...

Source file src/k8s.io/kubernetes/test/images/agnhost/webhook/customresource.go

Documentation: k8s.io/kubernetes/test/images/agnhost/webhook 

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package webhook
    18  
    19  import (
    20  	"encoding/json"
    21  
    22  	v1 "k8s.io/api/admission/v1"
    23  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    24  	"k8s.io/klog/v2"
    25  )
    26  
    27  const (
    28  	customResourcePatch1 string = `[
    29           { "op": "add", "path": "/data/mutation-stage-1", "value": "yes" }
    30       ]`
    31  	customResourcePatch2 string = `[
    32           { "op": "add", "path": "/data/mutation-stage-2", "value": "yes" }
    33       ]`
    34  )
    35  
    36  func mutateCustomResource(ar v1.AdmissionReview) *v1.AdmissionResponse {
    37  	klog.V(2).Info("mutating custom resource")
    38  	cr := struct {
    39  		metav1.ObjectMeta
    40  		Data map[string]string
    41  	}{}
    42  
    43  	raw := ar.Request.Object.Raw
    44  	err := json.Unmarshal(raw, &cr)
    45  	if err != nil {
    46  		klog.Error(err)
    47  		return toV1AdmissionResponse(err)
    48  	}
    49  
    50  	reviewResponse := v1.AdmissionResponse{}
    51  	reviewResponse.Allowed = true
    52  
    53  	if cr.Data["mutation-start"] == "yes" {
    54  		reviewResponse.Patch = []byte(customResourcePatch1)
    55  	}
    56  	if cr.Data["mutation-stage-1"] == "yes" {
    57  		reviewResponse.Patch = []byte(customResourcePatch2)
    58  	}
    59  	if len(reviewResponse.Patch) != 0 {
    60  		pt := v1.PatchTypeJSONPatch
    61  		reviewResponse.PatchType = &pt
    62  	}
    63  	return &reviewResponse
    64  }
    65  
    66  func admitCustomResource(ar v1.AdmissionReview) *v1.AdmissionResponse {
    67  	klog.V(2).Info("admitting custom resource")
    68  	cr := struct {
    69  		metav1.ObjectMeta
    70  		Data map[string]string
    71  	}{}
    72  
    73  	var raw []byte
    74  	if ar.Request.Operation == v1.Delete {
    75  		raw = ar.Request.OldObject.Raw
    76  	} else {
    77  		raw = ar.Request.Object.Raw
    78  	}
    79  	err := json.Unmarshal(raw, &cr)
    80  	if err != nil {
    81  		klog.Error(err)
    82  		return toV1AdmissionResponse(err)
    83  	}
    84  
    85  	reviewResponse := v1.AdmissionResponse{}
    86  	reviewResponse.Allowed = true
    87  	for k, v := range cr.Data {
    88  		if k == "webhook-e2e-test" && v == "webhook-disallow" &&
    89  			(ar.Request.Operation == v1.Create || ar.Request.Operation == v1.Update) {
    90  			reviewResponse.Allowed = false
    91  			reviewResponse.Result = &metav1.Status{
    92  				Reason: "the custom resource contains unwanted data",
    93  			}
    94  		}
    95  		if k == "webhook-e2e-test" && v == "webhook-nondeletable" && ar.Request.Operation == v1.Delete {
    96  			reviewResponse.Allowed = false
    97  			reviewResponse.Result = &metav1.Status{
    98  				Reason: "the custom resource cannot be deleted because it contains unwanted key and value",
    99  			}
   100  		}
   101  	}
   102  	return &reviewResponse
   103  }
   104  

View as plain text