Skip to content

Commit 2c49665

Browse files
author
Eric Abramov
committed
⚠️ admission responses with raw Status
If a custom webhook validator returns a metav1.Status object as the error, the validation handler will build an admission response with this Status object as is, instead of building a new Status object based on err.Error() This might be considered as a breaking change since the behaviour of the validation handler is going to be slightly different from what the users might expect based on the previous version of the code
1 parent 1902414 commit 2c49665

File tree

2 files changed

+22
-22
lines changed

2 files changed

+22
-22
lines changed

pkg/webhook/admission/response.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,3 +107,14 @@ func PatchResponseFromRaw(original, current []byte) Response {
107107
},
108108
}
109109
}
110+
111+
// validationResponseFromStatus returns a response for admitting a request with provided Status object.
112+
func validationResponseFromStatus(allowed bool, status metav1.Status) Response {
113+
resp := Response{
114+
AdmissionResponse: admissionv1beta1.AdmissionResponse{
115+
Allowed: allowed,
116+
Result: &status,
117+
},
118+
}
119+
return resp
120+
}

pkg/webhook/admission/validator.go

Lines changed: 11 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,10 @@ import (
2020
"context"
2121
"net/http"
2222

23+
goerrors "errors"
24+
2325
"k8s.io/api/admission/v1beta1"
2426
"k8s.io/apimachinery/pkg/api/errors"
25-
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2627
"k8s.io/apimachinery/pkg/runtime"
2728
)
2829

@@ -69,12 +70,10 @@ func (h *validatingHandler) Handle(ctx context.Context, req Request) Response {
6970
}
7071

7172
err = obj.ValidateCreate()
72-
7373
if err != nil {
74-
75-
isStatusError, status := isStatusError(&err)
76-
if isStatusError {
77-
return ValidationResponseFromStatus(false, status)
74+
var apiStatus errors.APIStatus
75+
if goerrors.As(err, &apiStatus) {
76+
return validationResponseFromStatus(false, apiStatus.Status())
7877
}
7978
return Denied(err.Error())
8079
}
@@ -93,11 +92,10 @@ func (h *validatingHandler) Handle(ctx context.Context, req Request) Response {
9392
}
9493

9594
err = obj.ValidateUpdate(oldObj)
96-
9795
if err != nil {
98-
isStatusError, status := isStatusError(&err)
99-
if isStatusError {
100-
return ValidationResponseFromStatus(false, status)
96+
var apiStatus errors.APIStatus
97+
if goerrors.As(err, &apiStatus) {
98+
return validationResponseFromStatus(false, apiStatus.Status())
10199
}
102100
return Denied(err.Error())
103101
}
@@ -113,22 +111,13 @@ func (h *validatingHandler) Handle(ctx context.Context, req Request) Response {
113111

114112
err = obj.ValidateDelete()
115113
if err != nil {
116-
isStatusError, status := isStatusError(&err)
117-
if isStatusError {
118-
return ValidationResponseFromStatus(false, status)
114+
var apiStatus errors.APIStatus
115+
if goerrors.As(err, &apiStatus) {
116+
return validationResponseFromStatus(false, apiStatus.Status())
119117
}
120118
return Denied(err.Error())
121119
}
122120
}
123121

124122
return Allowed("")
125123
}
126-
127-
func isStatusError(err *error) (bool, *metav1.Status) {
128-
statusError, isStatusError := (*err).(*errors.StatusError)
129-
if isStatusError {
130-
return true, &statusError.ErrStatus
131-
}
132-
133-
return false, nil
134-
}

0 commit comments

Comments
 (0)