-
Notifications
You must be signed in to change notification settings - Fork 0
/
validate.go
81 lines (68 loc) · 1.7 KB
/
validate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package pkg
import (
"encoding/json"
"fmt"
admissionv1 "k8s.io/api/admission/v1"
corev1 "k8s.io/api/core/v1"
"log"
"net/http"
)
const (
MustKey = "Time"
)
func GetPod(reviewRequest *admissionv1.AdmissionReview) (*corev1.Pod, error) {
var pod = &corev1.Pod{}
if err := json.Unmarshal(reviewRequest.Request.Object.Raw, pod); err != nil {
return nil, fmt.Errorf("pod unmarshal error:" + err.Error())
//http.Error(w, "pod unmarshal error:"+err.Error(), http.StatusInternalServerError)
//return
}
return pod, nil
}
func Validate(w http.ResponseWriter, r *http.Request) {
reviewRequest, reviewRESP, err := InitReviewRequestResponse(r)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if err = checkKind(reviewRequest.Request.Kind.Kind); err != nil {
FailureReviewRESP(reviewRESP, err.Error())
Response(reviewRESP, w)
return
}
pod, err := GetPod(reviewRequest)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
log.Println("validating pod: ", pod.Name)
if pod.GetNamespace() != "webhook" {
Response(reviewRESP, w)
return
}
for _, container := range pod.Spec.Containers {
if err = checkEnv(container.Env); err != nil {
FailureReviewRESP(reviewRESP, fmt.Sprintf("container %s validate failed.%s", container.Name, err.Error()))
break
}
}
Response(reviewRESP, w)
return
}
func checkEnv(envs []corev1.EnvVar) error {
if len(envs) == 0 {
return fmt.Errorf("env vars is empty")
}
{
var withTimeKey bool
for _, e := range envs {
if e.Name == MustKey {
withTimeKey = true
}
}
if !withTimeKey {
return fmt.Errorf(fmt.Sprintf("env vars doesn't have '%s' key", MustKey))
}
}
return nil
}