Skip to content

Commit

Permalink
webhooks: fix AdmissionReview responses
Browse files Browse the repository at this point in the history
AdmissionReview responses are not well-formed as
they do not include 'apiVersion' and 'Kind', this commit
fixes it.

For reference:
- https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#response
- kubernetes/kubernetes#85681

Signed-off-by: Antonio Cardace <[email protected]>
acardace committed Mar 24, 2021
1 parent 3a59b97 commit 9cf04db
Showing 3 changed files with 14 additions and 2 deletions.
7 changes: 6 additions & 1 deletion pkg/util/webhooks/validating-webhooks/validating-webhook.go
Original file line number Diff line number Diff line change
@@ -56,14 +56,19 @@ func NewAdmissionResponse(causes []v1.StatusCause) *v1beta1.AdmissionResponse {
}

func Serve(resp http.ResponseWriter, req *http.Request, admitter Admitter) {
response := v1beta1.AdmissionReview{}
review, err := webhooks.GetAdmissionReview(req)

if err != nil {
resp.WriteHeader(http.StatusBadRequest)
return
}

response := v1beta1.AdmissionReview{
TypeMeta: v1.TypeMeta{
APIVersion: v1beta1.SchemeGroupVersion.String(),
Kind: "AdmissionReview",
},
}
reviewResponse := admitter.Admit(review)
if reviewResponse != nil {
response.Response = reviewResponse
1 change: 1 addition & 0 deletions pkg/virt-api/webhooks/mutating-webhook/BUILD.bazel
Original file line number Diff line number Diff line change
@@ -11,6 +11,7 @@ go_library(
"//pkg/virt-config:go_default_library",
"//staging/src/kubevirt.io/client-go/log:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
],
)
8 changes: 7 additions & 1 deletion pkg/virt-api/webhooks/mutating-webhook/mutating-webhook.go
Original file line number Diff line number Diff line change
@@ -24,6 +24,7 @@ import (
"net/http"

"k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"

"kubevirt.io/client-go/log"
@@ -37,14 +38,19 @@ type mutator interface {
}

func serve(resp http.ResponseWriter, req *http.Request, m mutator) {
response := v1beta1.AdmissionReview{}
review, err := webhookutils.GetAdmissionReview(req)

if err != nil {
resp.WriteHeader(http.StatusBadRequest)
return
}

response := v1beta1.AdmissionReview{
TypeMeta: metav1.TypeMeta{
APIVersion: v1beta1.SchemeGroupVersion.String(),
Kind: "AdmissionReview",
},
}
reviewResponse := m.Mutate(review)
if reviewResponse != nil {
response.Response = reviewResponse

0 comments on commit 9cf04db

Please sign in to comment.