admission

package
v1.8.0-dev-20250112 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

README

Admission Webhook

The admission webhook only validates or mutates the spec of hooked resources before being persistent to the database like etcd. Any resource reconciliation to ensure resources behave as expected should be handled in the backend as usual. For example, controllers or even host operations like creating and deleting folders at the host as usual.

Most of CRDs in the uninstallation are deleted without checks. Thus, the validation logics for DELETE operations should be added carefully to prevent from the uninstallation failure.

Reference: https://github.com/longhorn/longhorn-manager/pull/1279

Documentation

Index

Constants

View Source
const (
	AdmissionTypeValidation = "validation"
	AdmissionTypeMutation   = "mutation"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Admitter

type Admitter interface {
	// Create checks if a CREATE operation is allowed.
	// PatchOps contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Create(request *Request, newObj runtime.Object) (PatchOps, error)

	// Update checks if a UPDATE operation is allowed.
	// PatchOps contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Update(request *Request, oldObj runtime.Object, newObj runtime.Object) (PatchOps, error)

	// Delete checks if a DELETE operation is allowed.
	// PatchOps contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Delete(request *Request, oldObj runtime.Object) (PatchOps, error)

	// Connect checks if a CONNECT operation is allowed.
	// PatchOps contains JSON patch operations to be applied on the API object received by the server.
	// If no error is returned, the operation is allowed.
	Connect(request *Request, newObj runtime.Object) (PatchOps, error)

	// Resource returns the resource that the admitter works on.
	Resource() Resource
}

A Admitter interface is used by AdmissionHandler to check if a operation is allowed.

type DefaultMutator

type DefaultMutator struct {
}

DefaultMutator allows every supported operation and mutate nothing

func (*DefaultMutator) Connect

func (v *DefaultMutator) Connect(request *Request, newObj runtime.Object) (PatchOps, error)

func (*DefaultMutator) Create

func (v *DefaultMutator) Create(request *Request, newObj runtime.Object) (PatchOps, error)

func (*DefaultMutator) Delete

func (v *DefaultMutator) Delete(request *Request, oldObj runtime.Object) (PatchOps, error)

func (*DefaultMutator) Update

func (v *DefaultMutator) Update(request *Request, oldObj runtime.Object, newObj runtime.Object) (PatchOps, error)

type DefaultValidator

type DefaultValidator struct {
}

DefaultValidator allows every supported operation.

func (*DefaultValidator) Connect

func (v *DefaultValidator) Connect(request *Request, newObj runtime.Object) error

func (*DefaultValidator) Create

func (v *DefaultValidator) Create(request *Request, newObj runtime.Object) error

func (*DefaultValidator) Delete

func (v *DefaultValidator) Delete(request *Request, oldObj runtime.Object) error

func (*DefaultValidator) Update

func (v *DefaultValidator) Update(request *Request, oldObj runtime.Object, newObj runtime.Object) error

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler

func NewHandler(admitter Admitter, admissionType string) *Handler

func (*Handler) Admit

func (v *Handler) Admit(response *webhook.Response, request *webhook.Request) error

type Mutator

type Mutator Admitter

func NewValidatorAdapter

func NewValidatorAdapter(validator Validator) Mutator

type PatchOps

type PatchOps []string

PatchOps JSON Patch operations to mutate input data. See https://jsonpatch.com/ for more information.

type Request

type Request struct {
	*webhook.Request
}

func NewRequest

func NewRequest(webhookRequest *webhook.Request) *Request

func (*Request) DecodeObjects

func (r *Request) DecodeObjects() (oldObj runtime.Object, newObj runtime.Object, err error)

func (*Request) IsGarbageCollection

func (r *Request) IsGarbageCollection() bool

func (*Request) String

func (r *Request) String() string

func (*Request) Username

func (r *Request) Username() string

type Resource

type Resource struct {
	Name           string
	Scope          admissionregv1.ScopeType
	APIGroup       string
	APIVersion     string
	ObjectType     runtime.Object
	OperationTypes []admissionregv1.OperationType
}

func (Resource) Validate

func (r Resource) Validate() error

type Validator

type Validator interface {
	// Create checks if a CREATE operation is allowed. If no error is returned, the operation is allowed.
	Create(request *Request, newObj runtime.Object) error

	// Update checks if a UPDATE operation is allowed. If no error is returned, the operation is allowed.
	Update(request *Request, oldObj runtime.Object, newObj runtime.Object) error

	// Delete checks if a DELETE operation is allowed. If no error is returned, the operation is allowed.
	Delete(request *Request, oldObj runtime.Object) error

	// Connect checks if a CONNECT operation is allowed. If no error is returned, the operation is allowed.
	Connect(request *Request, newObj runtime.Object) error

	Resource() Resource
}

Validator is a Mutator that doesn't modify received API objects.

type ValidatorAdapter

type ValidatorAdapter struct {
	// contains filtered or unexported fields
}

ValidatorAdapter adapts a Validator to an Admitter.

func (*ValidatorAdapter) Connect

func (c *ValidatorAdapter) Connect(request *Request, newObj runtime.Object) (PatchOps, error)

func (*ValidatorAdapter) Create

func (c *ValidatorAdapter) Create(request *Request, newObj runtime.Object) (PatchOps, error)

func (*ValidatorAdapter) Delete

func (c *ValidatorAdapter) Delete(request *Request, oldObj runtime.Object) (PatchOps, error)

func (*ValidatorAdapter) Resource

func (c *ValidatorAdapter) Resource() Resource

func (*ValidatorAdapter) Update

func (c *ValidatorAdapter) Update(request *Request, oldObj runtime.Object, newObj runtime.Object) (PatchOps, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL