simplified namespace related admission controllers

plugin/pkg/admission/namespace/autoprovision/admission.go

@@ -22,7 +22,6 @@ import (
 	"k8s.io/kubernetes/pkg/admission"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/api/errors"
-	"k8s.io/kubernetes/pkg/api/meta"
 	"k8s.io/kubernetes/pkg/client/cache"
 	client "k8s.io/kubernetes/pkg/client/unversioned"
 	"k8s.io/kubernetes/pkg/runtime"
@@ -45,17 +44,13 @@ type provision struct {
 }
 
 func (p *provision) Admit(a admission.Attributes) (err error) {
-	kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion(""))
+	// if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
-	if err != nil {
+	// if we're here, then the API server has found a route, which means that if we have a non-empty namespace
-		return admission.NewForbidden(a, err)
+	// its a namespaced resource.
-	}
+	if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
-	mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
-	if err != nil {
-		return admission.NewForbidden(a, err)
-	}
-	if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
 		return nil
 	}
+
 	namespace := &api.Namespace{
 		ObjectMeta: api.ObjectMeta{
 			Name:      a.GetNamespace(),

plugin/pkg/admission/namespace/exists/admission.go

@@ -23,7 +23,6 @@ import (
 	"k8s.io/kubernetes/pkg/admission"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/api/errors"
-	"k8s.io/kubernetes/pkg/api/meta"
 	"k8s.io/kubernetes/pkg/client/cache"
 	client "k8s.io/kubernetes/pkg/client/unversioned"
 	"k8s.io/kubernetes/pkg/runtime"
@@ -46,17 +45,13 @@ type exists struct {
 }
 
 func (e *exists) Admit(a admission.Attributes) (err error) {
-	kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion(""))
+	// if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
-	if err != nil {
+	// if we're here, then the API server has found a route, which means that if we have a non-empty namespace
-		return errors.NewInternalError(err)
+	// its a namespaced resource.
-	}
+	if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
-	mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
-	if err != nil {
-		return errors.NewInternalError(err)
-	}
-	if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
 		return nil
 	}
+
 	namespace := &api.Namespace{
 		ObjectMeta: api.ObjectMeta{
 			Name:      a.GetNamespace(),

plugin/pkg/admission/namespace/lifecycle/admission.go

@@ -24,7 +24,6 @@ import (
 	"k8s.io/kubernetes/pkg/admission"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/api/errors"
-	"k8s.io/kubernetes/pkg/api/meta"
 	"k8s.io/kubernetes/pkg/client/cache"
 	client "k8s.io/kubernetes/pkg/client/unversioned"
 	"k8s.io/kubernetes/pkg/runtime"
@@ -53,17 +52,13 @@ func (l *lifecycle) Admit(a admission.Attributes) (err error) {
 		return errors.NewForbidden(a.GetResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted"))
 	}
 
-	kind, err := api.RESTMapper.KindFor(a.GetResource().WithVersion(""))
+	// if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do
-	if err != nil {
+	// if we're here, then the API server has found a route, which means that if we have a non-empty namespace
-		return errors.NewInternalError(err)
+	// its a namespaced resource.
-	}
+	if len(a.GetNamespace()) == 0 || a.GetKind() == api.Kind("Namespace") {
-	mapping, err := api.RESTMapper.RESTMapping(kind.GroupKind(), kind.Version)
-	if err != nil {
-		return errors.NewInternalError(err)
-	}
-	if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
 		return nil
 	}
+
 	namespaceObj, exists, err := l.store.Get(&api.Namespace{
 		ObjectMeta: api.ObjectMeta{
 			Name:      a.GetNamespace(),