forked from hooksie1/cmsnr
/
validator.go
42 lines (33 loc) · 881 Bytes
/
validator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package server
import (
"context"
"net/http"
api "github.com/gamer22026/cmsnr/api/v1alpha1"
"github.com/open-policy-agent/opa/rego"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
type Validator struct {
Client client.Client
decoder *admission.Decoder
}
func (v *Validator) Handle(ctx context.Context, req admission.Request) admission.Response {
opa := &api.OpaPolicy{}
if err := v.decoder.Decode(req, opa); err != nil {
return admission.Errored(http.StatusBadRequest, err)
}
rego := rego.New(
rego.Query("data.test"),
rego.Module("example.rego",
opa.Spec.Policy,
))
_, err := rego.Compile(ctx)
if err != nil {
return admission.Denied(err.Error())
}
return admission.Allowed("policy is valid")
}
func (v *Validator) InjectDecoder(d *admission.Decoder) error {
v.decoder = d
return nil
}