshal(m)
+	if err != nil {
+		return "", err
+	}
+
+	return string(res), nil
+}
diff --git a/internal/resources/storage_statefulset.go b/internal/resources/storage_statefulset.go
@@ -356,6 +356,38 @@ func (b *StorageStatefulSetBuilder) buildCaStorePatchingInitContainerVolumeMount
 	return volumeMounts
 }
 
+func (b *StorageStatefulSetBuilder) buildContainerPorts() []corev1.ContainerPort {
+	podPorts := []corev1.ContainerPort{{
+		Name: "grpc", ContainerPort: api.GRPCPort,
+	}, {
+		Name: "interconnect", ContainerPort: api.InterconnectPort,
+	}, {
+		Name: "status", ContainerPort: api.StatusPort,
+	}}
+
+	firstGRPCPort := corev1.ContainerPort{
+		Name:          "grpc",
+		ContainerPort: api.GRPCPort,
+	}
+
+	overrideGRPCPort := b.Spec.StorageClusterSpec.Service.GRPC.Port
+	if overrideGRPCPort != 0 {
+		firstGRPCPort.ContainerPort = overrideGRPCPort
+	}
+
+	podPorts = append(podPorts, firstGRPCPort)
+
+	additionalPort := b.Spec.StorageClusterSpec.Service.GRPC.AdditionalPort
+	if additionalPort != 0 {
+		podPorts = append(podPorts, corev1.ContainerPort{
+			Name:          "additional-grpc",
+			ContainerPort: additionalPort,
+		})
+	}
+
+	return podPorts
+}
+
 func (b *StorageStatefulSetBuilder) buildContainer() corev1.Container { // todo add init container for sparse files?
 	command, args := b.buildContainerArgs()
 	containerResources := corev1.ResourceRequirements{}
@@ -376,13 +408,7 @@ func (b *StorageStatefulSetBuilder) buildContainer() corev1.Container { // todo
 
 		SecurityContext: mergeSecurityContextWithDefaults(b.Spec.SecurityContext),
 
-		Ports: []corev1.ContainerPort{{
-			Name: "grpc", ContainerPort: api.GRPCPort,
-		}, {
-			Name: "interconnect", ContainerPort: api.InterconnectPort,
-		}, {
-			Name: "status", ContainerPort: api.StatusPort,
-		}},
+		Ports: b.buildContainerPorts(),
 
 		VolumeMounts: b.buildVolumeMounts(),
 		Resources:    containerResources,
diff --git a/internal/test/k8s_helpers.go b/internal/test/k8s_helpers.go
@@ -149,13 +149,20 @@ func SetupK8STestManager(testCtx *context.Context, k8sClient *client.Client, con
 
 	// FIXME: find a better way?
 	_, curfile, _, _ := runtime.Caller(0) //nolint:dogsled
+	webhookDir := filepath.Join(curfile, "..", "..", "..", "config", "webhook")
 	testEnv := &envtest.Environment{
 		CRDDirectoryPaths: []string{
 			filepath.Join(curfile, "..", "..", "..", "deploy", "ydb-operator", "crds"),
 			filepath.Join(filepath.Dir(curfile), "extra_crds"),
 		},
 		ErrorIfCRDPathMissing: true,
 		UseExistingCluster:    &useExistingCluster,
+		WebhookInstallOptions: envtest.WebhookInstallOptions{
+			Paths:               []string{webhookDir},
+			LocalServingHost:    "127.0.0.1",
+			LocalServingPort:    9443,
+			LocalServingCertDir: "",
+		},
 	}
 
 	BeforeSuite(func() {
@@ -174,6 +181,9 @@ func SetupK8STestManager(testCtx *context.Context, k8sClient *client.Client, con
 		mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 			MetricsBindAddress: "0",
 			Scheme:             scheme.Scheme,
+			Host:               testEnv.WebhookInstallOptions.LocalServingHost,
+			Port:               testEnv.WebhookInstallOptions.LocalServingPort,
+			CertDir:            testEnv.WebhookInstallOptions.LocalServingCertDir,
 		})
 		Expect(err).ToNot(HaveOccurred())
 
@@ -183,6 +193,11 @@ func SetupK8STestManager(testCtx *context.Context, k8sClient *client.Client, con
 			Expect(c.SetupWithManager(mgr)).To(Succeed())
 		}
 
+		// Setup webhooks
+		Expect((&v1alpha1.Storage{}).SetupWebhookWithManager(mgr)).To(Succeed())
+		Expect((&v1alpha1.Database{}).SetupWebhookWithManager(mgr)).To(Succeed())
+		Expect(v1alpha1.RegisterMonitoringValidatingWebhook(mgr, true)).To(Succeed())
+
 		go func() {
 			defer GinkgoRecover()
 			err = mgr.Start(ctx)
diff --git a/tests/data/storage-block-4-2-config.yaml b/tests/data/storage-block-4-2-config.yaml
diff --git a/tests/test-k8s-objects/objects.go b/tests/test-k8s-objects/objects.go

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ type Configuration struct {`
`10`	`10`	DomainsConfig *DomainsConfig `yaml:"domains_config"`
`11`	`11`	Hosts []Host `yaml:"hosts,omitempty"`
`12`	`12`	KeyConfig *KeyConfig `yaml:"key_config,omitempty"`
	`13`	+ GrpcConfig *GrpcConfig `yaml:"grpc_config,omitempty"`
`13`	`14`	`}`
`14`	`15`
`15`	`16`	`type Metadata struct {`