This repository has been archived by the owner on Oct 11, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
review.go
58 lines (49 loc) · 1.84 KB
/
review.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package admission
import (
"context"
"fmt"
"net/http"
"strings"
"go.uber.org/zap"
"k8s.io/api/admission/v1beta1"
)
type AdmitFunc func(context.Context, *zap.Logger, v1beta1.AdmissionReview) (*v1beta1.AdmissionResponse, error)
type reviewContext struct {
Context context.Context
Logger *zap.Logger
AdmissionReview v1beta1.AdmissionReview
}
func (r reviewContext) CallHandlerFunc(w http.ResponseWriter, name string, f AdmitFunc) {
// run the admitFunc
r.Logger.Sugar().Debugf("calling admitFunc with review %v", r.AdmissionReview)
admissionResponse, err := f(r.Context, r.Logger, r.AdmissionReview)
if err != nil {
r.writeErrorResponse(w, "could not run admitFunc", err)
return
}
if admissionResponse == nil {
r.writeErrorfResponse(w, "%q returned empty admissionResponse", name)
return
}
admissionResponse.AuditAnnotations = generateWebhookAnnotations(admissionResponse)
r.writeResponse(w, admissionResponse)
}
func (r reviewContext) writeErrorResponse(w http.ResponseWriter, msg string, err error) {
r.Logger.Error(msg, zap.Error(err))
response := toErrorAdmissionResponse(strings.Join([]string{msg, err.Error()}, ":"))
r.writeResponse(w, response)
}
func (r reviewContext) writeErrorfResponse(w http.ResponseWriter, template string, args ...interface{}) {
errString := fmt.Sprintf(template, args...)
r.Logger.Error(errString)
response := toErrorAdmissionResponse(errString)
r.writeResponse(w, response)
}
func (r reviewContext) writeResponse(w http.ResponseWriter, response *v1beta1.AdmissionResponse) {
if response.Allowed {
r.Logger.Sugar().Debugf("responding with allowed: %v and result %v", response.Allowed, response.Result)
} else {
r.Logger.Sugar().Infof("responding with allowed: %v and result %v", response.Allowed, response.Result)
}
writeResponse(r.Logger, w, response, r.AdmissionReview.Request.UID)
}