-
Notifications
You must be signed in to change notification settings - Fork 0
/
mutate.rs
53 lines (47 loc) · 1.91 KB
/
mutate.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
use habitat_api::Job;
use kube::core::{
admission::{AdmissionRequest, AdmissionResponse, AdmissionReview},
DynamicObject, ResourceExt,
};
use std::{convert::Infallible, error::Error};
use tracing::*;
use warp::{reply, Reply};
use crate::util::try_cast_dynamic_obj_into_job;
pub async fn handler(body: AdmissionReview<DynamicObject>) -> Result<impl Reply, Infallible> {
// Parse incoming webhook AdmissionRequest first
let req: AdmissionRequest<_> = match body.try_into() {
Ok(req) => req,
Err(err) => {
error!("invalid request: {}", err.to_string());
return Ok(reply::json(
&AdmissionResponse::invalid(err.to_string()).into_review(),
));
}
};
// Then construct a AdmissionResponse
let mut res = AdmissionResponse::from(&req);
// req.Object always exists for us, but could be None if extending to DELETE events
if let Some(obj) = req.object {
let name = obj.name_any(); // apiserver may not have generated a name yet
res = match try_cast_dynamic_obj_into_job(&obj) {
Ok(job) => match mutate(res.clone(), &job) {
Ok(res) => {
info!("accepted: {:?} on Job {}", req.operation, name);
res
}
Err(err) => {
warn!("denied: {:?} on {} ({})", req.operation, name, err);
res.deny(err.to_string())
}
},
Err(err) => {
warn!("invalid job: {:?} on {} ({})", req.operation, name, err);
res.deny(err)
}
};
};
// Wrap the AdmissionResponse wrapped in an AdmissionReview
Ok(reply::json(&res.into_review()))
}
// The main handler and core business logic, failures here implies rejected applies
fn mutate(res: AdmissionResponse, _job: &Job) -> Result<AdmissionResponse, Box<dyn Error>> { Ok(res) }