forked from saharsh-samples/openshift-admission-webhook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mutate-namespaces.go
47 lines (38 loc) · 1.25 KB
/
mutate-namespaces.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package routes
import (
"maw/integrations"
"net/http"
base "github.com/saharsh-samples/go-mux-sql-starter/http"
"github.com/saharsh-samples/go-mux-sql-starter/http/utils"
)
type namespaceMutator struct {
specialProvider integrations.SpecialProvider
jsonUtils utils.JSONUtils
}
// Register endpoint+method handlers
func (resource *namespaceMutator) Register(agent base.RoutesAgent) {
agent.RegisterPost("/admissions/namespaces", resource.MutateNamespace)
}
func (resource *namespaceMutator) MutateNamespace(w http.ResponseWriter, r *http.Request) {
h := &admissionHelper{jsonUtils: resource.jsonUtils, r: r, w: w}
review, parseError := h.parseIncomingReview()
if parseError != nil {
return
}
// Determine if namespace is special
nsName, err := getResourceMetadataFieldAsString(review, "name")
if err != nil {
h.denyAdmission(review.Request.UID, err.Error(), http.StatusBadRequest)
return
}
isSpecial := resource.specialProvider.IsNamespaceSpecial(nsName)
// if special, add node selector
if isSpecial {
h.allowWithPatches(
review.Request.UID,
[]string{`{ "op" : "add", "path": "/metadata/annotations/openshift.io~1node-selector", "value": "workload-type=special"}`},
)
} else {
h.allowWithoutPatches(review.Request.UID)
}
}