-
Notifications
You must be signed in to change notification settings - Fork 3
/
handler.go
122 lines (107 loc) · 4.22 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package mutator
import (
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"time"
"github.com/giantswarm/microerror"
admissionv1 "k8s.io/api/admission/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/apimachinery/pkg/types"
"github.com/giantswarm/aws-admission-controller/v4/pkg/handler"
"github.com/giantswarm/aws-admission-controller/v4/pkg/metrics"
)
type Mutator interface {
Log(keyVals ...interface{})
Mutate(review *admissionv1.AdmissionRequest) ([]PatchOperation, error)
Resource() string
}
var (
scheme = runtime.NewScheme()
codecs = serializer.NewCodecFactory(scheme)
Deserializer = codecs.UniversalDeserializer()
InternalError = errors.New("internal admission controller error")
)
func Handler(mutator Mutator) http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
start := time.Now()
defer func() {
metrics.DurationRequests.WithLabelValues("mutating", mutator.Resource()).Observe(float64(time.Since(start)) / float64(time.Second))
}()
metrics.TotalRequests.WithLabelValues("mutating", mutator.Resource()).Inc()
if request.Header.Get("Content-Type") != "application/json" {
mutator.Log("level", "error", "message", fmt.Sprintf("invalid content-type: %s", request.Header.Get("Content-Type")))
metrics.InvalidRequests.WithLabelValues("mutating", mutator.Resource()).Inc()
writer.WriteHeader(http.StatusBadRequest)
return
}
data, err := io.ReadAll(request.Body)
if err != nil {
mutator.Log("level", "error", "message", "unable to read request")
metrics.InternalError.WithLabelValues("mutating", mutator.Resource()).Inc()
writer.WriteHeader(http.StatusInternalServerError)
return
}
review := admissionv1.AdmissionReview{}
if _, _, err := Deserializer.Decode(data, nil, &review); err != nil {
mutator.Log("level", "error", "message", "unable to parse admission review request")
metrics.InvalidRequests.WithLabelValues("mutating", mutator.Resource()).Inc()
writer.WriteHeader(http.StatusBadRequest)
return
}
resourceName := fmt.Sprintf("%s %s/%s", review.Request.Kind, review.Request.Namespace, handler.ExtractName(review.Request, Deserializer))
patch, err := mutator.Mutate(review.Request)
if err != nil {
mutator.Log("level", "error", "message", fmt.Sprintf("error during mutation process of %s: %v", resourceName, err))
writeResponse(mutator, writer, errorResponse(review.Request.UID, microerror.Mask(err)))
metrics.RejectedRequests.WithLabelValues("mutating", mutator.Resource()).Inc()
return
}
patchData, err := json.Marshal(patch)
if err != nil {
mutator.Log("level", "error", "message", fmt.Sprintf("unable to serialize patch for %s: %v", resourceName, err))
writeResponse(mutator, writer, errorResponse(review.Request.UID, InternalError))
metrics.RejectedRequests.WithLabelValues("mutating", mutator.Resource()).Inc()
return
}
mutator.Log("level", "debug", "message", fmt.Sprintf("mutator admitted %s (with %d patches)", resourceName, len(patch)))
metrics.SuccessfulRequests.WithLabelValues("mutating", mutator.Resource()).Inc()
pt := admissionv1.PatchTypeJSONPatch
writeResponse(mutator, writer, &admissionv1.AdmissionResponse{
Allowed: true,
UID: review.Request.UID,
Patch: patchData,
PatchType: &pt,
})
}
}
func writeResponse(mutator Mutator, writer http.ResponseWriter, response *admissionv1.AdmissionResponse) {
resp, err := json.Marshal(admissionv1.AdmissionReview{
TypeMeta: metav1.TypeMeta{
Kind: "AdmissionReview",
APIVersion: "admission.k8s.io/v1",
},
Response: response,
})
if err != nil {
mutator.Log("level", "error", "message", "unable to serialize response", microerror.JSON(err))
metrics.InternalError.WithLabelValues("mutating", mutator.Resource()).Inc()
writer.WriteHeader(http.StatusInternalServerError)
}
if _, err := writer.Write(resp); err != nil {
mutator.Log("level", "error", "message", "unable to write response", microerror.JSON(err))
}
}
func errorResponse(uid types.UID, err error) *admissionv1.AdmissionResponse {
return &admissionv1.AdmissionResponse{
Allowed: false,
UID: uid,
Result: &metav1.Status{
Message: err.Error(),
},
}
}