webhook

package
v0.0.0-...-148ef26 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package webhook contains resources for the ValidatingWebhookConfiguration. Referenced: https://github.com/kubernetes/kubernetes/blob/v1.15.0/test/images/webhook

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidContentType = errors.New("webhook: invalid content type; expected application/json")
	ErrMissingContentType = errors.New("webhook: missing content-type header")
	ErrObjectNotFound     = errors.New("webhook: request did not include object")
	ErrUnexpectedResource = errors.New("webhook: expected pod resource")
	ErrInvalidAdmission   = errors.New("webhook: admission request was nil")
	ErrInvalidContainer   = errors.New("webhook: container image is not from ecr")
)

Errors returned when a request or resource expectation fails.

View Source
var (
	ErrMissingFailure = errors.New("webhook: reached invalid state, no failure reason found")
	ErrBadRequest     = errors.New("webhook: bad request")
)

Errors returned when a bad request is received or a failure reason is not provided.

Functions

func BadRequestResponse

func BadRequestResponse(err error) (*v1beta1.AdmissionReview, error)

BadRequestResponse is the response returned to the cluster when a bad request is sent.

func InCriticalNamespace

func InCriticalNamespace(pod *corev1.Pod) bool

InCriticalNamespace checks that the request was for a resource that is being deployed into a cricial name space; e.g. kube-system.

func ParseImages

func ParseImages(pod *corev1.Pod) []string

ParseImages returns the container images in the Pod spec that originate from an Amazon ECR repository.

Types

type Request

type Request struct {
	Admission *v1beta1.AdmissionRequest
}

Request encapsulates the AdmissionRequest from the AdmissionReview proxied to the Lambda function.

func NewRequestFromEvent

func NewRequestFromEvent(event events.APIGatewayProxyRequest) (*Request, error)

NewRequestFromEvent creates a Request from the APIGatewayProxyRequest.

func (*Request) UnmarshalPod

func (r *Request) UnmarshalPod() (*corev1.Pod, error)

UnmarshalPod unmarshals the raw object in the AdmissionRequest into a Pod.

type Response

type Response struct {
	Admission *v1beta1.AdmissionResponse
}

Response encapsulates the AdmissionResponse sent to API Gateway.

func NewResponseFromRequest

func NewResponseFromRequest(r *Request) (*Response, error)

NewResponseFromRequest creates a Response from a Request.

func (*Response) FailValidation

func (r *Response) FailValidation(code int32, failure error) (*v1beta1.AdmissionReview, error)

FailValidation populates the AdmissionResponse with the failure contents (message and error) and returns the AdmissionReview JSON body response for API Gateway.

func (*Response) PassValidation

func (r *Response) PassValidation() *v1beta1.AdmissionReview

PassValidation populates the AdmissionResponse with the pass contents (message) and returns the AdmissionReview JSON response for API Gateway.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL