admission

package

v0.4.15-rc.3 Latest Latest Go to latest Published: Jan 14, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rancher/webhook

Links

Open Source Insights

Documentation ¶

Overview ¶

Package admission holds definitions and functions for admissionWebhook.

Index ¶

Variables
func CreateWebhookName(handler WebhookHandler, suffix string) string
func NewDefaultMutatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, ...) *v1.MutatingWebhook
func NewDefaultValidatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, ...) *v1.ValidatingWebhook
func NewMutatingHandlerFunc(handler MutatingAdmissionHandler) http.HandlerFunc
func NewValidatingHandlerFunc(handler ValidatingAdmissionHandler) http.HandlerFunc
func Path(basePath string, handler WebhookHandler) string
func Ptr[T any](value T) *T
func ResponseAllowed() *admissionv1.AdmissionResponse
func ResponseBadRequest(message string) *admissionv1.AdmissionResponse
func ResponseFailedEscalation(message string) *admissionv1.AdmissionResponse
func SubPath(gvr schema.GroupVersionResource) string
type Admitter
type MutatingAdmissionHandler
type Request
type ValidatingAdmissionHandler
type WebhookHandler

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrInvalidRequest error returned when the requested operation with the requested fields are invalid.
	ErrInvalidRequest = fmt.Errorf("invalid request")
	// ErrUnsupportedOperation error returned when a validator is unable to validate the received operation.
	ErrUnsupportedOperation = fmt.Errorf("unsupported operation")
	// SlowTraceDuration duration to use when determining if a webhookHandler is slow.
	SlowTraceDuration = time.Second * 2
)

Functions ¶

func CreateWebhookName ¶

func CreateWebhookName(handler WebhookHandler, suffix string) string

CreateWebhookName returns a new name for the given webhook handler with the given suffix.

func NewDefaultMutatingWebhook ¶

func NewDefaultMutatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, scope v1.ScopeType, ops []v1.OperationType) *v1.MutatingWebhook

NewDefaultMutatingWebhook creates a new MutatingWebhook based on the WebhookHandler provided. The path set on the client config will be appended with the webhooks path. The return webhook will not be nil.

func NewDefaultValidatingWebhook ¶

func NewDefaultValidatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, scope v1.ScopeType, ops []v1.OperationType) *v1.ValidatingWebhook

NewDefaultValidatingWebhook creates a new ValidatingWebhook based on the WebhookHandler provided. The path set on the client config will be appended with the webhooks path. The return webhook will not be nil.

func NewMutatingHandlerFunc ¶

func NewMutatingHandlerFunc(handler MutatingAdmissionHandler) http.HandlerFunc

NewMutatingHandlerFunc returns a new HandlerFunc that will call the function returned by the MutatingAdmissionHandler's AdmitFunc() call.

func NewValidatingHandlerFunc ¶

func NewValidatingHandlerFunc(handler ValidatingAdmissionHandler) http.HandlerFunc

NewValidatingHandlerFunc returns a new HandlerFunc that will call the functions returned by the ValidatingAdmissionHandler's AdmitFuncs() call. If it encounters a failure or an error, it short-circuts and returns immediately.

func Path ¶

func Path(basePath string, handler WebhookHandler) string

Path returns the path of the webhook joined with the given basePath.

func Ptr ¶

func Ptr[T any](value T) *T

Ptr is a generic function that returns the pointer of T.

func ResponseAllowed ¶

func ResponseAllowed() *admissionv1.AdmissionResponse

ResponseAllowed returns a minimal AdmissionResponse in which Allowed is true

func ResponseBadRequest ¶

func ResponseBadRequest(message string) *admissionv1.AdmissionResponse

ResponseBadRequest returns an AdmissionResponse for BadRequest(err code 400) the message is used as the message in the response

func ResponseFailedEscalation ¶

func ResponseFailedEscalation(message string) *admissionv1.AdmissionResponse

ResponseFailedEscalation returns an AdmissionResponse a failed escalation check.

func SubPath ¶

func SubPath(gvr schema.GroupVersionResource) string

SubPath returns the subpath to use for the given gvr.

Types ¶

type Admitter ¶

type Admitter interface {
	Admit(*Request) (*admissionv1.AdmissionResponse, error)
}

Admitter handles webhook admission requests sent to this webhook. The response returned by the WebhookHandler will be forwarded to the kube-api server. If the WebhookHandler can not accurately evaluate the request it should return an error.

type MutatingAdmissionHandler ¶

type MutatingAdmissionHandler interface {
	WebhookHandler
	// Since mutators can change a resource, each MutatingAdmissionHandler can only use 1 admit function.
	Admitter

	// MutatingWebhook returns a list of configurations to route to this handler.
	//
	// MutatingWebhook functions allows MutatingAdmissionHandler to perform modifications to the default configuration if needed.
	// A default configuration can be made using NewDefaultMutatingWebhook(...)
	// Most Webhooks implementing MutatingWebhook will only return one configuration.
	MutatingWebhook(clientConfig v1.WebhookClientConfig) []v1.MutatingWebhook
}

MutatingAdmissionHandler is a handler used for creating a MutatingAdmission Webhook.

type Request ¶

type Request struct {
	admissionv1.AdmissionRequest
	Context context.Context
}

Request is a simple wrapper for an AdmissionRequest that includes the context from the original http.Request.

type ValidatingAdmissionHandler ¶

type ValidatingAdmissionHandler interface {
	WebhookHandler

	// ValidatingWebhook returns a list of configurations to route to this handler.
	//
	// This functions allows ValidatingAdmissionHandler to perform modifications to the default configuration if needed.
	// A default configuration can be made using NewDefaultValidatingWebhook(...)
	// Most Webhooks implementing ValidatingWebhook will only return one configuration.
	ValidatingWebhook(clientConfig v1.WebhookClientConfig) []v1.ValidatingWebhook

	// Admitters returns the admitters that this handler will call when evaluating a resource. If any one of these
	// fails or encounters an error, the failure/error is immediately returned and the rest are short-circuted.
	Admitters() []Admitter
}

ValidatingAdmissionHandler is a handler used for creating a ValidationAdmission Webhook.

type WebhookHandler ¶

type WebhookHandler interface {
	// GVR returns GroupVersionResource that the Webhook reviews.
	// The returned GVR is used to define the route for accessing this webhook as well as creating the Webhooks Name.
	// Thus the GVR returned must be unique from other WebhookHandlers of the same type e.g.(Mutating or Validating).
	// If a WebhookHandler desires to monitor all resources in a group the Resource defined int he GVR should be "*".
	// If a WebhookHandler desires to monitor a core type the Group can be left empty "".
	GVR() schema.GroupVersionResource

	// Operations returns list of operations that this WebhookHandler supports.
	// Handlers will only be sent request with operations that are contained in the provided list.
	Operations() []v1.OperationType
}

WebhookHandler base interface for both ValidatingAdmissionHandler and MutatingAdmissionHandler. WebhookHandler is used for creating new http.HandlerFunc for each Webhook.

Source Files ¶

View all Source files

admission.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL