support all registered GVK for policy application in admission-controller

2025-03-31 03:45:17 +00:00 · 2019-05-20 11:43:13 -07:00 · 2019-05-20 11:43:13 -07:00 · 459be76eb5
commit 459be76eb5
parent d728f363aa
4 changed files with 24 additions and 37 deletions
--- a/client/client.go
+++ b/client/client.go
@ -307,13 +307,9 @@ func (c *Client) waitUntilNamespaceIsCreated(name string) error {
 	return lastError
 }
-//GetSupportedKinds provides list of supported types
+// KindIsSupported checks if the kind is a registerd GVK
-func GetSupportedKinds() []string {
+func (c *Client) KindIsSupported(kind string) bool {
-	return supportedTypes
+	buildGVKMapper(c.clientConfig, false)
-}
+	_, ok := getValue(kind)
-
+	return ok
 var supportedTypes = []string{
 	"ConfigMap", "Pods", "Deployment", "CronJob", "Endpoints", "HorizontalPodAutoscaler",
 	"Ingress", "Job", "LimitRange", "Namespace", "NetworkPolicy", "PersistentVolumeClaim",
 	"PodDisruptionBudget", "PodTemplate", "ResourceQuota", "Secret", "Service", "StatefulSet",
 }
--- a/client/utils.go
+++ b/client/utils.go
@ -17,26 +17,32 @@ const namespaceCreationWaitInterval time.Duration = 100 * time.Millisecond
 var groupVersionMapper map[string]schema.GroupVersionResource
 func getGrpVersionMapper(kind string, clientConfig *rest.Config, refresh bool) schema.GroupVersionResource {
-	grpVersionSchema := schema.GroupVersionResource{}
+	// build the GVK mapper
-
+	buildGVKMapper(clientConfig, refresh)
 	if groupVersionMapper == nil || refresh {
 		groupVersionMapper = make(map[string]schema.GroupVersionResource)
 		// refesh the mapper
 		if err := refreshRegisteredResources(groupVersionMapper, clientConfig); err != nil {
 			utilruntime.HandleError(err)
 			return grpVersionSchema
 		}
 	}
 	// Query mapper
 	if val, ok := getValue(kind); ok {
 		return *val
 	}
 	utilruntime.HandleError(fmt.Errorf("Resouce '%s' not registered", kind))
-	return grpVersionSchema
+	return schema.GroupVersionResource{}
 }
 func buildGVKMapper(clientConfig *rest.Config, refresh bool) {
 	if groupVersionMapper == nil || refresh {
 		groupVersionMapper = make(map[string]schema.GroupVersionResource)
 		// refresh the mapper
 		if err := refreshRegisteredResources(groupVersionMapper, clientConfig); err != nil {
 			utilruntime.HandleError(err)
 			return
 		}
 	}
 }
 func getValue(kind string) (*schema.GroupVersionResource, bool) {
-
+	if groupVersionMapper == nil {
 		utilruntime.HandleError(fmt.Errorf("GroupVersionKind mapper is not loaded"))
 		return nil, false
 	}
 	if val, ok := groupVersionMapper[kind]; ok {
 		return &val, true
 	}
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -87,8 +87,7 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
 	admissionReview.Response = &v1beta1.AdmissionResponse{
 		Allowed: true,
 	}
-
+	if ws.client.KindIsSupported(admissionReview.Request.Kind.Kind) {
 	if KindIsSupported(admissionReview.Request.Kind.Kind) {
 		switch r.URL.Path {
 		case config.MutatingWebhookServicePath:
 			admissionReview.Response = ws.HandleMutation(admissionReview.Request)
--- a/pkg/webhooks/utils.go
+++ b/pkg/webhooks/utils.go
@ -1,14 +0,0 @@
 package webhooks
 import "github.com/nirmata/kube-policy/client"
 // KindIsSupported checks kind to be prensent in
 // SupportedKinds defined in config
 func KindIsSupported(kind string) bool {
 	for _, k := range client.GetSupportedKinds() {
 		if k == kind {
 			return true
 		}
 	}
 	return false
 }