8e5b17cf13
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
83 lines
3.4 KiB
Go
83 lines
3.4 KiB
Go
/*
|
|
Copyright 2014 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package admission
|
|
|
|
import (
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
"k8s.io/apiserver/pkg/authentication/user"
|
|
)
|
|
|
|
// Attributes is an interface used by AdmissionController to get information about a request
|
|
// that is used to make an admission decision.
|
|
type Attributes interface {
|
|
// GetName returns the name of the object as presented in the request. On a CREATE operation, the client
|
|
// may omit name and rely on the server to generate the name. If that is the case, this method will return
|
|
// the empty string
|
|
GetName() string
|
|
// GetNamespace is the namespace associated with the request (if any)
|
|
GetNamespace() string
|
|
// GetResource is the name of the resource being requested. This is not the kind. For example: pods
|
|
GetResource() schema.GroupVersionResource
|
|
// GetSubresource is the name of the subresource being requested. This is a different resource, scoped to the parent resource, but it may have a different kind.
|
|
// For instance, /pods has the resource "pods" and the kind "Pod", while /pods/foo/status has the resource "pods", the sub resource "status", and the kind "Pod"
|
|
// (because status operates on pods). The binding resource for a pod though may be /pods/foo/binding, which has resource "pods", subresource "binding", and kind "Binding".
|
|
GetSubresource() string
|
|
// GetOperation is the operation being performed
|
|
GetOperation() Operation
|
|
// GetObject is the object from the incoming request prior to default values being applied
|
|
GetObject() runtime.Object
|
|
// GetOldObject is the existing object. Only populated for UPDATE requests.
|
|
GetOldObject() runtime.Object
|
|
// GetKind is the type of object being manipulated. For example: Pod
|
|
GetKind() schema.GroupVersionKind
|
|
// GetUserInfo is information about the requesting user
|
|
GetUserInfo() user.Info
|
|
}
|
|
|
|
// Interface is an abstract, pluggable interface for Admission Control decisions.
|
|
type Interface interface {
|
|
// Admit makes an admission decision based on the request attributes
|
|
Admit(a Attributes) (err error)
|
|
|
|
// Handles returns true if this admission controller can handle the given operation
|
|
// where operation can be one of CREATE, UPDATE, DELETE, or CONNECT
|
|
Handles(operation Operation) bool
|
|
}
|
|
|
|
// Operation is the type of resource operation being checked for admission control
|
|
type Operation string
|
|
|
|
// Operation constants
|
|
const (
|
|
Create Operation = "CREATE"
|
|
Update Operation = "UPDATE"
|
|
Delete Operation = "DELETE"
|
|
Connect Operation = "CONNECT"
|
|
)
|
|
|
|
// PluginInitializer is used for initialization of shareable resources between admission plugins.
|
|
// After initialization the resources have to be set separately
|
|
type PluginInitializer interface {
|
|
Initialize(plugin Interface)
|
|
}
|
|
|
|
// Validator holds Validate functions, which are responsible for validation of initialized shared resources
|
|
// and should be implemented on admission plugins
|
|
type Validator interface {
|
|
Validate() error
|
|
}
|