From 04c37a9200beff879139865ca9874bee969d38d0 Mon Sep 17 00:00:00 2001 From: Vince Prignano Date: Wed, 27 Mar 2024 07:08:26 -0700 Subject: [PATCH] admission.Decoder is now an interface The current implementation allows to create a decoder without a scheme/codecs by just referencing the struct `&admission.Decoder{}` given that codecs is private. The field was filled in before with the inject package which has been removed. This change retains the Decoder definition and makes it an interface, `admission.NewDecoder(scheme)` is now the only way to instantiate our default decoder. Signed-off-by: Vince Prignano --- pkg/webhook/admission/decode.go | 25 +++++++++++++++++------ pkg/webhook/admission/decode_test.go | 2 +- pkg/webhook/admission/defaulter.go | 2 +- pkg/webhook/admission/defaulter_custom.go | 2 +- pkg/webhook/admission/validator.go | 2 +- pkg/webhook/admission/validator_custom.go | 2 +- pkg/webhook/webhook_integration_test.go | 2 +- 7 files changed, 25 insertions(+), 12 deletions(-) diff --git a/pkg/webhook/admission/decode.go b/pkg/webhook/admission/decode.go index 7e9c0a96bc..55f1cafb5e 100644 --- a/pkg/webhook/admission/decode.go +++ b/pkg/webhook/admission/decode.go @@ -26,22 +26,35 @@ import ( // Decoder knows how to decode the contents of an admission // request into a concrete object. -type Decoder struct { +type Decoder interface { + // Decode decodes the inlined object in the AdmissionRequest into the passed-in runtime.Object. + // If you want decode the OldObject in the AdmissionRequest, use DecodeRaw. + // It errors out if req.Object.Raw is empty i.e. containing 0 raw bytes. + Decode(req Request, into runtime.Object) error + + // DecodeRaw decodes a RawExtension object into the passed-in runtime.Object. + // It errors out if rawObj is empty i.e. containing 0 raw bytes. + DecodeRaw(rawObj runtime.RawExtension, into runtime.Object) error +} + +// decoder knows how to decode the contents of an admission +// request into a concrete object. +type decoder struct { codecs serializer.CodecFactory } -// NewDecoder creates a Decoder given the runtime.Scheme. -func NewDecoder(scheme *runtime.Scheme) *Decoder { +// NewDecoder creates a decoder given the runtime.Scheme. +func NewDecoder(scheme *runtime.Scheme) Decoder { if scheme == nil { panic("scheme should never be nil") } - return &Decoder{codecs: serializer.NewCodecFactory(scheme)} + return &decoder{codecs: serializer.NewCodecFactory(scheme)} } // Decode decodes the inlined object in the AdmissionRequest into the passed-in runtime.Object. // If you want decode the OldObject in the AdmissionRequest, use DecodeRaw. // It errors out if req.Object.Raw is empty i.e. containing 0 raw bytes. -func (d *Decoder) Decode(req Request, into runtime.Object) error { +func (d *decoder) Decode(req Request, into runtime.Object) error { // we error out if rawObj is an empty object. if len(req.Object.Raw) == 0 { return fmt.Errorf("there is no content to decode") @@ -51,7 +64,7 @@ func (d *Decoder) Decode(req Request, into runtime.Object) error { // DecodeRaw decodes a RawExtension object into the passed-in runtime.Object. // It errors out if rawObj is empty i.e. containing 0 raw bytes. -func (d *Decoder) DecodeRaw(rawObj runtime.RawExtension, into runtime.Object) error { +func (d *decoder) DecodeRaw(rawObj runtime.RawExtension, into runtime.Object) error { // NB(directxman12): there's a bug/weird interaction between decoders and // the API server where the API server doesn't send a GVK on the embedded // objects, which means the unstructured decoder refuses to decode. It diff --git a/pkg/webhook/admission/decode_test.go b/pkg/webhook/admission/decode_test.go index 4c3578d143..130308800f 100644 --- a/pkg/webhook/admission/decode_test.go +++ b/pkg/webhook/admission/decode_test.go @@ -29,7 +29,7 @@ import ( ) var _ = Describe("Admission Webhook Decoder", func() { - var decoder *Decoder + var decoder Decoder BeforeEach(func() { By("creating a new decoder for a scheme") decoder = NewDecoder(scheme.Scheme) diff --git a/pkg/webhook/admission/defaulter.go b/pkg/webhook/admission/defaulter.go index c9662ce1c0..efbbf60282 100644 --- a/pkg/webhook/admission/defaulter.go +++ b/pkg/webhook/admission/defaulter.go @@ -43,7 +43,7 @@ func DefaultingWebhookFor(scheme *runtime.Scheme, defaulter Defaulter) *Webhook type mutatingHandler struct { defaulter Defaulter - decoder *Decoder + decoder Decoder } // Handle handles admission requests. diff --git a/pkg/webhook/admission/defaulter_custom.go b/pkg/webhook/admission/defaulter_custom.go index 5f697e7dce..d15dec7a05 100644 --- a/pkg/webhook/admission/defaulter_custom.go +++ b/pkg/webhook/admission/defaulter_custom.go @@ -43,7 +43,7 @@ func WithCustomDefaulter(scheme *runtime.Scheme, obj runtime.Object, defaulter C type defaulterForType struct { defaulter CustomDefaulter object runtime.Object - decoder *Decoder + decoder Decoder } // Handle handles admission requests. diff --git a/pkg/webhook/admission/validator.go b/pkg/webhook/admission/validator.go index fa42217bd6..b28a56eef8 100644 --- a/pkg/webhook/admission/validator.go +++ b/pkg/webhook/admission/validator.go @@ -63,7 +63,7 @@ func ValidatingWebhookFor(scheme *runtime.Scheme, validator Validator) *Webhook type validatingHandler struct { validator Validator - decoder *Decoder + decoder Decoder } // Handle handles admission requests. diff --git a/pkg/webhook/admission/validator_custom.go b/pkg/webhook/admission/validator_custom.go index 07650aa60a..b8f194401e 100644 --- a/pkg/webhook/admission/validator_custom.go +++ b/pkg/webhook/admission/validator_custom.go @@ -56,7 +56,7 @@ func WithCustomValidator(scheme *runtime.Scheme, obj runtime.Object, validator C type validatorForType struct { validator CustomValidator object runtime.Object - decoder *Decoder + decoder Decoder } // Handle handles admission requests. diff --git a/pkg/webhook/webhook_integration_test.go b/pkg/webhook/webhook_integration_test.go index b97779f56d..752a1fe6f5 100644 --- a/pkg/webhook/webhook_integration_test.go +++ b/pkg/webhook/webhook_integration_test.go @@ -153,7 +153,7 @@ var _ = Describe("Webhook", func() { }) type rejectingValidator struct { - d *admission.Decoder + d admission.Decoder } func (v *rejectingValidator) Handle(ctx context.Context, req admission.Request) admission.Response {