-
Notifications
You must be signed in to change notification settings - Fork 594
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(admission): adapt admission server to controller-runtime
- Loading branch information
Showing
20 changed files
with
946 additions
and
1,264 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
package admission | ||
|
||
import ( | ||
"context" | ||
"errors" | ||
|
||
"k8s.io/apimachinery/pkg/runtime" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" | ||
) | ||
|
||
// CustomValidatorAdapter is an adapter for legacy validators in our codebase that makes them compatible with | ||
// the new controller-runtime's CustomValidator interface. | ||
type CustomValidatorAdapter struct { | ||
validateCreate func(ctx context.Context, obj runtime.Object) (bool, string, error) | ||
validateUpdate func(ctx context.Context, oldObj runtime.Object, newObj runtime.Object) (bool, string, error) | ||
validateDelete func(ctx context.Context, obj runtime.Object) (bool, string, error) | ||
} | ||
|
||
func (c CustomValidatorAdapter) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { | ||
if c.validateCreate == nil { | ||
return admission.Warnings{}, nil | ||
} | ||
return c.returnValues(c.validateCreate(ctx, obj)) | ||
} | ||
|
||
func (c CustomValidatorAdapter) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (warnings admission.Warnings, err error) { | ||
if c.validateUpdate == nil { | ||
return admission.Warnings{}, nil | ||
} | ||
return c.returnValues(c.validateUpdate(ctx, oldObj, newObj)) | ||
} | ||
|
||
func (c CustomValidatorAdapter) ValidateDelete(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { | ||
if c.validateDelete == nil { | ||
return admission.Warnings{}, nil | ||
} | ||
return c.returnValues(c.validateDelete(ctx, obj)) | ||
} | ||
|
||
func (c CustomValidatorAdapter) returnValues(ok bool, message string, err error) (admission.Warnings, error) { | ||
if err != nil { | ||
return admission.Warnings{message}, err | ||
} | ||
if !ok { | ||
return admission.Warnings{message}, errors.New(message) | ||
} | ||
if message != "" { | ||
return admission.Warnings{message}, nil | ||
} | ||
return admission.Warnings{}, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
package admission | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"strings" | ||
|
||
"k8s.io/apimachinery/pkg/runtime" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
|
||
gatewaycontroller "github.com/kong/kubernetes-ingress-controller/v2/internal/controllers/gateway" | ||
"github.com/kong/kubernetes-ingress-controller/v2/internal/gatewayapi" | ||
) | ||
|
||
func (validator KongHTTPValidator) Gateway() CustomValidatorAdapter { | ||
return CustomValidatorAdapter{ | ||
validateCreate: func(ctx context.Context, obj runtime.Object) (bool, string, error) { | ||
gateway, ok := obj.(*gatewayapi.Gateway) | ||
if !ok { | ||
return false, "", fmt.Errorf("unexpected type, expected *gatewayapi.Gateway, got %T", obj) | ||
} | ||
return validator.ValidateGateway(ctx, *gateway) | ||
}, | ||
validateUpdate: func(ctx context.Context, oldObj runtime.Object, newObj runtime.Object) (bool, string, error) { | ||
gateway, ok := newObj.(*gatewayapi.Gateway) | ||
if !ok { | ||
return false, "", fmt.Errorf("unexpected type, expected *gatewayapi.Gateway, got %T", newObj) | ||
} | ||
return validator.ValidateGateway(ctx, *gateway) | ||
}, | ||
} | ||
} | ||
|
||
func (validator KongHTTPValidator) ValidateGateway( | ||
ctx context.Context, gateway gatewayapi.Gateway, | ||
) (bool, string, error) { | ||
// check if the gateway declares a gateway class | ||
if gateway.Spec.GatewayClassName == "" { | ||
return true, "", nil | ||
} | ||
|
||
// validate the gatewayclass reference | ||
gwc := gatewayapi.GatewayClass{} | ||
if err := validator.ManagerClient.Get(ctx, client.ObjectKey{Name: string(gateway.Spec.GatewayClassName)}, &gwc); err != nil { | ||
if strings.Contains(err.Error(), "not found") { | ||
return true, "", nil // not managed by this controller | ||
} | ||
return false, ErrTextCantRetrieveGatewayClass, err | ||
} | ||
|
||
// validate whether the gatewayclass is a supported class, if not | ||
// then this gateway belongs to another controller. | ||
if gwc.Spec.ControllerName != gatewaycontroller.GetControllerName() { | ||
return true, "", nil | ||
} | ||
|
||
return true, "", nil | ||
} |
Oops, something went wrong.