Added validations to reject invalid spec

VershaAgrawal · VershaAgrawal · commit 1b67782c6cf0 · 2025-12-09T14:27:26.000+05:30
Signed-off-by: VershaAgrawal &lt;vershaagrawal98@gmail.com&gt;
diff --git a/pkg/admission/test/unit/admission_unit_test.go b/pkg/admission/test/unit/admission_unit_test.go
@@ -33,6 +33,31 @@ var _ = Describe("BackingStore admission unit tests", func() {
 
 	Describe("Validate create operations", func() {
 		Describe("General backingstore validations", func() {
+			Context("Invalid spec for declared type", func() {
+				It("Should Deny", func() {
+					bs.Spec = nbv1.BackingStoreSpec{
+						Type: nbv1.StoreTypeAWSS3,
+					}
+					err = validations.ValidateBSInValidSpec(*bs)
+					Ω(err).Should(HaveOccurred())
+					Expect(err.Error()).To(Equal("AWSS3 spec must be provided for aws-s3 type BackingStore"))
+				})
+				It("Should Allow", func() {
+					bs.Spec = nbv1.BackingStoreSpec{
+						Type: nbv1.StoreTypeAWSS3,
+						AWSS3: &nbv1.AWSS3Spec{
+							TargetBucket: "some-target-bucket",
+							Secret: corev1.SecretReference{
+								Name:      "secret-name",
+								Namespace: "test",
+							},
+						},
+					}
+					err = validations.ValidateBSInValidSpec(*bs)
+					Ω(err).ShouldNot(HaveOccurred())
+				})
+			})
+
 			Context("Empty secret name", func() {
 				It("Should Deny", func() {
 					bs.Spec = nbv1.BackingStoreSpec{
@@ -384,6 +409,31 @@ var _ = Describe("NamespaceStore admission unit tests", func() {
 
 	Describe("Validate create operations", func() {
 		Describe("General namespacestore validations", func() {
+			Context("Invalid spec for declared type", func() {
+				It("Should Deny", func() {
+					ns.Spec = nbv1.NamespaceStoreSpec{
+						Type: nbv1.NSStoreTypeAWSS3,
+					}
+					err = validations.ValidateNSInValidSpec(*ns)
+					Ω(err).Should(HaveOccurred())
+					Expect(err.Error()).To(Equal("AWSS3 spec must be provided for aws-s3 type Namespacestore"))
+				})
+				It("Should Allow", func() {
+					ns.Spec = nbv1.NamespaceStoreSpec{
+						Type: nbv1.NSStoreTypeAWSS3,
+						AWSS3: &nbv1.AWSS3Spec{
+							TargetBucket: "some-target-bucket",
+							Secret: corev1.SecretReference{
+								Name:      "secret-name",
+								Namespace: "test",
+							},
+						},
+					}
+					err = validations.ValidateNSInValidSpec(*ns)
+					Ω(err).ShouldNot(HaveOccurred())
+				})
+			})
+
 			Context("Empty secret name", func() {
 				It("Should Deny", func() {
 					ns.Spec = nbv1.NamespaceStoreSpec{
diff --git a/pkg/validations/backingstore_validations.go b/pkg/validations/backingstore_validations.go
@@ -18,6 +18,11 @@ const (
 
 // ValidateBackingStore validates create validations on resource Backinstore
 func ValidateBackingStore(bs nbv1.BackingStore) error {
+	//Ensure that the Spec contains the expected sub-spec for the declared type
+	if err := ValidateBSInValidSpec(bs); err != nil {
+		return err
+	}
+
 	if err := ValidateBSEmptySecretName(bs); err != nil {
 		return err
 	}
@@ -52,6 +57,41 @@ func ValidateBackingStore(bs nbv1.BackingStore) error {
 	return nil
 }
 
+// ValidateBSInValidSpec validates that the backingstore spec contains the expected sub-spec for the declared type
+func ValidateBSInValidSpec(bs nbv1.BackingStore) error {
+	switch bs.Spec.Type {
+	case nbv1.StoreTypeAWSS3:
+		if bs.Spec.AWSS3 == nil {
+			return util.ValidationError{Msg: "AWSS3 spec must be provided for aws-s3 type BackingStore"}
+		}
+	case nbv1.StoreTypeS3Compatible:
+		if bs.Spec.S3Compatible == nil {
+			return util.ValidationError{Msg: "S3Compatible spec must be provided for s3-compatible type BackingStore"}
+		}
+	case nbv1.StoreTypeIBMCos:
+		if bs.Spec.IBMCos == nil {
+			return util.ValidationError{Msg: "IBMCos spec must be provided for ibm-cos type BackingStore"}
+		}
+	case nbv1.StoreTypeAzureBlob:
+		if bs.Spec.AzureBlob == nil {
+			return util.ValidationError{Msg: "AzureBlob spec must be provided for azure-blob type BackingStore"}
+		}
+	case nbv1.StoreTypeGoogleCloudStorage:
+		if bs.Spec.GoogleCloudStorage == nil {
+			return util.ValidationError{Msg: "GoogleCloudStorage spec must be provided for google-cloud-storage type BackingStore"}
+		}
+	case nbv1.StoreTypePVPool:
+		if bs.Spec.PVPool == nil {
+			return util.ValidationError{Msg: "PVPool spec must be provided for pv-pool type BackingStore"}
+		}
+	default:
+		return util.ValidationError{
+			Msg: "Invalid Backingstore type, please provide a valid Backingstore type",
+		}
+	}
+	return nil
+}
+
 // ValidateBSEmptySecretName validates a secret name is provided for cloud backingstores
 func ValidateBSEmptySecretName(bs nbv1.BackingStore) error {
 	switch bs.Spec.Type {
diff --git a/pkg/validations/namespacestore_validations.go b/pkg/validations/namespacestore_validations.go
@@ -19,6 +19,11 @@ const (
 
 // ValidateNamespaceStore validates namespacestore configuration
 func ValidateNamespaceStore(nsStore *nbv1.NamespaceStore) error {
+	// ensure that the Spec contains the expected sub-spec for the declared type
+	if err := ValidateNSInValidSpec(*nsStore); err != nil {
+		return err
+	}
+
 	if err := ValidateNSEmptySecretName(*nsStore); err != nil {
 		return err
 	}
@@ -52,6 +57,47 @@ func ValidateNamespaceStore(nsStore *nbv1.NamespaceStore) error {
 	}
 }
 
+// ValidateNSInValidSpec ensures that the namespacestore spec contains the expected sub-spec for the declared type
+func ValidateNSInValidSpec(nsStore nbv1.NamespaceStore) error {
+	switch nsStore.Spec.Type {
+
+	case nbv1.NSStoreTypeNSFS:
+		if nsStore.Spec.NSFS == nil {
+			return util.ValidationError{Msg: "NSFS spec must be provided for nsfs type Namespacestore"}
+		}
+
+	case nbv1.NSStoreTypeAWSS3:
+		if nsStore.Spec.AWSS3 == nil {
+			return util.ValidationError{Msg: "AWSS3 spec must be provided for aws-s3 type Namespacestore"}
+		}
+
+	case nbv1.NSStoreTypeS3Compatible:
+		if nsStore.Spec.S3Compatible == nil {
+			return util.ValidationError{Msg: "S3Compatible spec must be provided for s3-compatible type Namespacestore"}
+		}
+
+	case nbv1.NSStoreTypeIBMCos:
+		if nsStore.Spec.IBMCos == nil {
+			return util.ValidationError{Msg: "IBMCos spec must be provided for ibm-cos type Namespacestore"}
+		}
+
+	case nbv1.NSStoreTypeAzureBlob:
+		if nsStore.Spec.AzureBlob == nil {
+			return util.ValidationError{Msg: "AzureBlob spec must be provided for azure-blob type Namespacestore"}
+		}
+
+	case nbv1.NSStoreTypeGoogleCloudStorage:
+		if nsStore.Spec.GoogleCloudStorage == nil {
+			return util.ValidationError{Msg: "GoogleCloudStorage spec must be provided for google-cloud-storage type Namespacestore"}
+		}
+	default:
+		return util.ValidationError{
+			Msg: "Invalid Namespacestore type, please provide a valid Namespacestore type",
+		}
+	}
+	return nil
+}
+
 // ValidateNsStoreNSFS validates namespacestore nsfs type configuration
 func ValidateNsStoreNSFS(nsStore *nbv1.NamespaceStore) error {
 	nsfs := nsStore.Spec.NSFS
