forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathingress_admission.go
96 lines (84 loc) · 2.5 KB
/
ingress_admission.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// This plugin supplements upstream Ingress admission validation
// It takes care of current Openshift specific constraints on Ingress resources
package admission
import (
"fmt"
"io"
"reflect"
"k8s.io/client-go/pkg/util/sets"
kadmission "k8s.io/kubernetes/pkg/admission"
kextensions "k8s.io/kubernetes/pkg/apis/extensions"
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
configlatest "github.com/openshift/origin/pkg/cmd/server/api/latest"
"github.com/openshift/origin/pkg/ingress/admission/api"
)
const (
IngressAdmission = "openshift.io/IngressAdmission"
)
func init() {
kadmission.RegisterPlugin(IngressAdmission, func(clien clientset.Interface, config io.Reader) (kadmission.Interface, error) {
pluginConfig, err := readConfig(config)
if err != nil {
return nil, err
}
return NewIngressAdmission(pluginConfig), nil
})
}
type ingressAdmission struct {
*kadmission.Handler
config *api.IngressAdmissionConfig
}
func NewIngressAdmission(config *api.IngressAdmissionConfig) *ingressAdmission {
return &ingressAdmission{
Handler: kadmission.NewHandler(kadmission.Create, kadmission.Update),
config: config,
}
}
func readConfig(reader io.Reader) (*api.IngressAdmissionConfig, error) {
if reader == nil || reflect.ValueOf(reader).IsNil() {
return nil, nil
}
obj, err := configlatest.ReadYAML(reader)
if err != nil {
return nil, err
}
if obj == nil {
return nil, nil
}
config, ok := obj.(*api.IngressAdmissionConfig)
if !ok {
return nil, fmt.Errorf("unexpected config object: %#v", obj)
}
// No validation needed since config is just list of strings
return config, nil
}
func (r *ingressAdmission) Admit(a kadmission.Attributes) error {
if a.GetResource().GroupResource() == kextensions.Resource("ingresses") && a.GetOperation() == kadmission.Update {
if r.config == nil || r.config.AllowHostnameChanges == false {
oldIngress, ok := a.GetOldObject().(*kextensions.Ingress)
if !ok {
return nil
}
newIngress, ok := a.GetObject().(*kextensions.Ingress)
if !ok {
return nil
}
if !haveHostnamesChanged(oldIngress, newIngress) {
return fmt.Errorf("cannot change hostname")
}
}
}
return nil
}
func haveHostnamesChanged(oldIngress, newIngress *kextensions.Ingress) bool {
hostnameSet := sets.NewString()
for _, element := range oldIngress.Spec.Rules {
hostnameSet.Insert(element.Host)
}
for _, element := range newIngress.Spec.Rules {
if present := hostnameSet.Has(element.Host); !present {
return false
}
}
return true
}