99 lines
2.8 KiB
Go
99 lines
2.8 KiB
Go
/*
|
|
* Copyright 2024 the KubeSphere Authors.
|
|
* Please refer to the LICENSE file in the root directory of the project.
|
|
* https://github.com/kubesphere/kubesphere/blob/master/LICENSE
|
|
*/
|
|
|
|
package config
|
|
|
|
import (
|
|
"context"
|
|
|
|
kscontroller "kubesphere.io/kubesphere/pkg/controller"
|
|
|
|
v1 "k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
ctrl "sigs.k8s.io/controller-runtime"
|
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
|
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
|
|
|
|
"kubesphere.io/kubesphere/pkg/constants"
|
|
"kubesphere.io/kubesphere/pkg/controller/config/identityprovider"
|
|
"kubesphere.io/kubesphere/pkg/controller/config/oauthclient"
|
|
)
|
|
|
|
func (w *Webhook) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) {
|
|
secret := obj.(*v1.Secret)
|
|
validator := w.factory.GetValidator(secret.Type)
|
|
if validator != nil {
|
|
return validator.ValidateCreate(ctx, secret)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (w *Webhook) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (warnings admission.Warnings, err error) {
|
|
newSecret := newObj.(*v1.Secret)
|
|
oldSecret := oldObj.(*v1.Secret)
|
|
if validator := w.factory.GetValidator(newSecret.Type); validator != nil {
|
|
return validator.ValidateUpdate(ctx, oldSecret, newSecret)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (w *Webhook) ValidateDelete(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) {
|
|
secret := obj.(*v1.Secret)
|
|
validator := w.factory.GetValidator(secret.Type)
|
|
if validator != nil {
|
|
return validator.ValidateDelete(ctx, secret)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (w *Webhook) Default(ctx context.Context, obj runtime.Object) error {
|
|
secret := obj.(*v1.Secret)
|
|
if secret.Namespace != constants.KubeSphereNamespace {
|
|
return nil
|
|
}
|
|
|
|
defaulter := w.factory.GetDefaulter(secret.Type)
|
|
if defaulter != nil {
|
|
return defaulter.Default(ctx, secret)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
var _ admission.CustomDefaulter = &Webhook{}
|
|
var _ admission.CustomValidator = &Webhook{}
|
|
var _ kscontroller.Controller = &Webhook{}
|
|
|
|
const webhookName = "kubesphere-config-webhook"
|
|
|
|
func (w *Webhook) Name() string {
|
|
return webhookName
|
|
}
|
|
|
|
type Webhook struct {
|
|
client.Client
|
|
factory *WebhookFactory
|
|
}
|
|
|
|
func (w *Webhook) SetupWithManager(mgr *kscontroller.Manager) error {
|
|
factory := NewWebhookFactory()
|
|
oauthWebhookHandler := &oauthclient.WebhookHandler{Client: mgr.GetClient()}
|
|
factory.RegisterValidator(oauthWebhookHandler)
|
|
factory.RegisterDefaulter(oauthWebhookHandler)
|
|
identityProviderWebhookHandler := &identityprovider.WebhookHandler{Client: mgr.GetClient()}
|
|
factory.RegisterValidator(identityProviderWebhookHandler)
|
|
factory.RegisterDefaulter(identityProviderWebhookHandler)
|
|
|
|
w.Client = mgr.GetClient()
|
|
w.factory = factory
|
|
|
|
return ctrl.NewWebhookManagedBy(mgr).
|
|
WithValidator(w).
|
|
WithDefaulter(w).
|
|
For(&v1.Secret{}).
|
|
Complete()
|
|
}
|