-
Notifications
You must be signed in to change notification settings - Fork 76
/
responder.go
109 lines (94 loc) · 3.04 KB
/
responder.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
// Copyright 2018, 2021 Portieris Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package webhook
import (
"fmt"
"net/http"
"strings"
"github.com/golang/glog"
v1 "k8s.io/api/admission/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// AdmissionResponder is a helper for handling admission response creation
// It supports adding and returning multiple errors to the user
type AdmissionResponder struct {
allowed bool
errors []string
patches []byte
}
// Flush creates the admission response to return
func (a *AdmissionResponder) Flush() *v1.AdmissionResponse {
if a.allowed && !a.HasErrors() {
res := &v1.AdmissionResponse{
Allowed: true,
}
if a.patches != nil {
res.Patch = a.patches
pt := v1.PatchTypeJSONPatch
res.PatchType = &pt
}
return res
}
return &v1.AdmissionResponse{
Allowed: false,
Result: &metav1.Status{
Message: fmt.Sprintf("\n%s", strings.Join(a.errors, "\n")),
},
}
}
// HasErrors returns a true if there are errors false if not
func (a *AdmissionResponder) HasErrors() bool {
return len(a.errors) != 0
}
// SetAllowed sets the admission response to allow the admission
func (a *AdmissionResponder) SetAllowed() {
a.allowed = true
}
// IsAllowed returns a true if the admission is allowed false if not
func (a *AdmissionResponder) IsAllowed() bool {
return a.allowed
}
// SetPatch sets the patches to be applied by the api server
func (a *AdmissionResponder) SetPatch(patch []byte) {
a.patches = patch
}
// Write writes the output of flush to the passed responsewriter
func (a *AdmissionResponder) Write(w http.ResponseWriter, ar v1.AdmissionReview) {
resp := reviewResponseToByte(a.Flush(), ar)
if _, err := w.Write(resp); err != nil {
glog.Error(err)
}
}
// ToAdmissionResponse adds an error to the response
func (a *AdmissionResponder) ToAdmissionResponse(err error) {
glog.Error(err)
a.errors = append(a.errors, err.Error())
}
// StringToAdmissionResponse adds a string as an error to the response
func (a *AdmissionResponder) StringToAdmissionResponse(msg string) {
glog.Info(msg)
a.errors = append(a.errors, msg)
}
// StringsToAdmissionResponse adds a slice of strings as errors to the response
func (a *AdmissionResponder) StringsToAdmissionResponse(msgs []string) {
for _, msg := range msgs {
a.StringToAdmissionResponse(msg)
}
}
// MapStringsToAdmissionResponse adds a map of a slice of strings as errors to the reponse
func (a *AdmissionResponder) MapStringsToAdmissionResponse(mapofmsgs map[string][]string) {
for _, msgs := range mapofmsgs {
a.StringsToAdmissionResponse(msgs)
}
}