mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

767 unexporting webhook fields

Browse source
This commit is contained in:
shravan 2020-03-29 07:36:18 +05:30
parent f055076041
commit ba0e3268e8
1 changed files with 41 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
pkg/webhooks/server.go
View file

@ -122,11 +122,11 @@ func NewWebhookServer(
resourceWebhookWatcher: resourceWebhookWatcher, resourceWebhookWatcher: resourceWebhookWatcher,
} }
mux := http.NewServeMux() mux := http.NewServeMux()
mux.HandleFunc(config.MutatingWebhookServicePath, ws.serve) mux.HandleFunc(config.MutatingWebhookServicePath, ws.handlerFunc(ws.handleMutateAdmissionRequest, true))
mux.HandleFunc(config.ValidatingWebhookServicePath, ws.serve) mux.HandleFunc(config.ValidatingWebhookServicePath, ws.handlerFunc(ws.handleValidateAdmissionRequest, true))
mux.HandleFunc(config.VerifyMutatingWebhookServicePath, ws.serve) mux.HandleFunc(config.PolicyMutatingWebhookServicePath, ws.handlerFunc(ws.handlePolicyMutation, true))
mux.HandleFunc(config.PolicyValidatingWebhookServicePath, ws.serve) mux.HandleFunc(config.PolicyValidatingWebhookServicePath, ws.handlerFunc(ws.handlePolicyValidation, true))
mux.HandleFunc(config.PolicyMutatingWebhookServicePath, ws.serve) mux.HandleFunc(config.VerifyMutatingWebhookServicePath, ws.handlerFunc(ws.handleVerifyRequest, false))
ws.server = http.Server{ ws.server = http.Server{
Addr: ":443", // Listen on port for HTTPS requests Addr: ":443", // Listen on port for HTTPS requests
TLSConfig: &tlsConfig, TLSConfig: &tlsConfig,
@ -138,59 +138,45 @@ func NewWebhookServer(
return ws, nil return ws, nil
} }
// Main server endpoint for all requests func (ws *WebhookServer) handlerFunc(handler func(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse, filter bool) http.HandlerFunc {
func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
startTime := time.Now() startTime := time.Now()
// for every request received on the ep update last request time, // for every request received on the ep update last request time,
// this is used to verify admission control // this is used to verify admission control
ws.lastReqTime.SetTime(time.Now()) ws.lastReqTime.SetTime(time.Now())
admissionReview := ws.bodyToAdmissionReview(r, w) admissionReview := ws.bodyToAdmissionReview(r, w)
if admissionReview == nil { if admissionReview == nil {
return return
}
defer func() {
glog.V(4).Infof("request: %v %s/%s/%s", time.Since(startTime), admissionReview.Request.Kind, admissionReview.Request.Namespace, admissionReview.Request.Name)
}()
admissionReview.Response = &v1beta1.AdmissionResponse{
Allowed: true,
}
// Do not process the admission requests for kinds that are in filterKinds for filtering
request := admissionReview.Request
switch r.URL.Path {
case config.VerifyMutatingWebhookServicePath:
// we do not apply filters as this endpoint is used explicitly
// to watch kyveno deployment and verify if admission control is enabled
admissionReview.Response = ws.handleVerifyRequest(request)
case config.MutatingWebhookServicePath:
if !ws.configHandler.ToFilter(request.Kind.Kind, request.Namespace, request.Name) {
admissionReview.Response = ws.handleMutateAdmissionRequest(request)
} }
case config.ValidatingWebhookServicePath: defer func() {
if !ws.configHandler.ToFilter(request.Kind.Kind, request.Namespace, request.Name) { glog.V(4).Infof("request: %v %s/%s/%s", time.Since(startTime), admissionReview.Request.Kind, admissionReview.Request.Namespace, admissionReview.Request.Name)
admissionReview.Response = ws.handleValidateAdmissionRequest(request) }()
}
case config.PolicyValidatingWebhookServicePath:
if !ws.configHandler.ToFilter(request.Kind.Kind, request.Namespace, request.Name) {
admissionReview.Response = ws.handlePolicyValidation(request)
}
case config.PolicyMutatingWebhookServicePath:
if !ws.configHandler.ToFilter(request.Kind.Kind, request.Namespace, request.Name) {
admissionReview.Response = ws.handlePolicyMutation(request)
}
}
admissionReview.Response.UID = request.UID
responseJSON, err := json.Marshal(admissionReview) admissionReview.Response = &v1beta1.AdmissionResponse{
if err != nil { Allowed: true,
http.Error(w, fmt.Sprintf("Could not encode response: %v", err), http.StatusInternalServerError) }
return
}
w.Header().Set("Content-Type", "application/json; charset=utf-8") // Do not process the admission requests for kinds that are in filterKinds for filtering
if _, err := w.Write(responseJSON); err != nil { request := admissionReview.Request
http.Error(w, fmt.Sprintf("could not write response: %v", err), http.StatusInternalServerError) if filter {
if !ws.configHandler.ToFilter(request.Kind.Kind, request.Namespace, request.Name) {
admissionReview.Response = handler(request)
}
} else {
admissionReview.Response = handler(request)
}
admissionReview.Response.UID = request.UID
responseJSON, err := json.Marshal(admissionReview)
if err != nil {
http.Error(w, fmt.Sprintf("Could not encode response: %v", err), http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json; charset=utf-8")
if _, err := w.Write(responseJSON); err != nil {
http.Error(w, fmt.Sprintf("could not write response: %v", err), http.StatusInternalServerError)
}
} }
} }