mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
482c243517
* refactor: openapi package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kubectl validate Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * go mod Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix vscode Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
42 lines
1.5 KiB
Go
42 lines
1.5 KiB
Go
package policy
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
|
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
|
|
policyvalidate "github.com/kyverno/kyverno/pkg/validation/policy"
|
|
"github.com/kyverno/kyverno/pkg/webhooks"
|
|
"github.com/kyverno/kyverno/pkg/webhooks/handlers"
|
|
)
|
|
|
|
type policyHandlers struct {
|
|
client dclient.Interface
|
|
backgroungServiceAccountName string
|
|
}
|
|
|
|
func NewHandlers(client dclient.Interface, serviceaccount string) webhooks.PolicyHandlers {
|
|
return &policyHandlers{
|
|
client: client,
|
|
backgroungServiceAccountName: serviceaccount,
|
|
}
|
|
}
|
|
|
|
func (h *policyHandlers) Validate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, _ time.Time) handlers.AdmissionResponse {
|
|
policy, oldPolicy, err := admissionutils.GetPolicies(request.AdmissionRequest)
|
|
if err != nil {
|
|
logger.Error(err, "failed to unmarshal policies from admission request")
|
|
return admissionutils.Response(request.UID, err)
|
|
}
|
|
warnings, err := policyvalidate.Validate(policy, oldPolicy, h.client, false, h.backgroungServiceAccountName)
|
|
if err != nil {
|
|
logger.Error(err, "policy validation errors")
|
|
}
|
|
return admissionutils.Response(request.UID, err, warnings...)
|
|
}
|
|
|
|
func (h *policyHandlers) Mutate(_ context.Context, _ logr.Logger, request handlers.AdmissionRequest, _ time.Time) handlers.AdmissionResponse {
|
|
return admissionutils.ResponseSuccess(request.UID)
|
|
}
|