mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
daadd36c72
* added permissions check Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * issue_8091 Signed-off-by: Ved Ratan <vedratan8@gmail.com> * log fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * refactor Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
41 lines
1.5 KiB
Go
41 lines
1.5 KiB
Go
package resource
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
"github.com/kyverno/kyverno/pkg/auth/checker"
|
|
manager "github.com/kyverno/kyverno/pkg/controllers/ttl"
|
|
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
|
|
validation "github.com/kyverno/kyverno/pkg/validation/resource"
|
|
"github.com/kyverno/kyverno/pkg/webhooks/handlers"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
)
|
|
|
|
type validationHandlers struct {
|
|
checker checker.AuthChecker
|
|
}
|
|
|
|
func New(checker checker.AuthChecker) *validationHandlers {
|
|
return &validationHandlers{
|
|
checker: checker,
|
|
}
|
|
}
|
|
|
|
func (h *validationHandlers) Validate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, _ time.Time) handlers.AdmissionResponse {
|
|
metadata, _, err := admissionutils.GetPartialObjectMetadatas(request.AdmissionRequest)
|
|
if err != nil {
|
|
logger.Error(err, "failed to unmarshal metadatas from admission request")
|
|
return admissionutils.ResponseSuccess(request.UID, err.Error())
|
|
}
|
|
if !manager.HasResourcePermissions(logger, schema.GroupVersionResource(request.AdmissionRequest.Resource), h.checker) {
|
|
logger.Info("doesn't have required permissions for deletion", "gvr", request.AdmissionRequest.Resource)
|
|
}
|
|
if err := validation.ValidateTtlLabel(ctx, metadata); err != nil {
|
|
logger.Error(err, "metadatas validation errors")
|
|
return admissionutils.ResponseSuccess(request.UID, fmt.Sprintf("cleanup.kyverno.io/ttl label value cannot be parsed as any recognizable format (%s)", err.Error()))
|
|
}
|
|
return admissionutils.ResponseSuccess(request.UID)
|
|
}
|