forked from rancher/webhook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
handlers.go
52 lines (48 loc) · 2.69 KB
/
handlers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package server
import (
"github.com/rancher/webhook/pkg/admission"
"github.com/rancher/webhook/pkg/clients"
mutationCluster "github.com/rancher/webhook/pkg/resources/mutation/cluster"
"github.com/rancher/webhook/pkg/resources/mutation/fleetworkspace"
"github.com/rancher/webhook/pkg/resources/mutation/machineconfigs"
"github.com/rancher/webhook/pkg/resources/mutation/secret"
"github.com/rancher/webhook/pkg/resources/validation/cluster"
"github.com/rancher/webhook/pkg/resources/validation/clusterroletemplatebinding"
"github.com/rancher/webhook/pkg/resources/validation/feature"
"github.com/rancher/webhook/pkg/resources/validation/globalrole"
"github.com/rancher/webhook/pkg/resources/validation/globalrolebinding"
"github.com/rancher/webhook/pkg/resources/validation/machineconfig"
nshandler "github.com/rancher/webhook/pkg/resources/validation/namespace"
"github.com/rancher/webhook/pkg/resources/validation/projectroletemplatebinding"
"github.com/rancher/webhook/pkg/resources/validation/roletemplate"
)
// Validation returns a list of all ValidatingAdmissionHandlers used by the webhook.
func Validation(clients *clients.Clients) ([]admission.ValidatingAdmissionHandler, error) {
handlers := []admission.ValidatingAdmissionHandler{
&feature.Validator{},
cluster.NewValidator(clients.K8s.AuthorizationV1().SubjectAccessReviews()),
cluster.NewProvisioningClusterValidator(clients),
&machineconfig.Validator{},
nshandler.NewValidator(clients.K8s.AuthorizationV1().SubjectAccessReviews()),
}
if clients.MultiClusterManagement {
globalRoles := globalrole.NewValidator(clients.DefaultResolver)
globalRoleBindings := globalrolebinding.NewValidator(clients.Management.GlobalRole().Cache(), clients.DefaultResolver)
prtbs := projectroletemplatebinding.NewValidator(clients.Management.ProjectRoleTemplateBinding().Cache(),
clients.Management.ClusterRoleTemplateBinding().Cache(), clients.DefaultResolver, clients.RoleTemplateResolver)
crtbs := clusterroletemplatebinding.NewValidator(clients.Management.ClusterRoleTemplateBinding().Cache(),
clients.DefaultResolver, clients.RoleTemplateResolver)
roleTemplates := roletemplate.NewValidator(clients.DefaultResolver, clients.RoleTemplateResolver, clients.K8s.AuthorizationV1().SubjectAccessReviews())
handlers = append(handlers, globalRoles, globalRoleBindings, prtbs, crtbs, roleTemplates)
}
return handlers, nil
}
// Mutation returns a list of all MutatingAdmissionHandlers used by the webhook.
func Mutation(clients *clients.Clients) ([]admission.MutatingAdmissionHandler, error) {
return []admission.MutatingAdmissionHandler{
&mutationCluster.Mutator{},
fleetworkspace.NewMutator(clients),
&secret.Mutator{},
&machineconfigs.Mutator{},
}, nil
}