Admission control exposes subresource

2015-06-18 15:00:46 -04:00
parent 1ba909098e
commit fce7adf3e7
12 changed files with 85 additions and 67 deletions
--- a/pkg/admission/attributes.go
+++ b/pkg/admission/attributes.go
@@ -22,22 +22,24 @@ import (
 )

 type attributesRecord struct {
-	kind      string
-	namespace string
-	resource  string
-	operation Operation
-	object    runtime.Object
-	userInfo  user.Info
+	kind        string
+	namespace   string
+	resource    string
+	subresource string
+	operation   Operation
+	object      runtime.Object
+	userInfo    user.Info
 }

-func NewAttributesRecord(object runtime.Object, kind, namespace, resource string, operation Operation, userInfo user.Info) Attributes {
+func NewAttributesRecord(object runtime.Object, kind, namespace, resource, subresource string, operation Operation, userInfo user.Info) Attributes {
 	return &attributesRecord{
-		kind:      kind,
-		namespace: namespace,
-		resource:  resource,
-		operation: operation,
-		object:    object,
-		userInfo:  userInfo,
+		kind:        kind,
+		namespace:   namespace,
+		resource:    resource,
+		subresource: subresource,
+		operation:   operation,
+		object:      object,
+		userInfo:    userInfo,
 	}
 }

@@ -53,6 +55,10 @@ func (record *attributesRecord) GetResource() string {
 	return record.resource
 }

+func (record *attributesRecord) GetSubresource() string {
+	return record.subresource
+}
+
 func (record *attributesRecord) GetOperation() Operation {
 	return record.operation
 }
--- a/pkg/admission/chain_test.go
+++ b/pkg/admission/chain_test.go
@@ -98,7 +98,7 @@ func TestAdmit(t *testing.T) {
 		},
 	}
 	for _, test := range tests {
-		err := test.chain.Admit(NewAttributesRecord(nil, "", "", "", test.operation, nil))
+		err := test.chain.Admit(NewAttributesRecord(nil, "", "", "", "", test.operation, nil))
 		accepted := (err == nil)
 		if accepted != test.accept {
 			t.Errorf("%s: unexpected result of admit call: %v\n", test.name, accepted)
--- a/pkg/admission/interfaces.go
+++ b/pkg/admission/interfaces.go
@@ -24,11 +24,21 @@ import (
 // Attributes is an interface used by AdmissionController to get information about a request
 // that is used to make an admission decision.
 type Attributes interface {
+	// GetNamespace is the namespace associated with the request (if any)
 	GetNamespace() string
+	// GetResource is the name of the resource being requested.  This is not the kind.  For example: pods
 	GetResource() string
+	// GetSubresource is the name of the subresource being requested.  This is a different resource, scoped to the parent resource, but it may have a different kind.
+	// For instance, /pods has the resource "pods" and the kind "Pod", while /pods/foo/status has the resource "pods", the sub resource "status", and the kind "Pod"
+	// (because status operates on pods). The binding resource for a pod though may be /pods/foo/binding, which has resource "pods", subresource "binding", and kind "Binding".
+	GetSubresource() string
+	// GetOperation is the operation being performed
 	GetOperation() Operation
+	// GetObject is the object from the incoming request prior to default values being applied
 	GetObject() runtime.Object
+	// GetKind is the type of object being manipulated.  For example: Pod
 	GetKind() string
+	// GetUserInfo is information about the requesting user
 	GetUserInfo() user.Info
 }