2019-08-07 18:01:28 -07:00
|
|
|
package webhooks
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/golang/glog"
|
|
|
|
|
v1alpha1 "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
|
2019-08-08 13:09:40 -07:00
|
|
|
v1beta1 "k8s.io/api/admission/v1beta1"
|
|
|
|
|
"k8s.io/apimachinery/pkg/labels"
|
2019-08-07 18:01:28 -07:00
|
|
|
)
|
|
|
|
|
|
2019-08-08 13:09:40 -07:00
|
|
|
type policyType int
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
none policyType = iota
|
|
|
|
|
mutate
|
|
|
|
|
validate
|
|
|
|
|
all
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (ws *WebhookServer) manageWebhookConfigurations(policy v1alpha1.Policy, op v1beta1.Operation) {
|
|
|
|
|
switch op {
|
|
|
|
|
case v1beta1.Create:
|
|
|
|
|
ws.registerWebhookConfigurations(policy)
|
|
|
|
|
case v1beta1.Delete:
|
|
|
|
|
ws.deregisterWebhookConfigurations(policy)
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-08-07 18:01:28 -07:00
|
|
|
|
2019-08-08 13:09:40 -07:00
|
|
|
func (ws *WebhookServer) registerWebhookConfigurations(policy v1alpha1.Policy) error {
|
2019-08-07 18:01:28 -07:00
|
|
|
for _, rule := range policy.Spec.Rules {
|
|
|
|
|
if rule.Mutation != nil && !ws.webhookRegistrationClient.MutationRegistered.IsSet() {
|
|
|
|
|
if err := ws.webhookRegistrationClient.RegisterMutatingWebhook(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
glog.Infof("Mutating webhook registered")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2019-08-08 13:09:40 -07:00
|
|
|
|
|
|
|
|
func (ws *WebhookServer) deregisterWebhookConfigurations(policy v1alpha1.Policy) error {
|
2019-08-14 11:51:01 -07:00
|
|
|
policies, _ := ws.policyLister.List(labels.NewSelector())
|
2019-08-08 13:09:40 -07:00
|
|
|
|
2019-08-14 11:51:01 -07:00
|
|
|
// deregister webhook if no policy found in cluster
|
|
|
|
|
if len(policies) == 1 {
|
|
|
|
|
ws.webhookRegistrationClient.deregisterMutatingWebhook()
|
|
|
|
|
glog.Infoln("Mutating webhook deregistered")
|
2019-08-08 13:09:40 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
