...

Source file src/sigs.k8s.io/controller-runtime/pkg/webhook/admission/response.go

Documentation: sigs.k8s.io/controller-runtime/pkg/webhook/admission

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8     http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package admission
    18  
    19  import (
    20  	"net/http"
    21  
    22  	jsonpatch "gomodules.xyz/jsonpatch/v2"
    23  	admissionv1 "k8s.io/api/admission/v1"
    24  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25  )
    26  
    27  // Allowed constructs a response indicating that the given operation
    28  // is allowed (without any patches).
    29  func Allowed(message string) Response {
    30  	return ValidationResponse(true, message)
    31  }
    32  
    33  // Denied constructs a response indicating that the given operation
    34  // is not allowed.
    35  func Denied(message string) Response {
    36  	return ValidationResponse(false, message)
    37  }
    38  
    39  // Patched constructs a response indicating that the given operation is
    40  // allowed, and that the target object should be modified by the given
    41  // JSONPatch operations.
    42  func Patched(message string, patches ...jsonpatch.JsonPatchOperation) Response {
    43  	resp := Allowed(message)
    44  	resp.Patches = patches
    45  
    46  	return resp
    47  }
    48  
    49  // Errored creates a new Response for error-handling a request.
    50  func Errored(code int32, err error) Response {
    51  	return Response{
    52  		AdmissionResponse: admissionv1.AdmissionResponse{
    53  			Allowed: false,
    54  			Result: &metav1.Status{
    55  				Code:    code,
    56  				Message: err.Error(),
    57  			},
    58  		},
    59  	}
    60  }
    61  
    62  // ValidationResponse returns a response for admitting a request.
    63  func ValidationResponse(allowed bool, message string) Response {
    64  	code := http.StatusForbidden
    65  	reason := metav1.StatusReasonForbidden
    66  	if allowed {
    67  		code = http.StatusOK
    68  		reason = ""
    69  	}
    70  	resp := Response{
    71  		AdmissionResponse: admissionv1.AdmissionResponse{
    72  			Allowed: allowed,
    73  			Result: &metav1.Status{
    74  				Code:   int32(code),
    75  				Reason: reason,
    76  			},
    77  		},
    78  	}
    79  	if len(message) > 0 {
    80  		resp.Result.Message = message
    81  	}
    82  	return resp
    83  }
    84  
    85  // PatchResponseFromRaw takes 2 byte arrays and returns a new response with json patch.
    86  // The original object should be passed in as raw bytes to avoid the roundtripping problem
    87  // described in https://github.com/kubernetes-sigs/kubebuilder/issues/510.
    88  func PatchResponseFromRaw(original, current []byte) Response {
    89  	patches, err := jsonpatch.CreatePatch(original, current)
    90  	if err != nil {
    91  		return Errored(http.StatusInternalServerError, err)
    92  	}
    93  	return Response{
    94  		Patches: patches,
    95  		AdmissionResponse: admissionv1.AdmissionResponse{
    96  			Allowed: true,
    97  			PatchType: func() *admissionv1.PatchType {
    98  				if len(patches) == 0 {
    99  					return nil
   100  				}
   101  				pt := admissionv1.PatchTypeJSONPatch
   102  				return &pt
   103  			}(),
   104  		},
   105  	}
   106  }
   107  
   108  // validationResponseFromStatus returns a response for admitting a request with provided Status object.
   109  func validationResponseFromStatus(allowed bool, status metav1.Status) Response {
   110  	resp := Response{
   111  		AdmissionResponse: admissionv1.AdmissionResponse{
   112  			Allowed: allowed,
   113  			Result:  &status,
   114  		},
   115  	}
   116  	return resp
   117  }
   118  
   119  // WithWarnings adds the given warnings to the Response.
   120  // If any warnings were already given, they will not be overwritten.
   121  func (r Response) WithWarnings(warnings ...string) Response {
   122  	r.AdmissionResponse.Warnings = append(r.AdmissionResponse.Warnings, warnings...)
   123  	return r
   124  }
   125  

View as plain text