Documentation ¶
Overview ¶
Package admission holds definitions and functions for admissionWebhook.
Index ¶
- Variables
- func CreateWebhookName(handler WebhookHandler, suffix string) string
- func NewDefaultMutatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, ...) *v1.MutatingWebhook
- func NewDefaultValidatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, ...) *v1.ValidatingWebhook
- func NewMutatingHandlerFunc(handler MutatingAdmissionHandler) http.HandlerFunc
- func NewValidatingHandlerFunc(handler ValidatingAdmissionHandler) http.HandlerFunc
- func Path(basePath string, handler WebhookHandler) string
- func Ptr[T any](value T) *T
- func ResponseAllowed() *admissionv1.AdmissionResponse
- func ResponseBadRequest(message string) *admissionv1.AdmissionResponse
- func SubPath(gvr schema.GroupVersionResource) string
- type Admitter
- type MutatingAdmissionHandler
- type Request
- type ValidatingAdmissionHandler
- type WebhookHandler
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidRequest error returned when the requested operation with the requested fields are invalid. ErrInvalidRequest = fmt.Errorf("invalid request") // ErrUnsupportedOperation error returned when a validator is unable to validate the received operation. ErrUnsupportedOperation = fmt.Errorf("unsupported operation") // SlowTraceDuration duration to use when determining if a webhookHandler is slow. SlowTraceDuration = time.Second * 2 )
Functions ¶
func CreateWebhookName ¶
func CreateWebhookName(handler WebhookHandler, suffix string) string
CreateWebhookName returns a new name for the given webhook handler with the given suffix.
func NewDefaultMutatingWebhook ¶
func NewDefaultMutatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, scope v1.ScopeType, ops []v1.OperationType) *v1.MutatingWebhook
NewDefaultMutatingWebhook creates a new MutatingWebhook based on the WebhookHandler provided. The path set on the client config will be appended with the webhooks path. The return webhook will not be nil.
func NewDefaultValidatingWebhook ¶
func NewDefaultValidatingWebhook(handler WebhookHandler, clientConfig v1.WebhookClientConfig, scope v1.ScopeType, ops []v1.OperationType) *v1.ValidatingWebhook
NewDefaultValidatingWebhook creates a new ValidatingWebhook based on the WebhookHandler provided. The path set on the client config will be appended with the webhooks path. The return webhook will not be nil.
func NewMutatingHandlerFunc ¶ added in v0.3.4
func NewMutatingHandlerFunc(handler MutatingAdmissionHandler) http.HandlerFunc
NewMutatingHandlerFunc returns a new HandlerFunc that will call the function returned by the MutatingAdmissionHandler's AdmitFunc() call.
func NewValidatingHandlerFunc ¶ added in v0.3.4
func NewValidatingHandlerFunc(handler ValidatingAdmissionHandler) http.HandlerFunc
NewValidatingHandlerFunc returns a new HandlerFunc that will call the functions returned by the ValidatingAdmissionHandler's AdmitFuncs() call. If it encounters a failure or an error, it short-circuts and returns immediately.
func Path ¶
func Path(basePath string, handler WebhookHandler) string
Path returns the path of the webhook joined with the given basePath.
func ResponseAllowed ¶
func ResponseAllowed() *admissionv1.AdmissionResponse
ResponseAllowed returns a minimal AdmissionResponse in which Allowed is true
func ResponseBadRequest ¶
func ResponseBadRequest(message string) *admissionv1.AdmissionResponse
ResponseBadRequest returns an AdmissionResponse for BadRequest(err code 400) the message is used as the message in the response
func SubPath ¶
func SubPath(gvr schema.GroupVersionResource) string
SubPath returns the subpath to use for the given gvr.
Types ¶
type Admitter ¶ added in v0.3.4
type Admitter interface {
Admit(*Request) (*admissionv1.AdmissionResponse, error)
}
Admitter handles webhook admission requests sent to this webhook. The response returned by the WebhookHandler will be forwarded to the kube-api server. If the WebhookHandler can not accurately evaluate the request it should return an error.
type MutatingAdmissionHandler ¶
type MutatingAdmissionHandler interface { WebhookHandler // Since mutators can change a resource, each MutatingAdmissionHandler can only use 1 admit function. Admitter // MutatingWebhook returns a list of configurations to route to this handler. // // MutatingWebhook functions allows MutatingAdmissionHandler to perform modifications to the default configuration if needed. // A default configuration can be made using NewDefaultMutatingWebhook(...) // Most Webhooks implementing MutatingWebhook will only return one configuration. MutatingWebhook(clientConfig v1.WebhookClientConfig) []v1.MutatingWebhook }
MutatingAdmissionHandler is a handler used for creating a MutatingAdmission Webhook.
type Request ¶
type Request struct { admissionv1.AdmissionRequest Context context.Context }
Request is a simple wrapper for an AdmissionRequest that includes the context from the original http.Request.
type ValidatingAdmissionHandler ¶
type ValidatingAdmissionHandler interface { WebhookHandler // ValidatingWebhook returns a list of configurations to route to this handler. // // This functions allows ValidatingAdmissionHandler to perform modifications to the default configuration if needed. // A default configuration can be made using NewDefaultValidatingWebhook(...) // Most Webhooks implementing ValidatingWebhook will only return one configuration. ValidatingWebhook(clientConfig v1.WebhookClientConfig) []v1.ValidatingWebhook // Admitters returns the admitters that this handler will call when evaluating a resource. If any one of these // fails or encounters an error, the failure/error is immediately returned and the rest are short-circuted. Admitters() []Admitter }
ValidatingAdmissionHandler is a handler used for creating a ValidationAdmission Webhook.
type WebhookHandler ¶
type WebhookHandler interface { // GVR returns GroupVersionResource that the Webhook reviews. // The returned GVR is used to define the route for accessing this webhook as well as creating the Webhooks Name. // Thus the GVR returned must be unique from other WebhookHandlers of the same type e.g.(Mutating or Validating). // If a WebhookHandler desires to monitor all resources in a group the Resource defined int he GVR should be "*". // If a WebhookHandler desires to monitor a core type the Group can be left empty "". GVR() schema.GroupVersionResource // Operations returns list of operations that this WebhookHandler supports. // Handlers will only be sent request with operations that are contained in the provided list. Operations() []v1.OperationType }
WebhookHandler base interface for both ValidatingAdmissionHandler and MutatingAdmissionHandler. WebhookHandler is used for creating new http.HandlerFunc for each Webhook.