1/* 2Copyright 2018 The Kubernetes Authors. 3 4Licensed under the Apache License, Version 2.0 (the "License"); 5you may not use this file except in compliance with the License. 6You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10Unless required by applicable law or agreed to in writing, software 11distributed under the License is distributed on an "AS IS" BASIS, 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13See the License for the specific language governing permissions and 14limitations under the License. 15*/ 16 17package generic 18 19import ( 20 "context" 21 22 "k8s.io/apimachinery/pkg/runtime" 23 "k8s.io/apimachinery/pkg/runtime/schema" 24 "k8s.io/apiserver/pkg/admission" 25 "k8s.io/apiserver/pkg/admission/plugin/webhook" 26) 27 28// Source can list dynamic webhook plugins. 29type Source interface { 30 Webhooks() []webhook.WebhookAccessor 31 HasSynced() bool 32} 33 34// VersionedAttributes is a wrapper around the original admission attributes, adding versioned 35// variants of the object and old object. 36type VersionedAttributes struct { 37 // Attributes holds the original admission attributes 38 admission.Attributes 39 // VersionedOldObject holds Attributes.OldObject (if non-nil), converted to VersionedKind. 40 // It must never be mutated. 41 VersionedOldObject runtime.Object 42 // VersionedObject holds Attributes.Object (if non-nil), converted to VersionedKind. 43 // If mutated, Dirty must be set to true by the mutator. 44 VersionedObject runtime.Object 45 // VersionedKind holds the fully qualified kind 46 VersionedKind schema.GroupVersionKind 47 // Dirty indicates VersionedObject has been modified since being converted from Attributes.Object 48 Dirty bool 49} 50 51// GetObject overrides the Attributes.GetObject() 52func (v *VersionedAttributes) GetObject() runtime.Object { 53 if v.VersionedObject != nil { 54 return v.VersionedObject 55 } 56 return v.Attributes.GetObject() 57} 58 59// WebhookInvocation describes how to call a webhook, including the resource and subresource the webhook registered for, 60// and the kind that should be sent to the webhook. 61type WebhookInvocation struct { 62 Webhook webhook.WebhookAccessor 63 Resource schema.GroupVersionResource 64 Subresource string 65 Kind schema.GroupVersionKind 66} 67 68// Dispatcher dispatches webhook call to a list of webhooks with admission attributes as argument. 69type Dispatcher interface { 70 // Dispatch a request to the webhooks. Dispatcher may choose not to 71 // call a hook, either because the rules of the hook does not match, or 72 // the namespaceSelector or the objectSelector of the hook does not 73 // match. A non-nil error means the request is rejected. 74 Dispatch(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces, hooks []webhook.WebhookAccessor) error 75} 76