func GetCommonWebhookConfigs()

in pkg/webhook/register.go [71:200]

• 130 lines of code
• 4 McCabe index (conditional complexity)

func GetCommonWebhookConfigs() ([]Config, error) {
	smLoader, err := servicemappingloader.New()
	if err != nil {
		return nil, fmt.Errorf("error getting new service mapping loader: %w", err)
	}
	dclSchemaLoader, err := dclschemaloader.New()
	if err != nil {
		return nil, fmt.Errorf("error getting new dcl schema loader: %w", err)
	}
	serviceMetadataLoader := metadata.New()
	allGVKs, err := supportedgvks.All(smLoader, serviceMetadataLoader)
	if err != nil {
		return nil, fmt.Errorf("error loading all supported GVKs: %w", err)
	}
	allResourcesRules := getRulesFromResources(allGVKs)
	dynamicResourcesRules := getRulesFromResources(supportedgvks.AllDynamicTypes(smLoader, serviceMetadataLoader))
	handwrittenIamResourcesRules := getRulesFromResources(supportedgvks.BasedOnHandwrittenIAMTypes())
	resourcesWithOverridesRules := getRulesForResourcesWithCustomValidation(allGVKs)
	whCfgs := []Config{
		{
			Name:          "deny-immutable-field-updates.cnrm.cloud.google.com",
			Path:          "/deny-immutable-field-updates",
			Type:          Validating,
			HandlerFunc:   NewRequestLoggingHandler(NewImmutableFieldsValidatorHandler(smLoader, dclSchemaLoader, serviceMetadataLoader), "immutable fields validation"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(
				allResourcesRules,
				admissionregistration.Update,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "deny-unknown-fields.cnrm.cloud.google.com",
			Path:          "/deny-unknown-fields",
			Type:          Validating,
			HandlerFunc:   NewRequestLoggingHandler(NewNoUnknownFieldsValidatorHandler(smLoader), "unknown fields validation"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(
				allResourcesRules,
				admissionregistration.Create,
				admissionregistration.Update,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "iam-validation.cnrm.cloud.google.com",
			Path:          "/iam-validation",
			Type:          Validating,
			HandlerFunc:   NewRequestLoggingHandler(NewIAMValidatorHandler(smLoader, serviceMetadataLoader, dclSchemaLoader), "iam validation"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(handwrittenIamResourcesRules,
				admissionregistration.Create,
				admissionregistration.Update,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "iam-defaulter.cnrm.cloud.google.com",
			Path:          "/iam-defaulter",
			Type:          Mutating,
			HandlerFunc:   NewRequestLoggingHandler(NewIAMDefaulter(smLoader, serviceMetadataLoader), "iam defaulter"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(handwrittenIamResourcesRules,
				admissionregistration.Create,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "container-annotation-handler.cnrm.cloud.google.com",
			Path:          "/container-annotation-handler",
			Type:          Mutating,
			HandlerFunc:   NewRequestLoggingHandler(NewContainerAnnotationHandler(smLoader, dclSchemaLoader, serviceMetadataLoader), "container annotation handler"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(
				dynamicResourcesRules,
				admissionregistration.Create,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "management-conflict-annotation-defaulter.cnrm.cloud.google.com",
			Path:          "/management-conflict-annotation-defaulter",
			Type:          Mutating,
			HandlerFunc:   NewRequestLoggingHandler(NewManagementConflictAnnotationDefaulter(smLoader, dclSchemaLoader, serviceMetadataLoader), "management conflict annotation defaulter"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(
				dynamicResourcesRules,
				admissionregistration.Create,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "generic-defaulter.cnrm.cloud.google.com",
			Path:          "/generic-defaulter",
			Type:          Mutating,
			HandlerFunc:   NewRequestLoggingHandler(NewGenericDefaulter(), "generic defaulter"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(
				dynamicResourcesRules,
				admissionregistration.Create,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "resource-validation.cnrm.cloud.google.com",
			Path:          "/resource-validation",
			Type:          Validating,
			HandlerFunc:   NewRequestLoggingHandler(NewResourceValidatorHandler(), "resource validation"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(resourcesWithOverridesRules,
				admissionregistration.Create,
				admissionregistration.Update,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
		{
			Name:          "state-into-spec-validation.cnrm.cloud.google.com",
			Path:          "/state-into-spec-validation",
			Type:          Validating,
			HandlerFunc:   NewRequestLoggingHandler(NewStateIntoSpecAnnotationValidatorHandler(), "state-into-spec validation"),
			FailurePolicy: admissionregistration.Fail,
			Rules: getRulesForOperationTypes(allResourcesRules,
				admissionregistration.Create,
				admissionregistration.Update,
			),
			SideEffects: admissionregistration.SideEffectClassNone,
		},
	}
	return whCfgs, nil
}