#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
{{- if .Values.webhook.validating.create }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: cnpg-validating-webhook-configuration
  labels:
    {{- include "cloudnative-pg.labels" . | nindent 4 }}
  {{- with .Values.rbac.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: {{ .Values.service.name }}
      namespace: {{ .Release.Namespace }}
      path: /validate-postgresql-cnpg-io-v1-backup
      port: {{ .Values.service.port }}
  failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
  name: vbackup.cnpg.io
  rules:
  - apiGroups:
    - postgresql.cnpg.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - backups
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: {{ .Values.service.name }}
      namespace: {{ .Release.Namespace }}
      path: /validate-postgresql-cnpg-io-v1-cluster
      port: {{ .Values.service.port }}
  failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
  name: vcluster.cnpg.io
  rules:
  - apiGroups:
    - postgresql.cnpg.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - clusters
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: {{ .Values.service.name }}
      namespace: {{ .Release.Namespace }}
      path: /validate-postgresql-cnpg-io-v1-scheduledbackup
      port: {{ .Values.service.port }}
  failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
  name: vscheduledbackup.cnpg.io
  rules:
  - apiGroups:
    - postgresql.cnpg.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - scheduledbackups
  sideEffects: None
- admissionReviewVersions:
    - v1
  clientConfig:
    service:
      name: {{ .Values.service.name }}
      namespace: {{ .Release.Namespace }}
      path: /validate-postgresql-cnpg-io-v1-pooler
      port: {{ .Values.service.port }}
  failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
  name: vpooler.cnpg.io
  rules:
    - apiGroups:
        - postgresql.cnpg.io
      apiVersions:
        - v1
      operations:
        - CREATE
        - UPDATE
      resources:
        - poolers
  sideEffects: None
{{- end }}