k8s.io/apiserver@v0.31.1/pkg/admission/reinvocation.go

k8s.io/apiserver@v0.31.1/pkg/admission/reinvocation.go (about)

     1  /*
     2  Copyright 2019 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package admission
    18  
    19  import "context"
    20  
    21  // newReinvocationHandler creates a handler that wraps the provided admission chain and reinvokes it
    22  // if needed according to re-invocation policy of the webhooks.
    23  func newReinvocationHandler(admissionChain Interface) Interface {
    24  	return &reinvoker{admissionChain}
    25  }
    26  
    27  type reinvoker struct {
    28  	admissionChain Interface
    29  }
    30  
    31  // Admit performs an admission control check using the wrapped admission chain, reinvoking the
    32  // admission chain if needed according to the reinvocation policy.  Plugins are expected to check
    33  // the admission attributes' reinvocation context against their reinvocation policy to decide if
    34  // they should re-run, and to update the reinvocation context if they perform any mutations.
    35  func (r *reinvoker) Admit(ctx context.Context, a Attributes, o ObjectInterfaces) error {
    36  	if mutator, ok := r.admissionChain.(MutationInterface); ok {
    37  		err := mutator.Admit(ctx, a, o)
    38  		if err != nil {
    39  			return err
    40  		}
    41  		s := a.GetReinvocationContext()
    42  		if s.ShouldReinvoke() {
    43  			s.SetIsReinvoke()
    44  			// Calling admit a second time will reinvoke all in-tree plugins
    45  			// as well as any webhook plugins that need to be reinvoked based on the
    46  			// reinvocation policy.
    47  			return mutator.Admit(ctx, a, o)
    48  		}
    49  	}
    50  	return nil
    51  }
    52  
    53  // Validate performs an admission control check using the wrapped admission chain, and returns immediately on first error.
    54  func (r *reinvoker) Validate(ctx context.Context, a Attributes, o ObjectInterfaces) error {
    55  	if validator, ok := r.admissionChain.(ValidationInterface); ok {
    56  		return validator.Validate(ctx, a, o)
    57  	}
    58  	return nil
    59  }
    60  
    61  // Handles will return true if any of the admission chain handlers handle the given operation.
    62  func (r *reinvoker) Handles(operation Operation) bool {
    63  	return r.admissionChain.Handles(operation)
    64  }