-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalidation.go
More file actions
38 lines (32 loc) · 1.04 KB
/
validation.go
File metadata and controls
38 lines (32 loc) · 1.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package main
import (
"github.com/gin-gonic/gin"
"github.com/golang/glog"
"k8s.io/api/admission/v1beta1"
auth "k8s.io/api/authentication/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func labelsValid(userInfo auth.UserInfo, labels map[string]string) bool {
org, project := getOrganizationAndProject(userInfo)
return (labels["organization"] == org) && (labels["project"] == project)
}
func validate(req *v1beta1.AdmissionRequest, namespace corev1.Namespace) *v1beta1.AdmissionResponse {
if labelsValid(req.UserInfo, namespace.Labels) {
return &v1beta1.AdmissionResponse {
Allowed: true,
}
}
glog.Infof("Denying the namespace update request. Request has forbidden label(s). " +
"Username: " + req.UserInfo.Username)
return &v1beta1.AdmissionResponse {
Allowed: false,
Result: &metav1.Status {
Message: "Namespace update request rejected. You should not allowed to use \"organization\" " +
"and \"project\" labels.",
},
}
}
func validationHandler(c *gin.Context) {
handleReq(c, validate)
}