mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity

update log

Browse source
This commit is contained in:
Shuting Zhao 2020-05-20 17:08:30 -07:00
parent ea66d7a7b8
commit e1bdfbce27
1 changed files with 25 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
pkg/webhooks/server.go
View file

@ -278,11 +278,11 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
// mutation failure should not block the resource creation // mutation failure should not block the resource creation
// any mutation failure is reported as the violation // any mutation failure is reported as the violation
patches = ws.HandleMutation(request, resource, policies, ctx, userRequestInfo) patches = ws.HandleMutation(request, resource, policies, ctx, userRequestInfo)
logger.V(7).Info("", "generated patches", string(patches)) logger.V(6).Info("", "generated patches", string(patches))
// patch the resource with patches before handling validation rules // patch the resource with patches before handling validation rules
patchedResource = processResourceWithPatches(patches, request.Object.Raw, logger) patchedResource = processResourceWithPatches(patches, request.Object.Raw, logger)
logger.V(7).Info("", "patchedResource", string(patchedResource)) logger.V(6).Info("", "patchedResource", string(patchedResource))
if ws.resourceWebhookWatcher != nil && ws.resourceWebhookWatcher.RunValidationInMutatingWebhook == "true" { if ws.resourceWebhookWatcher != nil && ws.resourceWebhookWatcher.RunValidationInMutatingWebhook == "true" {
// VALIDATION // VALIDATION
@ -298,6 +298,8 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
} }
} }
} }
} else {
logger.Info("mutate/validate is not supported prior to Kubernetes 1.14.0")
} }
// GENERATE // GENERATE
@ -332,6 +334,18 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
} }
func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse { func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
logger := ws.log.WithName("resourceValidation").WithValues("uid", request.UID, "kind", request.Kind.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation)
if ok := utils.HigherThanKubernetesVersion(ws.client, ws.log, 1, 14, 0); !ok {
logger.Info("mutate/validate is not supported prior to Kubernetes 1.14.0")
return &v1beta1.AdmissionResponse{
Allowed: true,
Result: &metav1.Status{
Status: "Success",
},
}
}
if excludeKyvernoResources(request.Kind.Kind) { if excludeKyvernoResources(request.Kind.Kind) {
return &v1beta1.AdmissionResponse{ return &v1beta1.AdmissionResponse{
Allowed: true, Allowed: true,
@ -341,7 +355,6 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
} }
} }
logger := ws.log.WithName("resourceValidation").WithValues("uid", request.UID, "kind", request.Kind.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation)
policies, err := ws.pMetaStore.ListAll() policies, err := ws.pMetaStore.ListAll()
if err != nil { if err != nil {
// Unable to connect to policy Lister to access policies // Unable to connect to policy Lister to access policies
@ -408,8 +421,6 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
} }
} }
higherVersion := utils.HigherThanKubernetesVersion(ws.client, ws.log, 1, 14, 0)
if higherVersion {
ok, msg := ws.HandleValidation(request, policies, nil, ctx, userRequestInfo) ok, msg := ws.HandleValidation(request, policies, nil, ctx, userRequestInfo)
if !ok { if !ok {
logger.Info("admission request denied") logger.Info("admission request denied")
@ -421,7 +432,6 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
}, },
} }
} }
}
return &v1beta1.AdmissionResponse{ return &v1beta1.AdmissionResponse{
Allowed: true, Allowed: true,