simplified namespace related admission controllers

This commit is contained in:
deads2k 2015-12-18 13:41:06 -05:00
parent 20f9c2c545
commit f5cb91af8e
3 changed files with 15 additions and 30 deletions

View File

@ -22,7 +22,6 @@ import (
"k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/admission"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/errors" "k8s.io/kubernetes/pkg/api/errors"
"k8s.io/kubernetes/pkg/api/meta"
"k8s.io/kubernetes/pkg/client/cache" "k8s.io/kubernetes/pkg/client/cache"
client "k8s.io/kubernetes/pkg/client/unversioned" client "k8s.io/kubernetes/pkg/client/unversioned"
"k8s.io/kubernetes/pkg/runtime" "k8s.io/kubernetes/pkg/runtime"
@ -45,17 +44,13 @@ type provision struct {
} }
func (p *provision) Admit(a admission.Attributes) (err error) { func (p *provision) Admit(a admission.Attributes) (err error) {
kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
if err != nil { // if we're here, then the API server has found a route, which means that if we have a non-empty namespace
return admission.NewForbidden(a, err) // its a namespaced resource.
} if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
if err != nil {
return admission.NewForbidden(a, err)
}
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
return nil return nil
} }
namespace := &api.Namespace{ namespace := &api.Namespace{
ObjectMeta: api.ObjectMeta{ ObjectMeta: api.ObjectMeta{
Name: a.GetNamespace(), Name: a.GetNamespace(),

View File

@ -23,7 +23,6 @@ import (
"k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/admission"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/errors" "k8s.io/kubernetes/pkg/api/errors"
"k8s.io/kubernetes/pkg/api/meta"
"k8s.io/kubernetes/pkg/client/cache" "k8s.io/kubernetes/pkg/client/cache"
client "k8s.io/kubernetes/pkg/client/unversioned" client "k8s.io/kubernetes/pkg/client/unversioned"
"k8s.io/kubernetes/pkg/runtime" "k8s.io/kubernetes/pkg/runtime"
@ -46,17 +45,13 @@ type exists struct {
} }
func (e *exists) Admit(a admission.Attributes) (err error) { func (e *exists) Admit(a admission.Attributes) (err error) {
kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
if err != nil { // if we're here, then the API server has found a route, which means that if we have a non-empty namespace
return errors.NewInternalError(err) // its a namespaced resource.
} if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
if err != nil {
return errors.NewInternalError(err)
}
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
return nil return nil
} }
namespace := &api.Namespace{ namespace := &api.Namespace{
ObjectMeta: api.ObjectMeta{ ObjectMeta: api.ObjectMeta{
Name: a.GetNamespace(), Name: a.GetNamespace(),

View File

@ -24,7 +24,6 @@ import (
"k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/admission"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/errors" "k8s.io/kubernetes/pkg/api/errors"
"k8s.io/kubernetes/pkg/api/meta"
"k8s.io/kubernetes/pkg/client/cache" "k8s.io/kubernetes/pkg/client/cache"
client "k8s.io/kubernetes/pkg/client/unversioned" client "k8s.io/kubernetes/pkg/client/unversioned"
"k8s.io/kubernetes/pkg/runtime" "k8s.io/kubernetes/pkg/runtime"
@ -53,17 +52,13 @@ func (l *lifecycle) Admit(a admission.Attributes) (err error) {
return errors.NewForbidden(a.GetResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted")) return errors.NewForbidden(a.GetResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted"))
} }
kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion("")) // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
if err != nil { // if we're here, then the API server has found a route, which means that if we have a non-empty namespace
return errors.NewInternalError(err) // its a namespaced resource.
} if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
if err != nil {
return errors.NewInternalError(err)
}
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
return nil return nil
} }
namespaceObj, exists, err := l.store.Get(&api.Namespace{ namespaceObj, exists, err := l.store.Get(&api.Namespace{
ObjectMeta: api.ObjectMeta{ ObjectMeta: api.ObjectMeta{
Name: a.GetNamespace(), Name: a.GetNamespace(),