-
Notifications
You must be signed in to change notification settings - Fork 0
/
validator_handler.go
49 lines (40 loc) · 1.37 KB
/
validator_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
package validator_handler
import (
"context"
"fmt"
"net/http"
"github.com/erkanzileli/admission-webhooks-the-easy-way/internal/consts"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
// PodValidatorHandler validates consts.PodAnnotationKey annotation
type PodValidatorHandler struct {
Client client.Client
decoder *admission.Decoder
}
func NewPodValidatorHandler() *PodValidatorHandler {
return &PodValidatorHandler{}
}
// Handle admits a pod if a specific annotation exists.
func (h *PodValidatorHandler) Handle(ctx context.Context, req admission.Request) admission.Response {
pod := &corev1.Pod{}
err := h.decoder.Decode(req, pod)
if err != nil {
return admission.Errored(http.StatusBadRequest, err)
}
anno, found := pod.Annotations[consts.PodAnnotationKey]
if !found {
return admission.Denied(fmt.Sprintf("missing annotation %s", consts.PodAnnotationKey))
}
if anno != consts.PodAnnotationValue {
return admission.Denied(fmt.Sprintf("annotation %s did not have value %q", consts.PodAnnotationKey, "foo"))
}
return admission.Allowed("")
}
// InjectDecoder injects the decoder.
// PodValidatorHandler implements admission.DecoderInjector so a decoder will be automatically injected.
func (h *PodValidatorHandler) InjectDecoder(d *admission.Decoder) error {
h.decoder = d
return nil
}