-
Notifications
You must be signed in to change notification settings - Fork 73
/
register.go
62 lines (56 loc) · 2.73 KB
/
register.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package webhooks
import (
admissionregv1 "k8s.io/api/admissionregistration/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
admissionctl "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
type RegisteredWebhooks map[string]WebhookFactory
// Webhooks are all registered webhooks mapping name to hook
var Webhooks = RegisteredWebhooks{}
// Webhook interface
type Webhook interface {
// Authorized will determine if the request is allowed
Authorized(request admissionctl.Request) admissionctl.Response
// GetURI returns the URI for the webhook
GetURI() string
// Validate will validate the incoming request
Validate(admissionctl.Request) bool
// Name is the name of the webhook
Name() string
// FailurePolicy is how the hook config should react if k8s can't access it
// https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
FailurePolicy() admissionregv1.FailurePolicyType
// MatchPolicy mirrors validatingwebhookconfiguration.webhooks[].matchPolicy.
// If it is important to the webhook, be sure to check subResource vs
// requestSubResource.
// https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
MatchPolicy() admissionregv1.MatchPolicyType
// Rules is a slice of rules on which this hook should trigger
Rules() []admissionregv1.RuleWithOperations
// ObjectSelector uses a *metav1.LabelSelector to augment the webhook's
// Rules() to match only on incoming requests which match the specific
// LabelSelector.
ObjectSelector() *metav1.LabelSelector
// SideEffects are what side effects, if any, this hook has. Refer to
// https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#side-effects
SideEffects() admissionregv1.SideEffectClass
// TimeoutSeconds returns an int32 representing how long to wait for this hook to complete
// The timeout value must be between 1 and 30 seconds.
// https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
TimeoutSeconds() int32
// Doc returns a string for end-customer documentation purposes.
Doc() string
// SyncSetLabelSelector returns the label selector to use in the SyncSet.
// Return utils.DefaultLabelSelector() to stick with the default
SyncSetLabelSelector() metav1.LabelSelector
// ClassicEnabled will return true if the webhook should be deployed to OSD/ROSA Classic clusters
ClassicEnabled() bool
// HypershiftEnabled will return true if the webhook should be deployed to ROSA HCP clusters
HypershiftEnabled() bool
}
// WebhookFactory return a kind of Webhook
type WebhookFactory func() Webhook
// Register webhooks
func Register(name string, input WebhookFactory) {
Webhooks[name] = input
}