admissionreview

package
v1.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2023 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package admissionreview provides methods to handle Kubernetes admission review requests for webhook microservices

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Contains 

func Contains(slice []*metav1.GroupVersionKind, obj *metav1.GroupVersionKind) bool

Contains checks if the obj argument is contained in the slice argument

func GetErrorStatus 

func GetErrorStatus(httpStatus int32, errDiscription string, err error) *metav1.Status

GetErrorStatus receives a suggested HTTP (error) status code, an error description as well as an underlying error and constructs a Failure metav1.Status from this information

func Handle 

func Handle(reviewer Reviewer, w http.ResponseWriter, r *http.Request)

Handle receives a Reviewer interface and the ResponseWriter and Request from the http.Handler interface. This covers the IO part as well as error logging, HTTP response code handling and the construction of the AdmissionReview response object. Do not use if you do not wish to use zerolog for logging. GetAdmissionReviewFromHttp is an alternative that provides the relevant IO handling toolings and let the caller handle the HTTP and logging part.

Types

type Patch 

type Patch[T any] struct {
	// Request is the unmarshalled original request object. Returning nil here will yield an empty JSON patch response.
	Request *T
	// Response is the modified request object. Returning nil here will yield an empty JSON patch response.
	Response *T
}

Patch is used to construct the relevant JSON Patch operations.

type ResourceMutater 

type ResourceMutater[T any] func(request *T) (*ValidateResult, *Patch[T])

ResourceMutater receives the raw request JSON representation as []byte. Unmarshalls this and returns the extracted request object. Furthermore, relevant modifications are applied and the modified response object returned. The patches struct pointer might be nil. If it is present all patches have to be processed for the validate result to hold.

type ResourceValidator 

type ResourceValidator[T any] func(request *T) *ValidateResult

ResourceValidator receives the raw request JSON representation as []byte. Unmarshalls this and returns the extracted request object. Furthermore, relevant modifications are applied and the modified response object returned. Errors should be handled internally and modify the resulting ValidateResult accordingly.

type Reviewer 

type Reviewer interface {
	Review(*admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse
}

Reviewer receives a Kubernetes AdmissionRequest and returns the corresponding admissionResponse Errors should be handled internally and modify the resulting admissionResponse accordingly

type ReviewerHandler 

type ReviewerHandler interface {
	Reviewer
	http.Handler
}

ReviewerHandler combines the Reviewer and http.Handler interfaces. Used for functions which provides a reviewer combined with an already setup handler for easy use in combination with the http package.

func MutatingReviewer 

func MutatingReviewer[T any](mutater ResourceMutater[T], compatibleGroupVersionKinds ...*metav1.GroupVersionKind) ReviewerHandler

MutatingReviewer is the implementation of the ReviewerHandler interface. Checks the GroupVersionKind of the receives request against what the given reviewer.Modifier supports. A miss match will result in a non-modifying response and the allow value set to the value given by reviewer.AllowOnModifierMiss. Otherwise the Patch function of the Modifier interface is called, a JSON Patch is constructed from the result and wrapped into an admissionResponse.

func ReviewFunc 

func ReviewFunc(reviewFunc func(*admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse) ReviewerHandler

ReviewFunc is a helper function to wrap a review function into a corresponding object

func ValidatingReviewer 

func ValidatingReviewer[T any](validator ResourceValidator[T], compatibleGroupVersionKinds ...*metav1.GroupVersionKind) ReviewerHandler

ValidatingReviewer is the implementation of the ReviewerHandler interface. Checks the GroupVersionKind of the receives request against what the given reviewer.Modifier supports. A miss match will result in a non-modifying response and the allow value set to the value given by reviewer.AllowOnModifierMiss. Otherwise the Patch function of the Modifier interface is called, a JSON Patch is constructed from the result and wrapped into an admissionResponse.

type ValidateResult 

type ValidateResult struct {
	// Status gives detailed information in the case of failure.
	// +optional
	Status *metav1.Status
	// Allow determines whether to allow the given API request at all.
	Allow bool
}

ValidateResult is the returned result from the validation process.

func UnmarshallAdmissionRequest 

func UnmarshallAdmissionRequest[T any](rawRequest []byte, compatibleGroupVersionKinds []*metav1.GroupVersionKind, requestGroupVersionKind *metav1.GroupVersionKind) (request *T, validateResult *ValidateResult)

UnmarshallAdmissionRequest checks if the requestGroupVersionKind fits to the provided selector and unmarshalls the raw request into a the result pointer if this is the case. The presence of the validateResult implies that the skip condition has been fulfilled (Allow is true) or an error occurred during unmarshalling (Allow is false and Status contains the error).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.