Enable ns transformer for webhook

Add namespace transformer for ValidatingWebhookConfiguration and MutatingWebhookConfiguration
kubernetes-sigs · Jul 9, 2019 · c912bae · c912bae
1 parent 433733e
commit c912bae
Show file tree

Hide file tree

Showing 2 changed files with 81 additions and 0 deletions.
diff --git a/plugin/builtin/namespacetransformer/NamespaceTransformer.go b/plugin/builtin/namespacetransformer/NamespaceTransformer.go
@@ -53,6 +53,7 @@ func (p *plugin) Transform(m resmap.ResMap) error {
 		}
 	}
 	p.updateClusterRoleBinding(m)
+	p.updateServiceReference(m)
 	return nil
 }
 
@@ -126,3 +127,40 @@ func (p *plugin) updateClusterRoleBinding(m resmap.ResMap) {
 		objMap["subjects"] = subjects
 	}
 }
+
+func (p *plugin) updateServiceReference(m resmap.ResMap) {
+	svc := gvk.Gvk{Version: "v1", Kind: "Service"}
+	svcMap := map[string]bool{}
+	for _, id := range m.AllIds() {
+		if id.Gvk.Equals(svc) {
+			svcMap[id.Name] = true
+		}
+	}
+
+	for _, res := range m.Resources() {
+		if res.OrgId().Kind != "ValidatingWebhookConfiguration" &&
+			res.OrgId().Kind != "MutatingWebhookConfiguration" {
+			continue
+		}
+		objMap := res.Map()
+		webhooks, ok := objMap["webhooks"].([]interface{})
+		if webhooks == nil || !ok {
+			continue
+		}
+		for i := range webhooks {
+			webhook := webhooks[i].(map[string]interface{})
+			transformers.MutateField(
+				webhook, []string{"clientConfig", "service"},
+				false, func(obj interface{}) (interface{}, error) {
+					svc := obj.(map[string]interface{})
+					svcName, foundN := svc["name"]
+					if foundN && svcMap[svcName.(string)] {
+						svc["namespace"] = p.Namespace
+					}
+					return svc, nil
+				})
+			webhooks[i] = webhook
+		}
+		objMap["webhooks"] = webhooks
+	}
+}
diff --git a/plugin/builtin/namespacetransformer/NamespaceTransformer_test.go b/plugin/builtin/namespacetransformer/NamespaceTransformer_test.go
@@ -41,6 +41,11 @@ metadata:
   namespace: foo
 ---
 apiVersion: v1
+kind: Service
+metadata:
+  name: svc1
+---
+apiVersion: v1
 kind: Namespace
 metadata:
   name: ns1
@@ -72,6 +77,22 @@ subjects:
   name: another
   namespace: random
 ---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: example
+webhooks:
+  - name: example1
+    clientConfig:
+      service:
+        name: svc1
+        namespace: system
+  - name: example2
+    clientConfig:
+      service:
+        name: svc2
+        namespace: system
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -92,6 +113,12 @@ metadata:
   namespace: test
 ---
 apiVersion: v1
+kind: Service
+metadata:
+  name: svc1
+  namespace: test
+---
+apiVersion: v1
 kind: Namespace
 metadata:
   name: ns1
@@ -123,6 +150,22 @@ subjects:
   name: another
   namespace: random
 ---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: example
+webhooks:
+- clientConfig:
+    service:
+      name: svc1
+      namespace: test
+  name: example1
+- clientConfig:
+    service:
+      name: svc2
+      namespace: system
+  name: example2
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata: