From db342d0ece4fee591ae137028989c97fd148b077 Mon Sep 17 00:00:00 2001 From: shuting Date: Mon, 17 Aug 2020 11:17:07 -0700 Subject: [PATCH] Improvements in webhook (#1057) * remove empty flag * format code * revert change in install.yaml * - skip mutation for a deleting resource - add debug log * format code * revert change in install.yaml * - skip mutation for a deleting resource - add debug log --- pkg/webhooks/server.go | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index 36d1d58863..b964b705de 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -224,7 +224,8 @@ func (ws *WebhookServer) handlerFunc(handler func(request *v1beta1.AdmissionRequ return } - logger := ws.log.WithValues("kind", admissionReview.Request.Kind, "namespace", admissionReview.Request.Namespace, "name", admissionReview.Request.Name) + logger := ws.log.WithName("handlerFunc").WithValues("kind", admissionReview.Request.Kind, "namespace", admissionReview.Request.Namespace, + "name", admissionReview.Request.Name, "operation", admissionReview.Request.Operation, "uid", admissionReview.Request.UID) admissionReview.Response = &v1beta1.AdmissionResponse{ Allowed: true, @@ -272,6 +273,8 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1 } } + logger.V(6).Info("received an admission request in mutating webhook") + mutatePolicies := ws.pCache.Get(policycache.Mutate) validatePolicies := ws.pCache.Get(policycache.ValidateEnforce) generatePolicies := ws.pCache.Get(policycache.Generate) @@ -328,14 +331,14 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1 // MUTATION // mutation failure should not block the resource creation // any mutation failure is reported as the violation - if request.Operation != v1beta1.Delete { + if resource.GetDeletionTimestamp() == nil { patches = ws.HandleMutation(request, resource, mutatePolicies, ctx, userRequestInfo) logger.V(6).Info("", "generated patches", string(patches)) - } - // patch the resource with patches before handling validation rules - patchedResource = processResourceWithPatches(patches, request.Object.Raw, logger) - logger.V(6).Info("", "patchedResource", string(patchedResource)) + // patch the resource with patches before handling validation rules + patchedResource = processResourceWithPatches(patches, request.Object.Raw, logger) + logger.V(6).Info("", "patchedResource", string(patchedResource)) + } if ws.resourceWebhookWatcher != nil && ws.resourceWebhookWatcher.RunValidationInMutatingWebhook == "true" { // push admission request to audit handler, this won't block the admission request @@ -412,6 +415,8 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) * } } + logger.V(6).Info("received an admission request in validating webhook") + // push admission request to audit handler, this won't block the admission request ws.auditHandler.Add(request.DeepCopy())