2023-08-03 06:48:10 +02:00
package resource
import (
"context"
2023-08-26 02:02:56 +05:30
"fmt"
2023-08-03 06:48:10 +02:00
"time"
"github.com/go-logr/logr"
2023-08-28 21:48:48 +05:30
"github.com/kyverno/kyverno/pkg/auth/checker"
manager "github.com/kyverno/kyverno/pkg/controllers/ttl"
2023-08-03 06:48:10 +02:00
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
validation "github.com/kyverno/kyverno/pkg/validation/resource"
"github.com/kyverno/kyverno/pkg/webhooks/handlers"
2023-08-28 21:48:48 +05:30
"k8s.io/apimachinery/pkg/runtime/schema"
2023-08-03 06:48:10 +02:00
)
2023-08-28 21:48:48 +05:30
type validationHandlers struct {
checker checker . AuthChecker
}
func New ( checker checker . AuthChecker ) * validationHandlers {
return & validationHandlers {
checker : checker ,
}
}
func ( h * validationHandlers ) Validate ( ctx context . Context , logger logr . Logger , request handlers . AdmissionRequest , _ time . Time ) handlers . AdmissionResponse {
2023-08-03 06:48:10 +02:00
metadata , _ , err := admissionutils . GetPartialObjectMetadatas ( request . AdmissionRequest )
if err != nil {
logger . Error ( err , "failed to unmarshal metadatas from admission request" )
return admissionutils . ResponseSuccess ( request . UID , err . Error ( ) )
}
2023-08-28 21:48:48 +05:30
if ! manager . HasResourcePermissions ( logger , schema . GroupVersionResource ( request . AdmissionRequest . Resource ) , h . checker ) {
logger . Info ( "doesn't have required permissions for deletion" , "gvr" , request . AdmissionRequest . Resource )
}
2023-08-03 06:48:10 +02:00
if err := validation . ValidateTtlLabel ( ctx , metadata ) ; err != nil {
logger . Error ( err , "metadatas validation errors" )
2023-08-26 02:02:56 +05:30
return admissionutils . ResponseSuccess ( request . UID , fmt . Sprintf ( "cleanup.kyverno.io/ttl label value cannot be parsed as any recognizable format (%s)" , err . Error ( ) ) )
2023-08-03 06:48:10 +02:00
}
return admissionutils . ResponseSuccess ( request . UID )
}
