admission

package
v0.0.0-...-b51d232 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2024 License: Apache-2.0 Imports: 11 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AdmissionType 

type AdmissionType string

AdmissionType includes mutation and validation 

var (
	AdmissionTypeMutation   AdmissionType = "mutation"
	AdmissionTypeValidation AdmissionType = "validation"
)

type Admitter 

type Admitter interface {
	// Create checks if a CREATE operation is allowed.
	// Patches contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Create(request *Request, newObj runtime.Object) (Patch, error)

	// Update checks if a UPDATE operation is allowed.
	// Patches contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Update(request *Request, oldObj runtime.Object, newObj runtime.Object) (Patch, error)

	// Delete checks if a DELETE operation is allowed.
	// Patches contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Delete(request *Request, oldObj runtime.Object) (Patch, error)

	// Connect checks if a CONNECT operation is allowed.
	// Patches contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Connect(request *Request, newObj runtime.Object) (Patch, error)

	// Resource returns the resource that the admitter works on.
	Resource() Resource
}

Admitter interface is used by AdmissionHandler to check if an operation is allowed.

func Validator2Admitter 

func Validator2Admitter(v Validator) Admitter

type DefaultMutator 

type DefaultMutator struct{}

DefaultMutator allows every supported operation and mutate nothing

func (*DefaultMutator) Connect 

func (v *DefaultMutator) Connect(request *Request, newObj runtime.Object) (Patch, error)

func (*DefaultMutator) Create 

func (v *DefaultMutator) Create(request *Request, newObj runtime.Object) (Patch, error)

func (*DefaultMutator) Delete 

func (v *DefaultMutator) Delete(request *Request, oldObj runtime.Object) (Patch, error)

func (*DefaultMutator) Resource 

func (v *DefaultMutator) Resource() Resource

func (*DefaultMutator) Update 

func (v *DefaultMutator) Update(request *Request, oldObj runtime.Object, newObj runtime.Object) (Patch, error)

type DefaultValidator 

type DefaultValidator struct{}

DefaultValidator allows every supported operation.

func (*DefaultValidator) Connect 

func (v *DefaultValidator) Connect(request *Request, newObj runtime.Object) error

func (*DefaultValidator) Create 

func (v *DefaultValidator) Create(request *Request, newObj runtime.Object) error

func (*DefaultValidator) Delete 

func (v *DefaultValidator) Delete(request *Request, oldObj runtime.Object) error

func (*DefaultValidator) Resource 

func (v *DefaultValidator) Resource() Resource

func (*DefaultValidator) Update 

func (v *DefaultValidator) Update(request *Request, oldObj runtime.Object, newObj runtime.Object) error

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler for the admitter webhook server

func NewHandler 

func NewHandler(admitter Admitter, admissionType AdmissionType, options *config.Options) *Handler

NewHandler returns a new admitter handler

func (*Handler) AddToWebhookRouter 

func (v *Handler) AddToWebhookRouter(router *webhook.Router)

func (*Handler) Admit 

func (v *Handler) Admit(response *webhook.Response, request *webhook.Request) error

Admit function handles the AdmissionReview request

type Mutator 

type Mutator Admitter

type Patch 

type Patch []PatchOp

Patch returned by the mutator JSON Patch operations to mutate input data. See https://jsonpatch.com/ for more information.

type PatchOp 

type PatchOp struct {
	Op    PatchOperation `json:"op,required"`
	Path  string         `json:"path,required"`
	Value interface{}    `json:"value,omitempty"`
}

PatchOp is one patch operation

type PatchOperation 

type PatchOperation string

PatchOperation includes add, remove, replace, copy, move and test 

const (
	PatchOpAdd     PatchOperation = "add"
	PatchOpRemove  PatchOperation = "remove"
	PatchOpReplace PatchOperation = "replace"
	PatchOpCopy    PatchOperation = "copy"
	PatchOpMove    PatchOperation = "move"
	PatchOpTest    PatchOperation = "test"
)

type Request 

type Request struct {
	*webhook.Request
	// contains filtered or unexported fields
}

func NewRequest 

func NewRequest(webhookRequest *webhook.Request, options *config.Options) *Request

func (*Request) DecodeObjects 

func (r *Request) DecodeObjects() (oldObj runtime.Object, newObj runtime.Object, err error)

func (*Request) IsFromController 

func (r *Request) IsFromController() bool

func (*Request) IsGarbageCollection 

func (r *Request) IsGarbageCollection() bool

func (*Request) String 

func (r *Request) String() string

func (*Request) Username 

func (r *Request) Username() string

type Resource 

type Resource struct {
	Names          []string
	Scope          admissionregv1.ScopeType
	APIGroup       string
	APIVersion     string
	ObjectType     runtime.Object
	OperationTypes []admissionregv1.OperationType
}

Resource used to build the webhook rules

func (Resource) Validate 

func (r Resource) Validate() error

Validate the item of Resource

type Validator 

type Validator interface {
	// Create checks if a CREATE operation is allowed. If no error is returned, the operation is allowed.
	Create(request *Request, newObj runtime.Object) error

	// Update checks if a UPDATE operation is allowed. If no error is returned, the operation is allowed.
	Update(request *Request, oldObj runtime.Object, newObj runtime.Object) error

	// Delete checks if a DELETE operation is allowed. If no error is returned, the operation is allowed.
	Delete(request *Request, oldObj runtime.Object) error

	// Connect checks if a CONNECT operation is allowed. If no error is returned, the operation is allowed.
	Connect(request *Request, newObj runtime.Object) error

	Resource() Resource
}

Validator is a Mutator that doesn't modify received API objects.

type ValidatorAdapter 

type ValidatorAdapter struct {
	// contains filtered or unexported fields
}

ValidatorAdapter adapts a Validator to an Admitter.

func (*ValidatorAdapter) Connect 

func (c *ValidatorAdapter) Connect(request *Request, newObj runtime.Object) (Patch, error)

func (*ValidatorAdapter) Create 

func (c *ValidatorAdapter) Create(request *Request, newObj runtime.Object) (Patch, error)

func (*ValidatorAdapter) Delete 

func (c *ValidatorAdapter) Delete(request *Request, oldObj runtime.Object) (Patch, error)

func (*ValidatorAdapter) Resource 

func (c *ValidatorAdapter) Resource() Resource

func (*ValidatorAdapter) Update 

func (c *ValidatorAdapter) Update(request *Request, oldObj runtime.Object, newObj runtime.Object) (Patch, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.