github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #56213 from deads2k/admission-18-validation

Browse Source 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

require webhook admission kubeconfigfile to be absolute

Minimal change to enforce absolute file paths when using webhook admission config.

Eventually we should resolve the local file paths relative to the original configuration file, but that requires fairly significant plumbing.

@caesarxuchao @sttts @liggitt 

If this is not fixed, then inconsistent, seemingly random file resolution will happen and may pin this API to bad behavior that we will later have to break.
This commit is contained in:
Kubernetes Submit Queue 2017-11-22 07:45:37 -08:00 committed by GitHub
commit 65f5c1e847
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/config/BUILD
View File

@ -16,6 +16,7 @@ go_library(
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors:go_default_library",

9
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/config/kubeconfig.go
View File

@ -17,13 +17,14 @@ limitations under the License.
package config
import (
"fmt"
"io"
"io/ioutil"
"fmt"
"path"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission"
"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1"
)
@ -57,6 +58,10 @@ func LoadConfig(configFile io.Reader) (string, error) {
return "", fmt.Errorf("unexpected type: %T", decodedObj)
}
if !path.IsAbs(config.KubeConfigFile) {
return "", field.Invalid(field.NewPath("kubeConfigFile"), config.KubeConfigFile, "must be an absolute file path")
}
kubeconfigFile = config.KubeConfigFile
}
return kubeconfigFile, nil