diff --git a/plugin/pkg/admission/namespace/autoprovision/admission.go b/plugin/pkg/admission/namespace/autoprovision/admission.go index 23fdfea48a2..df79f37735d 100644 --- a/plugin/pkg/admission/namespace/autoprovision/admission.go +++ b/plugin/pkg/admission/namespace/autoprovision/admission.go @@ -22,7 +22,6 @@ import ( "k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" - "k8s.io/kubernetes/pkg/api/meta" "k8s.io/kubernetes/pkg/client/cache" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/runtime" @@ -45,17 +44,13 @@ type provision struct { } func (p *provision) Admit(a admission.Attributes) (err error) { - kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) - if err != nil { - return admission.NewForbidden(a, err) - } - mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version) - if err != nil { - return admission.NewForbidden(a, err) - } - if mapping.Scope.Name() != meta.RESTScopeNameNamespace { + // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do + // if we're here, then the API server has found a route, which means that if we have a non-empty namespace + // its a namespaced resource. + if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") { return nil } + namespace := &api.Namespace{ ObjectMeta: api.ObjectMeta{ Name: a.GetNamespace(), diff --git a/plugin/pkg/admission/namespace/exists/admission.go b/plugin/pkg/admission/namespace/exists/admission.go index 5411bc2bb0c..2f3ffe5f280 100644 --- a/plugin/pkg/admission/namespace/exists/admission.go +++ b/plugin/pkg/admission/namespace/exists/admission.go @@ -23,7 +23,6 @@ import ( "k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" - "k8s.io/kubernetes/pkg/api/meta" "k8s.io/kubernetes/pkg/client/cache" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/runtime" @@ -46,17 +45,13 @@ type exists struct { } func (e *exists) Admit(a admission.Attributes) (err error) { - kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) - if err != nil { - return errors.NewInternalError(err) - } - mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version) - if err != nil { - return errors.NewInternalError(err) - } - if mapping.Scope.Name() != meta.RESTScopeNameNamespace { + // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do + // if we're here, then the API server has found a route, which means that if we have a non-empty namespace + // its a namespaced resource. + if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") { return nil } + namespace := &api.Namespace{ ObjectMeta: api.ObjectMeta{ Name: a.GetNamespace(), diff --git a/plugin/pkg/admission/namespace/lifecycle/admission.go b/plugin/pkg/admission/namespace/lifecycle/admission.go index 8344f6e0a58..514d35f46d2 100644 --- a/plugin/pkg/admission/namespace/lifecycle/admission.go +++ b/plugin/pkg/admission/namespace/lifecycle/admission.go @@ -24,7 +24,6 @@ import ( "k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" - "k8s.io/kubernetes/pkg/api/meta" "k8s.io/kubernetes/pkg/client/cache" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/runtime" @@ -53,17 +52,13 @@ func (l *lifecycle) Admit(a admission.Attributes) (err error) { return errors.NewForbidden(a.GetResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted")) } - kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) - if err != nil { - return errors.NewInternalError(err) - } - mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version) - if err != nil { - return errors.NewInternalError(err) - } - if mapping.Scope.Name() != meta.RESTScopeNameNamespace { + // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do + // if we're here, then the API server has found a route, which means that if we have a non-empty namespace + // its a namespaced resource. + if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") { return nil } + namespaceObj, exists, err := l.store.Get(&api.Namespace{ ObjectMeta: api.ObjectMeta{ Name: a.GetNamespace(),