webhook

package

v0.22.0 Latest Latest Go to latest Published: May 7, 2026 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/butlerdotdev/butler-controller

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type NetworkPoolValidator
type ProviderConfigValidator
type TeamValidator
- func (v *TeamValidator) Handle(ctx context.Context, req admission.Request) admission.Response
- func (v *TeamValidator) SetupWebhookWithManager(mgr ctrl.Manager) error
type TenantClusterValidator
- func (v *TenantClusterValidator) Handle(ctx context.Context, req admission.Request) admission.Response
- func (v *TenantClusterValidator) SetupWebhookWithManager(mgr ctrl.Manager) error

Constants ¶

View Source

const PlatformAdminClusterRole = "butler-cli-platform-admin"

PlatformAdminClusterRole is the ClusterRole bound to platform admins for kubectl access. Mirrors butler-server/internal/auth/serviceaccount.go's CLIClusterRolePlatformAdmin constant.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type NetworkPoolValidator ¶

type NetworkPoolValidator struct {
	Client client.Client
}

NetworkPoolValidator validates NetworkPool resources on admission.

func (*NetworkPoolValidator) SetupWebhookWithManager ¶

func (v *NetworkPoolValidator) SetupWebhookWithManager(mgr ctrl.Manager) error

SetupWebhookWithManager registers the NetworkPool validating webhook with the manager.

func (*NetworkPoolValidator) ValidateCreate ¶

func (v *NetworkPoolValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)

ValidateCreate validates a NetworkPool on creation.

func (*NetworkPoolValidator) ValidateDelete ¶

func (v *NetworkPoolValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error)

ValidateDelete validates a NetworkPool on deletion.

func (*NetworkPoolValidator) ValidateUpdate ¶

func (v *NetworkPoolValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error)

ValidateUpdate validates a NetworkPool on update.

type ProviderConfigValidator ¶

type ProviderConfigValidator struct {
	Client client.Client
}

ProviderConfigValidator validates ProviderConfig resources on admission.

func (*ProviderConfigValidator) SetupWebhookWithManager ¶

func (v *ProviderConfigValidator) SetupWebhookWithManager(mgr ctrl.Manager) error

SetupWebhookWithManager registers the ProviderConfig validating webhook with the manager.

func (*ProviderConfigValidator) ValidateCreate ¶

func (v *ProviderConfigValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)

ValidateCreate validates a ProviderConfig on creation.

func (*ProviderConfigValidator) ValidateDelete ¶

func (v *ProviderConfigValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error)

ValidateDelete validates a ProviderConfig on deletion.

func (*ProviderConfigValidator) ValidateUpdate ¶

func (v *ProviderConfigValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)

ValidateUpdate validates a ProviderConfig on update.

type TeamValidator ¶ added in v0.15.0

type TeamValidator struct {
	Client    client.Client
	APIReader client.Reader
}

TeamValidator validates Team mutations and enforces the platform-admin / team-admin split on ResourceLimits and Environments[].Limits fields.

spec.resourceLimits is the team's absolute ceiling and may only be set or modified by a platform admin. Team admins cannot raise their own ceiling.

spec.environments[].limits are per-environment sub-caps within that ceiling and may be modified by a team admin of the team being edited (platform admins can modify them as well).

The check runs on both create and update. On create, any resourceLimits or env-limits present on the incoming Team require platform admin, because no team admin can exist for a team that does not yet exist.

Client is the cached manager client; APIReader is uncached. User CRDs are read via the uncached reader so a recent isPlatformAdmin flip is observed immediately rather than after a cache tick.

func (*TeamValidator) Handle ¶ added in v0.15.0

func (v *TeamValidator) Handle(ctx context.Context, req admission.Request) admission.Response

Handle implements admission.Handler. Dispatches to handleCreate or handleUpdate based on the operation.

func (*TeamValidator) SetupWebhookWithManager ¶ added in v0.15.0

func (v *TeamValidator) SetupWebhookWithManager(mgr ctrl.Manager) error

SetupWebhookWithManager registers the Team validating webhook with the manager. Uses the raw admission.Handler path (not CustomValidator) so the handler can read UserInfo from the admission request.

type TenantClusterValidator ¶

type TenantClusterValidator struct {
	Client    client.Client
	APIReader client.Reader
}

TenantClusterValidator validates TenantCluster resources on admission.

Client is the cached, manager-backed client used for high-volume reads (TenantCluster list for sibling counts); staleness up to 1s is tolerable because webhook decisions only need approximate counts.

APIReader is an uncached reader used for reads whose staleness would flip an admission decision: Team spec (env list, limits, access). controller-runtime's cached client can lag apiserver writes by a reconcile tick, which is enough to miss a just-applied env rename or access-block edit. The Team admission webhook for "resourceLimits changed, needs platform admin" wants the current answer, not a 1s- old one.

func (*TenantClusterValidator) Handle ¶ added in v0.15.0

func (v *TenantClusterValidator) Handle(ctx context.Context, req admission.Request) admission.Response

Handle implements admission.Handler. Dispatches to handleCreate or handleUpdate based on the operation. Uses the raw admission.Handler pattern (not CustomValidator) so the handler can read UserInfo from the admission request. UserInfo is required to validate that the creator-email annotation matches the requesting identity; this is the only defense against a kubectl-direct caller spoofing another user's MaxClustersPerMember cap by claiming a different email.

func (*TenantClusterValidator) SetupWebhookWithManager ¶

func (v *TenantClusterValidator) SetupWebhookWithManager(mgr ctrl.Manager) error

SetupWebhookWithManager registers the TenantCluster validating webhook with the manager. Uses the raw admission.Handler path (not CustomValidator) so the handler can read UserInfo from the admission request; this is required to verify the creator-email annotation against the requesting identity.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL