/
validating_webhook.go
73 lines (63 loc) · 2.2 KB
/
validating_webhook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package webhook
import (
"context"
"fmt"
"net/http"
"github.com/pkg/errors"
"go.uber.org/zap"
serverlessv1alpha2 "github.com/kyma-project/kyma/components/function-controller/pkg/apis/serverless/v1alpha2"
v1 "k8s.io/api/admission/v1"
ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
type ValidatingWebHook struct {
configv1alpha2 *serverlessv1alpha2.ValidationConfig
client ctrlclient.Client
decoder *admission.Decoder
log *zap.SugaredLogger
}
func NewValidatingWebhook(configV1alpha2 *serverlessv1alpha2.ValidationConfig, client ctrlclient.Client, log *zap.SugaredLogger) *ValidatingWebHook {
return &ValidatingWebHook{
configv1alpha2: configV1alpha2,
client: client,
log: log,
}
}
func (w *ValidatingWebHook) Handle(_ context.Context, req admission.Request) admission.Response {
log := w.log.With("name", req.Name, "namespace", req.Namespace, "kind", req.Kind.Kind)
log.Debug("starting validation")
// We don't currently have any delete validation logic
if req.Operation == v1.Delete {
res := admission.Allowed("")
log.Debug("validation finished for deletion")
return res
}
if req.Kind.Kind == "Function" {
res := w.handleFunctionValidation(req)
log.Debug("validation finished for function")
return res
}
log.Debug("request object invalid kind")
return admission.Errored(http.StatusBadRequest, fmt.Errorf("invalid kind: %v", req.Kind.Kind))
}
func (w *ValidatingWebHook) InjectDecoder(decoder *admission.Decoder) error {
w.decoder = decoder
return nil
}
func (w *ValidatingWebHook) handleFunctionValidation(req admission.Request) admission.Response {
switch req.Kind.Version {
case serverlessv1alpha2.FunctionVersion:
{
fn := &serverlessv1alpha2.Function{}
if err := w.decoder.Decode(req, fn); err != nil {
return admission.Errored(http.StatusBadRequest, err)
}
if err := fn.Validate(w.configv1alpha2); err != nil {
return admission.Denied(fmt.Sprintf("validation failed: %s", err.Error()))
}
}
default:
return admission.Errored(http.StatusBadRequest, errors.Errorf("Invalid resource version provided: %s", req.Kind.Version))
}
return admission.Allowed("")
}