| /* |
| Copyright 2018 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package main |
| |
| import ( |
| "fmt" |
| |
| apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" |
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| |
| "k8s.io/api/admission/v1beta1" |
| "k8s.io/klog" |
| ) |
| |
| // This function expects all CRDs submitted to it to be apiextensions.k8s.io/v1beta1 |
| // TODO: When apiextensions.k8s.io/v1 is added we will need to update this function. |
| func admitCRD(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse { |
| klog.V(2).Info("admitting crd") |
| crdResource := metav1.GroupVersionResource{Group: "apiextensions.k8s.io", Version: "v1beta1", Resource: "customresourcedefinitions"} |
| if ar.Request.Resource != crdResource { |
| err := fmt.Errorf("expect resource to be %s", crdResource) |
| klog.Error(err) |
| return toAdmissionResponse(err) |
| } |
| |
| raw := ar.Request.Object.Raw |
| crd := apiextensionsv1beta1.CustomResourceDefinition{} |
| deserializer := codecs.UniversalDeserializer() |
| if _, _, err := deserializer.Decode(raw, nil, &crd); err != nil { |
| klog.Error(err) |
| return toAdmissionResponse(err) |
| } |
| reviewResponse := v1beta1.AdmissionResponse{} |
| reviewResponse.Allowed = true |
| |
| if v, ok := crd.Labels["webhook-e2e-test"]; ok { |
| if v == "webhook-disallow" { |
| reviewResponse.Allowed = false |
| reviewResponse.Result = &metav1.Status{Message: "the crd contains unwanted label"} |
| } |
| } |
| return &reviewResponse |
| } |