mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 04:33:26 +00:00
Merge pull request #25898 from deads2k/make-admission-enablable
make admission plugins configurable based on external criteria
This commit is contained in:
Alex Mohr
commit
f24b7a7391
@ -17,12 +17,16 @@ limitations under the License.
|
|||||||
package admission
|
package admission
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"io"
|
"io"
|
||||||
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
|
"reflect"
|
||||||
"sort"
|
"sort"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
|
|
||||||
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
|
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -36,8 +40,16 @@ type Factory func(client clientset.Interface, config io.Reader) (Interface, erro
|
|||||||
var (
|
var (
|
||||||
pluginsMutex sync.Mutex
|
pluginsMutex sync.Mutex
|
||||||
plugins = make(map[string]Factory)
|
plugins = make(map[string]Factory)
|
||||||
|
|
||||||
|
// PluginEnabledFn checks whether a plugin is enabled. By default, if you ask about it, it's enabled.
|
||||||
|
PluginEnabledFn = func(name string, config io.Reader) bool {
|
||||||
|
return true
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// PluginEnabledFunc is a function type that can provide an external check on whether an admission plugin may be enabled
|
||||||
|
type PluginEnabledFunc func(name string, config io.Reader) bool
|
||||||
|
|
||||||
// GetPlugins enumerates the names of all registered plugins.
|
// GetPlugins enumerates the names of all registered plugins.
|
||||||
func GetPlugins() []string {
|
func GetPlugins() []string {
|
||||||
pluginsMutex.Lock()
|
pluginsMutex.Lock()
|
||||||
@ -74,10 +86,33 @@ func getPlugin(name string, client clientset.Interface, config io.Reader) (Inter
|
|||||||
if !found {
|
if !found {
|
||||||
return nil, false, nil
|
return nil, false, nil
|
||||||
}
|
}
|
||||||
ret, err := f(client, config)
|
|
||||||
|
config1, config2, err := splitStream(config)
|
||||||
|
if err != nil {
|
||||||
|
return nil, true, err
|
||||||
|
}
|
||||||
|
if !PluginEnabledFn(name, config1) {
|
||||||
|
return nil, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
ret, err := f(client, config2)
|
||||||
return ret, true, err
|
return ret, true, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// splitStream reads the stream bytes and constructs two copies of it.
|
||||||
|
func splitStream(config io.Reader) (io.Reader, io.Reader, error) {
|
||||||
|
if config == nil || reflect.ValueOf(config).IsNil() {
|
||||||
|
return nil, nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
configBytes, err := ioutil.ReadAll(config)
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return bytes.NewBuffer(configBytes), bytes.NewBuffer(configBytes), nil
|
||||||
|
}
|
||||||
|
|
||||||
// InitPlugin creates an instance of the named interface.
|
// InitPlugin creates an instance of the named interface.
|
||||||
func InitPlugin(name string, client clientset.Interface, configFilePath string) Interface {
|
func InitPlugin(name string, client clientset.Interface, configFilePath string) Interface {
|
||||||
var (
|
var (
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user