admission

package

v0.7.0 Latest Latest Go to latest Published: Apr 10, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/katanomi/pkg

Links

Open Source Insights

Documentation ¶

Overview ¶

Package admission contains functions to add and retrieve admission request from context

Index ¶

func AdmissionRequest(ctx context.Context) admission.Request
func ApprovingWebhookFor(ctx context.Context, approval Approval, ...) *admission.Webhook
func DefaultingWebhookFor(ctx context.Context, defaulter Defaulter, transforms ...TransformFunc) *admission.Webhook
func RegisterDefaultWebhookFor(ctx context.Context, mgr ctrl.Manager, defaulter Defaulter, ...) (err error)
func RegisterValidateWebhookFor(ctx context.Context, mgr ctrl.Manager, validator Validator, ...) (err error)
func SubjectFromRequest(req admission.Request) *rbacv1.Subject
func ValidateApproval(ctx context.Context, reqUser authenticationv1.UserInfo, ...) (err error)
func ValidatingWebhookFor(ctx context.Context, validator Validator, creates []ValidateCreateFunc, ...) *admission.Webhook
func WithAdmissionRequest(ctx context.Context, req admission.Request) context.Context
type Approval
type ApprovalWithTriggeredByGetter
type ChecksGetter
type ContextInjector
type Defaulter
type DefaulterWebhook
- func NewDefaulterWebhook(defaulter Defaulter) DefaulterWebhook
type GetResourceAttributes
type PairOfOldNewCheck
type TransformFunc
- func WithApprovalOperator(getter ChecksGetter) TransformFunc
- func WithCreatedBy() TransformFunc
- func WithTriggeredBy() TransformFunc
type TriggeredByGetter
type ValidateApprovalFunc
type ValidateCreateFunc
type ValidateDeleteFunc
type ValidateUpdateFunc
type Validator
type ValidatorWebhook
- func NewValidatorWebhook(validator Validator) ValidatorWebhook

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AdmissionRequest ¶

func AdmissionRequest(ctx context.Context) admission.Request

AdmissionRequest returns admission request from context

func ApprovingWebhookFor ¶ added in v0.7.0

func ApprovingWebhookFor(ctx context.Context, approval Approval, getResourceAttributes GetResourceAttributes) *admission.Webhook

ApprovingWebhookFor creates a new Webhook for Approving the provided type.

func DefaultingWebhookFor ¶

func DefaultingWebhookFor(ctx context.Context, defaulter Defaulter, transforms ...TransformFunc) *admission.Webhook

DefaultingWebhookFor creates a new Webhook for Defaulting the provided type.

func RegisterDefaultWebhookFor ¶

func RegisterDefaultWebhookFor(ctx context.Context, mgr ctrl.Manager, defaulter Defaulter, transforms ...TransformFunc) (err error)

RegisterDefaultWebhookFor registers a mutate webhook for the defaulter with transforms

func RegisterValidateWebhookFor ¶ added in v0.3.0

func RegisterValidateWebhookFor(ctx context.Context, mgr ctrl.Manager, validator Validator, validateCreateFuncs []ValidateCreateFunc, validateUpdateFuncs []ValidateUpdateFunc, validateDeleteFuncs []ValidateDeleteFunc) (err error)

RegisterValidateWebhookFor registers a mutate webhook for the defaulter with transforms

func SubjectFromRequest ¶

func SubjectFromRequest(req admission.Request) *rbacv1.Subject

SubjectFromRequest returns a user based on the request information

func ValidateApproval ¶ added in v0.7.0

func ValidateApproval(ctx context.Context, reqUser authenticationv1.UserInfo, allowRepresentOthers, isCreateOperation bool,
	approvalSpecList []*metav1alpha1.ApprovalSpec, checkList []PairOfOldNewCheck, triggeredBy *metav1alpha1.TriggeredBy) (err error)

ValidateApproval validates the approval according by the approval spec if `allowRepresentOthers` is true, the reqUser can approve on behalf of others if `isCreateOperation` is true, the approvalSpec may be nil, skip detection of additional users

func ValidatingWebhookFor ¶ added in v0.3.0

func ValidatingWebhookFor(ctx context.Context, validator Validator, creates []ValidateCreateFunc, updates []ValidateUpdateFunc, deletes []ValidateDeleteFunc) *admission.Webhook

ValidatingWebhookFor creates a new Webhook for Validating the provided type.

func WithAdmissionRequest ¶

func WithAdmissionRequest(ctx context.Context, req admission.Request) context.Context

WithAdmissionRequest adds an admission request to the context

Types ¶

type Approval ¶ added in v0.7.0

type Approval interface {
	runtime.Object
	metav1.Object

	// ChecksGetter gets the checks from the runtime object
	ChecksGetter

	// GetApprovalSpecs returns the list of ApprovalSpecs for the given object.
	// Used to determine if advanced permissions are available
	GetApprovalSpecs(runtime.Object) []*metav1alpha1.ApprovalSpec

	// ModifiedOthers returns true if the object has also modified other content.
	ModifiedOthers(runtime.Object, runtime.Object) bool
}

Approval defines functions for approving resources

type ApprovalWithTriggeredByGetter ¶ added in v0.7.0

type ApprovalWithTriggeredByGetter interface {
	Approval
	TriggeredByGetter
}

ApprovalWithTriggeredByGetter defines functions for approving resources and enables `requiresDifferentApprover`

type ChecksGetter ¶ added in v0.7.0

type ChecksGetter interface {
	GetChecks(runtime.Object) []*metav1alpha1.Check
	// SkipCreateCheck represent whether should skip checking for create request
	// Whether or not skip creating check mainly depends on the developer's permission
	// If the developer can create approval in resource directly then we should not skip
	// checking and vice versa.
	SkipCreateCheck() bool
}

ChecksGetter gets the checks from the runtime object

type ContextInjector ¶ added in v0.7.0

type ContextInjector interface {
	InjectContext(ctx context.Context) context.Context
}

ContextInjector define function to inject context, such as logger, k8s client etc.

type Defaulter ¶

type Defaulter interface {
	runtime.Object
	metav1.Object
	Default(context.Context)
}

Defaulter defines functions for setting defaults on resources

type DefaulterWebhook ¶ added in v0.2.0

type DefaulterWebhook interface {
	Defaulter
	sharedmain.WebhookSetup
	sharedmain.WebhookRegisterSetup
	WithTransformer(transformers ...TransformFunc) DefaulterWebhook
	WithLoggerName(loggerName string) DefaulterWebhook
}

func NewDefaulterWebhook ¶ added in v0.2.0

func NewDefaulterWebhook(defaulter Defaulter) DefaulterWebhook

type GetResourceAttributes ¶ added in v0.7.0

type GetResourceAttributes func(string) authv1.ResourceAttributes

GetResourceAttributes returns the specified verb of resouce attributes.

type PairOfOldNewCheck ¶ added in v0.7.0

type PairOfOldNewCheck [2]*metav1alpha1.Check

PairOfOldNewCheck is a pair of old and new check

type TransformFunc ¶

type TransformFunc func(context.Context, runtime.Object, admission.Request)

TransformFunc used to make common defaulting logic amongst multiple resource using a context, an object and a request

func WithApprovalOperator ¶ added in v0.7.0

func WithApprovalOperator(getter ChecksGetter) TransformFunc

WithApprovalOperator adds an approval operator to the object using the request information

func WithCreatedBy ¶ added in v0.2.0

func WithCreatedBy() TransformFunc

WithCreatedBy adds a createdBy annotation to the object using the request information when an object already has the createdBy annotation it will only increment missing data

func WithTriggeredBy ¶

func WithTriggeredBy() TransformFunc

WithTriggeredBy adds a triggeredBy annotation to the object using the request information when an object already has the triggeredBy annotation it will only increment missing data

type TriggeredByGetter ¶ added in v0.7.0

type TriggeredByGetter interface {
	GetTriggeredBy(runtime.Object) *metav1alpha1.TriggeredBy
}

TriggeredByGetter get the triggerd by from the runtime object This interface should be implemented when `requiresDifferentApprover` is enabled.

type ValidateApprovalFunc ¶ added in v0.7.0

type ValidateApprovalFunc func(ctx context.Context, reqUser authenticationv1.UserInfo,
	allowRepresentOthers bool, skipAppendCheck bool, approvalSpecList []*metav1alpha1.ApprovalSpec,
	checkList []PairOfOldNewCheck, triggeredBy *metav1alpha1.TriggeredBy) error

type ValidateCreateFunc ¶ added in v0.3.0

type ValidateCreateFunc func(ctx context.Context, obj runtime.Object, req admission.Request) error

ValidateCreateFunc function to add validation functions when operation is create using a context, an object and a request

type ValidateDeleteFunc ¶ added in v0.3.0

type ValidateDeleteFunc func(ctx context.Context, obj runtime.Object, req admission.Request) error

ValidateDeleteFunc function to add validation functions when operation is delete using a context, an object and a request

type ValidateUpdateFunc ¶ added in v0.3.0

type ValidateUpdateFunc func(ctx context.Context, obj runtime.Object, old runtime.Object, req admission.Request) error

ValidateUpdateFunc function to add validation functions when operation is update using a context, the current object, the old object and a request

type Validator ¶ added in v0.3.0

type Validator interface {
	runtime.Object
	metav1.Object
	ValidateCreate(ctx context.Context) error
	ValidateUpdate(ctx context.Context, old runtime.Object) error
	ValidateDelete(ctx context.Context) error
}

Validator defines functions for validating an operation

type ValidatorWebhook ¶ added in v0.3.0

type ValidatorWebhook interface {
	Validator
	sharedmain.WebhookSetup
	sharedmain.WebhookRegisterSetup
	WithValidateCreate(creates ...ValidateCreateFunc) ValidatorWebhook
	WithValidateUpdate(updates ...ValidateUpdateFunc) ValidatorWebhook
	WithValidateDelete(deletes ...ValidateDeleteFunc) ValidatorWebhook
	WithLoggerName(loggerName string) ValidatorWebhook
}

func NewValidatorWebhook ¶ added in v0.3.0

func NewValidatorWebhook(validator Validator) ValidatorWebhook

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL