mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
update log
This commit is contained in:
parent
ea66d7a7b8
commit
e1bdfbce27
1 changed files with 25 additions and 15 deletions
|
@ -278,11 +278,11 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
|
||||||
// mutation failure should not block the resource creation
|
// mutation failure should not block the resource creation
|
||||||
// any mutation failure is reported as the violation
|
// any mutation failure is reported as the violation
|
||||||
patches = ws.HandleMutation(request, resource, policies, ctx, userRequestInfo)
|
patches = ws.HandleMutation(request, resource, policies, ctx, userRequestInfo)
|
||||||
logger.V(7).Info("", "generated patches", string(patches))
|
logger.V(6).Info("", "generated patches", string(patches))
|
||||||
|
|
||||||
// patch the resource with patches before handling validation rules
|
// patch the resource with patches before handling validation rules
|
||||||
patchedResource = processResourceWithPatches(patches, request.Object.Raw, logger)
|
patchedResource = processResourceWithPatches(patches, request.Object.Raw, logger)
|
||||||
logger.V(7).Info("", "patchedResource", string(patchedResource))
|
logger.V(6).Info("", "patchedResource", string(patchedResource))
|
||||||
|
|
||||||
if ws.resourceWebhookWatcher != nil && ws.resourceWebhookWatcher.RunValidationInMutatingWebhook == "true" {
|
if ws.resourceWebhookWatcher != nil && ws.resourceWebhookWatcher.RunValidationInMutatingWebhook == "true" {
|
||||||
// VALIDATION
|
// VALIDATION
|
||||||
|
@ -298,6 +298,8 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
logger.Info("mutate/validate is not supported prior to Kubernetes 1.14.0")
|
||||||
}
|
}
|
||||||
|
|
||||||
// GENERATE
|
// GENERATE
|
||||||
|
@ -332,6 +334,18 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
|
func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
|
||||||
|
logger := ws.log.WithName("resourceValidation").WithValues("uid", request.UID, "kind", request.Kind.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation)
|
||||||
|
|
||||||
|
if ok := utils.HigherThanKubernetesVersion(ws.client, ws.log, 1, 14, 0); !ok {
|
||||||
|
logger.Info("mutate/validate is not supported prior to Kubernetes 1.14.0")
|
||||||
|
return &v1beta1.AdmissionResponse{
|
||||||
|
Allowed: true,
|
||||||
|
Result: &metav1.Status{
|
||||||
|
Status: "Success",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if excludeKyvernoResources(request.Kind.Kind) {
|
if excludeKyvernoResources(request.Kind.Kind) {
|
||||||
return &v1beta1.AdmissionResponse{
|
return &v1beta1.AdmissionResponse{
|
||||||
Allowed: true,
|
Allowed: true,
|
||||||
|
@ -341,7 +355,6 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
logger := ws.log.WithName("resourceValidation").WithValues("uid", request.UID, "kind", request.Kind.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation)
|
|
||||||
policies, err := ws.pMetaStore.ListAll()
|
policies, err := ws.pMetaStore.ListAll()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// Unable to connect to policy Lister to access policies
|
// Unable to connect to policy Lister to access policies
|
||||||
|
@ -408,8 +421,6 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
higherVersion := utils.HigherThanKubernetesVersion(ws.client, ws.log, 1, 14, 0)
|
|
||||||
if higherVersion {
|
|
||||||
ok, msg := ws.HandleValidation(request, policies, nil, ctx, userRequestInfo)
|
ok, msg := ws.HandleValidation(request, policies, nil, ctx, userRequestInfo)
|
||||||
if !ok {
|
if !ok {
|
||||||
logger.Info("admission request denied")
|
logger.Info("admission request denied")
|
||||||
|
@ -421,7 +432,6 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
return &v1beta1.AdmissionResponse{
|
return &v1beta1.AdmissionResponse{
|
||||||
Allowed: true,
|
Allowed: true,
|
||||||
|
|
Loading…
Reference in a new issue