/
webhook.go
96 lines (88 loc) · 2.66 KB
/
webhook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package webhook
import (
"context"
"encoding/json"
"io"
"io/ioutil"
"net/http"
"github.com/pkg/errors"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/klog"
)
var errEmptyBody = errors.New("empty body")
func readBody(r *http.Request, n int64) ([]byte, error) {
if r.Body == nil {
return nil, errEmptyBody
}
lr := &io.LimitedReader{R: r.Body, N: n}
b, err := ioutil.ReadAll(lr)
if err != nil {
return b, err
}
if lr.N <= 0 {
return b, errors.Errorf("expected at most %d bytes, got more", n)
}
if len(b) == 0 {
return nil, errEmptyBody
}
return b, nil
}
func decodeAdmissionReview(decoder runtime.Decoder, body []byte) (*admissionv1beta1.AdmissionReview, error) {
ar := admissionv1beta1.AdmissionReview{}
_, _, err := decoder.Decode(body, nil, &ar)
return &ar, err
}
type Mutator interface {
Mutate(context.Context, *admissionv1beta1.AdmissionRequest) *admissionv1beta1.AdmissionResponse
}
func HandlerFunc(mutator Mutator) func(w http.ResponseWriter, req *http.Request) {
runtimeScheme := runtime.NewScheme()
codecs := serializer.NewCodecFactory(runtimeScheme)
deserializer := codecs.UniversalDeserializer()
return func(w http.ResponseWriter, r *http.Request) {
onBadRequest := func(err error) {
klog.Errorf("bad request: %v", err)
http.Error(w, err.Error(), http.StatusBadRequest)
}
onInternalServerError := func(err error) {
klog.Errorf("internal server error: %v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
}
if r.Method != http.MethodPost {
onBadRequest(errors.Errorf("expected method POST, got %s", r.Method))
return
}
if ct := r.Header.Get("Content-Type"); ct != "application/json" {
onBadRequest(errors.Errorf("expected Content-Type \"application/json\", got %q", ct))
return
}
body, err := readBody(r, 4*1024*1024)
if err != nil {
onBadRequest(err)
return
}
admissionReview, err := decodeAdmissionReview(deserializer, body)
if err != nil {
onBadRequest(err)
return
}
if admissionReview.Request == nil {
onBadRequest(errors.New("empty admissionReview.Request"))
}
ctx := context.TODO()
admissionResponse := mutator.Mutate(ctx, admissionReview.Request)
if admissionResponse == nil {
onInternalServerError(errors.New("got nil admissionResponse"))
return
}
replyAdmissionReview := admissionv1beta1.AdmissionReview{}
replyAdmissionReview.Response = admissionResponse
replyAdmissionReview.Response.UID = admissionReview.Request.UID
jsonEncoder := json.NewEncoder(w)
if err := jsonEncoder.Encode(replyAdmissionReview); err != nil {
onInternalServerError(err)
}
}
}