mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-07 08:26:53 +00:00
97 lines
2.6 KiB
Go
97 lines
2.6 KiB
Go
package admission
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
admissionv1 "k8s.io/api/admission/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
func UnmarshalPolicy(kind string, raw []byte) (kyvernov1.PolicyInterface, error) {
|
|
if kind == "ClusterPolicy" {
|
|
var policy *kyvernov1.ClusterPolicy
|
|
if err := json.Unmarshal(raw, &policy); err != nil {
|
|
return nil, err
|
|
}
|
|
return policy, nil
|
|
} else if kind == "Policy" {
|
|
var policy *kyvernov1.Policy
|
|
if err := json.Unmarshal(raw, &policy); err != nil {
|
|
return nil, err
|
|
}
|
|
return policy, nil
|
|
}
|
|
return nil, fmt.Errorf("admission request does not contain a policy")
|
|
}
|
|
|
|
func GetPolicy(request *admissionv1.AdmissionRequest) (kyvernov1.PolicyInterface, error) {
|
|
return UnmarshalPolicy(request.Kind.Kind, request.Object.Raw)
|
|
}
|
|
|
|
func GetPolicies(request *admissionv1.AdmissionRequest) (kyvernov1.PolicyInterface, kyvernov1.PolicyInterface, error) {
|
|
policy, err := UnmarshalPolicy(request.Kind.Kind, request.Object.Raw)
|
|
if err != nil {
|
|
return policy, nil, err
|
|
}
|
|
if request.Operation == admissionv1.Update {
|
|
oldPolicy, err := UnmarshalPolicy(request.Kind.Kind, request.OldObject.Raw)
|
|
return policy, oldPolicy, err
|
|
}
|
|
return policy, nil, nil
|
|
}
|
|
|
|
func Response(allowed bool) *admissionv1.AdmissionResponse {
|
|
r := &admissionv1.AdmissionResponse{
|
|
Allowed: allowed,
|
|
}
|
|
return r
|
|
}
|
|
|
|
func ResponseWithMessage(allowed bool, msg string) *admissionv1.AdmissionResponse {
|
|
r := Response(allowed)
|
|
r.Result = &metav1.Status{
|
|
Message: msg,
|
|
}
|
|
return r
|
|
}
|
|
|
|
func ResponseWithMessageAndPatch(allowed bool, msg string, patch []byte) *admissionv1.AdmissionResponse {
|
|
r := ResponseWithMessage(allowed, msg)
|
|
r.Patch = patch
|
|
return r
|
|
}
|
|
|
|
func ResponseStatus(allowed bool, status, msg string) *admissionv1.AdmissionResponse {
|
|
r := Response(allowed)
|
|
r.Result = &metav1.Status{
|
|
Status: status,
|
|
Message: msg,
|
|
}
|
|
return r
|
|
}
|
|
|
|
func ResponseFailure(allowed bool, msg string) *admissionv1.AdmissionResponse {
|
|
return ResponseStatus(allowed, metav1.StatusFailure, msg)
|
|
}
|
|
|
|
func ResponseSuccess(allowed bool, msg string) *admissionv1.AdmissionResponse {
|
|
return ResponseStatus(allowed, metav1.StatusSuccess, msg)
|
|
}
|
|
|
|
func ResponseSuccessWithPatch(allowed bool, msg string, patch []byte) *admissionv1.AdmissionResponse {
|
|
r := ResponseSuccess(allowed, msg)
|
|
if len(patch) > 0 {
|
|
r.Patch = patch
|
|
}
|
|
return r
|
|
}
|
|
|
|
func GetResourceName(request *admissionv1.AdmissionRequest) string {
|
|
resourceName := request.Kind.Kind + "/" + request.Name
|
|
if request.Namespace != "" {
|
|
resourceName = request.Namespace + "/" + resourceName
|
|
}
|
|
return resourceName
|
|
}
|