Skip to content

Commit

Permalink
cleaned up code
Browse files Browse the repository at this point in the history
  • Loading branch information
dtandersen committed Jul 21, 2023
1 parent a3bd65d commit 0f8b499
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 20 deletions.
41 changes: 22 additions & 19 deletions src/dsmlp/app/validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,11 +71,6 @@ class AdmissionReview:
request: Request


# class UidValidator:
# def evaluate(self, review: AdmissionReview):
# pass


class ValidationFailure(Exception):
def __init__(self, message: str) -> None:
self.message = message
Expand All @@ -91,28 +86,36 @@ def __init__(self, awsed: AwsedClient, kube: KubeClient, logger: Logger) -> None
def validate_request(self, admission_review_json):
self.logger.debug("request=" + json.dumps(admission_review_json, indent=2))
review: AdmissionReview = AdmissionReview.from_dict(admission_review_json)
request: Request = review.request
request_uid = request.uid
namespace_name = review.request.namespace
username = namespace_name
self.logger.info(
f"Validating request username={request.userInfo.username} namespace={namespace_name} uid={request_uid}")

try:
self.validate_pod(review.request)
except ValidationFailure as ex:
self.logger.info(f"Denied request username={username} namespace={namespace_name} reason={ex.message}")
return self.admission_response(request_uid, False, f"{ex.message}")
return self.handle_request(review.request)
except Exception as ex:
self.logger.exception(ex)
self.logger.info(f"Denied request username={username} namespace={namespace_name} reason=Error")
return self.admission_response(request_uid, False, f"Error")
self.logger.info(
f"Denied request username={review.request.userInfo.username} namespace={review.request.namespace} reason=Error uid={review.request.uid}")

return self.admission_response(review.request.uid, False, f"Error")

def handle_request(self, request: Request):
self.logger.info(
f"Allowed request username={request.userInfo.username} namespace={namespace_name} uid={request_uid}")
return self.admission_response(request_uid, True, "Allowed")
f"Validating request username={request.userInfo.username} namespace={request.namespace} uid={request.uid}")

try:
self.validate_pod(request)
except ValidationFailure as ex:
self.logger.info(
f"Denied request username={request.userInfo.username} namespace={request.namespace} reason={ex.message} uid={request.uid}")

return self.admission_response(request.uid, False, f"{ex.message}")

self.logger.info(
f"Allowed request username={request.userInfo.username} namespace={request.namespace} uid={request.uid}")
return self.admission_response(request.uid, True, "Allowed")

def validate_pod(self, request: Request):
"""
Validate pods for namespaces with the 'k8s-sync' label
"""
username = request.namespace
namespace = self.kube.get_namespace(request.namespace)

Expand Down
2 changes: 1 addition & 1 deletion tests/app/test_validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ def test_failures_are_logged(self):
}}})

assert_that(self.logger.messages, has_item(
f"INFO Denied request username=user2 namespace=user2 reason={response['response']['status']['message']}"))
f"INFO Denied request username=user2 namespace=user2 reason={response['response']['status']['message']} uid=705ab4f5-6393-11e8-b7cc-42010a800002"))

def test_deny_unknown_user(self):
response = self.when_validate(
Expand Down

0 comments on commit 0f8b499

Please sign in to comment.