admission: split MutationInterface out of Interface

2025-07-24 12:15:52 +00:00 · 2017-10-24 11:24:04 +02:00 · 2017-10-24 11:24:04 +02:00 · d4f48c9313
commit d4f48c9313
parent 970d2553cc
2 changed files with 28 additions and 10 deletions
--- a/staging/src/k8s.io/apiserver/pkg/admission/chain.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/chain.go
@ -30,9 +30,27 @@ func (admissionHandler chainAdmissionHandler) Admit(a Attributes) error {
 		if !handler.Handles(a.GetOperation()) {
 			continue
 		}
-		err := handler.Admit(a)
-		if err != nil {
-			return err
+		if mutator, ok := handler.(MutationInterface); ok {
+			err := mutator.Admit(a)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// ValidatingAdmit performs an admission control check using a chain of handlers, and returns immediately on first error
+func (admissionHandler chainAdmissionHandler) ValidatingAdmit(a Attributes) error {
+	for _, handler := range admissionHandler {
+		if !handler.Handles(a.GetOperation()) {
+			continue
+		}
+		if validator, ok := handler.(ValidationInterface); ok {
+			err := validator.ValidatingAdmit(a)
+			if err != nil {
+				return err
+			}
 		}
 	}
 	return nil
--- a/staging/src/k8s.io/apiserver/pkg/admission/interfaces.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/interfaces.go
@ -53,22 +53,22 @@ type Attributes interface {

 // Interface is an abstract, pluggable interface for Admission Control decisions.
 type Interface interface {
-	// Admit makes an admission decision based on the request attributes
-	Admit(a Attributes) (err error)
-
 	// Handles returns true if this admission controller can handle the given operation
 	// where operation can be one of CREATE, UPDATE, DELETE, or CONNECT
 	Handles(operation Operation) bool
 }

+type MutationInterface interface {
+	Interface
+
+	// Admit makes an admission decision based on the request attributes
+	Admit(a Attributes) (err error)
+}
+
 // ValidationInterface is an abstract, pluggable interface for Admission Control decisions.
 type ValidationInterface interface {
 	// ValidatingAdmit makes an admission decision based on the request attributes.  It is NOT allowed to mutate
 	ValidatingAdmit(a Attributes) (err error)
-
-	// Handles returns true if this admission controller can handle the given operation
-	// where operation can be one of CREATE, UPDATE, DELETE, or CONNECT
-	Handles(operation Operation) bool
 }

 // Operation is the type of resource operation being checked for admission control