From f5cb91af8ecbb6414ad6140a5c383738d22e73da Mon Sep 17 00:00:00 2001 From: deads2k Date: Fri, 18 Dec 2015 13:41:06 -0500 Subject: [PATCH] simplified namespace related admission controllers --- .../namespace/autoprovision/admission.go | 15 +++++---------- .../pkg/admission/namespace/exists/admission.go | 15 +++++---------- .../admission/namespace/lifecycle/admission.go | 15 +++++---------- 3 files changed, 15 insertions(+), 30 deletions(-) diff --git a/plugin/pkg/admission/namespace/autoprovision/admission.go b/plugin/pkg/admission/namespace/autoprovision/admission.go index 23fdfea48a2..df79f37735d 100644 --- a/plugin/pkg/admission/namespace/autoprovision/admission.go +++ b/plugin/pkg/admission/namespace/autoprovision/admission.go @@ -22,7 +22,6 @@ import ( "k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" - "k8s.io/kubernetes/pkg/api/meta" "k8s.io/kubernetes/pkg/client/cache" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/runtime" @@ -45,17 +44,13 @@ type provision struct { } func (p *provision) Admit(a admission.Attributes) (err error) { - kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) - if err != nil { - return admission.NewForbidden(a, err) - } - mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version) - if err != nil { - return admission.NewForbidden(a, err) - } - if mapping.Scope.Name() != meta.RESTScopeNameNamespace { + // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do + // if we're here, then the API server has found a route, which means that if we have a non-empty namespace + // its a namespaced resource. + if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") { return nil } + namespace := &api.Namespace{ ObjectMeta: api.ObjectMeta{ Name: a.GetNamespace(), diff --git a/plugin/pkg/admission/namespace/exists/admission.go b/plugin/pkg/admission/namespace/exists/admission.go index 5411bc2bb0c..2f3ffe5f280 100644 --- a/plugin/pkg/admission/namespace/exists/admission.go +++ b/plugin/pkg/admission/namespace/exists/admission.go @@ -23,7 +23,6 @@ import ( "k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" - "k8s.io/kubernetes/pkg/api/meta" "k8s.io/kubernetes/pkg/client/cache" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/runtime" @@ -46,17 +45,13 @@ type exists struct { } func (e *exists) Admit(a admission.Attributes) (err error) { - kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) - if err != nil { - return errors.NewInternalError(err) - } - mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version) - if err != nil { - return errors.NewInternalError(err) - } - if mapping.Scope.Name() != meta.RESTScopeNameNamespace { + // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do + // if we're here, then the API server has found a route, which means that if we have a non-empty namespace + // its a namespaced resource. + if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") { return nil } + namespace := &api.Namespace{ ObjectMeta: api.ObjectMeta{ Name: a.GetNamespace(), diff --git a/plugin/pkg/admission/namespace/lifecycle/admission.go b/plugin/pkg/admission/namespace/lifecycle/admission.go index 8344f6e0a58..514d35f46d2 100644 --- a/plugin/pkg/admission/namespace/lifecycle/admission.go +++ b/plugin/pkg/admission/namespace/lifecycle/admission.go @@ -24,7 +24,6 @@ import ( "k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" - "k8s.io/kubernetes/pkg/api/meta" "k8s.io/kubernetes/pkg/client/cache" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/runtime" @@ -53,17 +52,13 @@ func (l *lifecycle) Admit(a admission.Attributes) (err error) { return errors.NewForbidden(a.GetResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted")) } - kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) - if err != nil { - return errors.NewInternalError(err) - } - mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version) - if err != nil { - return errors.NewInternalError(err) - } - if mapping.Scope.Name() != meta.RESTScopeNameNamespace { + // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do + // if we're here, then the API server has found a route, which means that if we have a non-empty namespace + // its a namespaced resource. + if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") { return nil } + namespaceObj, exists, err := l.store.Get(&api.Namespace{ ObjectMeta: api.ObjectMeta{ Name: a.GetNamespace(),