mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
simplified namespace related admission controllers
This commit is contained in:
parent
20f9c2c545
commit
f5cb91af8e
@ -22,7 +22,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/admission"
|
"k8s.io/kubernetes/pkg/admission"
|
||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
"k8s.io/kubernetes/pkg/api/errors"
|
"k8s.io/kubernetes/pkg/api/errors"
|
||||||
"k8s.io/kubernetes/pkg/api/meta"
|
|
||||||
"k8s.io/kubernetes/pkg/client/cache"
|
"k8s.io/kubernetes/pkg/client/cache"
|
||||||
client "k8s.io/kubernetes/pkg/client/unversioned"
|
client "k8s.io/kubernetes/pkg/client/unversioned"
|
||||||
"k8s.io/kubernetes/pkg/runtime"
|
"k8s.io/kubernetes/pkg/runtime"
|
||||||
@ -45,17 +44,13 @@ type provision struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *provision) Admit(a admission.Attributes) (err error) {
|
func (p *provision) Admit(a admission.Attributes) (err error) {
|
||||||
kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion(""))
|
// if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
|
||||||
if err != nil {
|
// if we're here, then the API server has found a route, which means that if we have a non-empty namespace
|
||||||
return admission.NewForbidden(a, err)
|
// its a namespaced resource.
|
||||||
}
|
if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
|
||||||
mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
|
|
||||||
if err != nil {
|
|
||||||
return admission.NewForbidden(a, err)
|
|
||||||
}
|
|
||||||
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace := &api.Namespace{
|
namespace := &api.Namespace{
|
||||||
ObjectMeta: api.ObjectMeta{
|
ObjectMeta: api.ObjectMeta{
|
||||||
Name: a.GetNamespace(),
|
Name: a.GetNamespace(),
|
||||||
|
@ -23,7 +23,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/admission"
|
"k8s.io/kubernetes/pkg/admission"
|
||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
"k8s.io/kubernetes/pkg/api/errors"
|
"k8s.io/kubernetes/pkg/api/errors"
|
||||||
"k8s.io/kubernetes/pkg/api/meta"
|
|
||||||
"k8s.io/kubernetes/pkg/client/cache"
|
"k8s.io/kubernetes/pkg/client/cache"
|
||||||
client "k8s.io/kubernetes/pkg/client/unversioned"
|
client "k8s.io/kubernetes/pkg/client/unversioned"
|
||||||
"k8s.io/kubernetes/pkg/runtime"
|
"k8s.io/kubernetes/pkg/runtime"
|
||||||
@ -46,17 +45,13 @@ type exists struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (e *exists) Admit(a admission.Attributes) (err error) {
|
func (e *exists) Admit(a admission.Attributes) (err error) {
|
||||||
kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion(""))
|
// if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
|
||||||
if err != nil {
|
// if we're here, then the API server has found a route, which means that if we have a non-empty namespace
|
||||||
return errors.NewInternalError(err)
|
// its a namespaced resource.
|
||||||
}
|
if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
|
||||||
mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
|
|
||||||
if err != nil {
|
|
||||||
return errors.NewInternalError(err)
|
|
||||||
}
|
|
||||||
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace := &api.Namespace{
|
namespace := &api.Namespace{
|
||||||
ObjectMeta: api.ObjectMeta{
|
ObjectMeta: api.ObjectMeta{
|
||||||
Name: a.GetNamespace(),
|
Name: a.GetNamespace(),
|
||||||
|
@ -24,7 +24,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/admission"
|
"k8s.io/kubernetes/pkg/admission"
|
||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
"k8s.io/kubernetes/pkg/api/errors"
|
"k8s.io/kubernetes/pkg/api/errors"
|
||||||
"k8s.io/kubernetes/pkg/api/meta"
|
|
||||||
"k8s.io/kubernetes/pkg/client/cache"
|
"k8s.io/kubernetes/pkg/client/cache"
|
||||||
client "k8s.io/kubernetes/pkg/client/unversioned"
|
client "k8s.io/kubernetes/pkg/client/unversioned"
|
||||||
"k8s.io/kubernetes/pkg/runtime"
|
"k8s.io/kubernetes/pkg/runtime"
|
||||||
@ -53,17 +52,13 @@ func (l *lifecycle) Admit(a admission.Attributes) (err error) {
|
|||||||
return errors.NewForbidden(a.GetResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted"))
|
return errors.NewForbidden(a.GetResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted"))
|
||||||
}
|
}
|
||||||
|
|
||||||
kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion(""))
|
// if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
|
||||||
if err != nil {
|
// if we're here, then the API server has found a route, which means that if we have a non-empty namespace
|
||||||
return errors.NewInternalError(err)
|
// its a namespaced resource.
|
||||||
}
|
if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
|
||||||
mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
|
|
||||||
if err != nil {
|
|
||||||
return errors.NewInternalError(err)
|
|
||||||
}
|
|
||||||
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
namespaceObj, exists, err := l.store.Get(&api.Namespace{
|
namespaceObj, exists, err := l.store.Get(&api.Namespace{
|
||||||
ObjectMeta: api.ObjectMeta{
|
ObjectMeta: api.ObjectMeta{
|
||||||
Name: a.GetNamespace(),
|
Name: a.GetNamespace(),
|
||||||
|
Loading…
Reference in New Issue
Block a user