first functional test
This commit is contained in:
26
internal/operations/parsers.go
Normal file
26
internal/operations/parsers.go
Normal file
@@ -0,0 +1,26 @@
|
||||
package operations
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
dep "k8s.io/api/apps/v1"
|
||||
pod "k8s.io/api/core/v1"
|
||||
)
|
||||
|
||||
func parseDeployment(object []byte) (*dep.Deployment, error) {
|
||||
var dp dep.Deployment
|
||||
if err := json.Unmarshal(object, &dp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &dp, nil
|
||||
}
|
||||
|
||||
func parsePod(object []byte) (*pod.Pod, error) {
|
||||
var pod pod.Pod
|
||||
if err := json.Unmarshal(object, &pod); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &pod, nil
|
||||
}
|
||||
@@ -1,5 +1,30 @@
|
||||
package operations
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
admission "k8s.io/api/admission/v1"
|
||||
)
|
||||
|
||||
func PodsValidation() Hook {
|
||||
return Hook{}
|
||||
return Hook{
|
||||
Create: podValidationCreate(),
|
||||
}
|
||||
}
|
||||
|
||||
func podValidationCreate() AdmitFunc {
|
||||
return func(r *admission.AdmissionRequest) (*Result, error) {
|
||||
pod, err := parsePod(r.Object.Raw)
|
||||
if err != nil {
|
||||
return &Result{Msg: err.Error()}, nil
|
||||
}
|
||||
|
||||
for _, c := range pod.Spec.Containers {
|
||||
if strings.HasSuffix(c.Image, ":latest") {
|
||||
return &Result{Msg: "You cannot use the tag 'latest' in a container."}, nil
|
||||
}
|
||||
}
|
||||
|
||||
return &Result{Allowed: true}, nil
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user