func()

in controller/webhook.go [136:202]

• 48 lines of code
• 6 McCabe index (conditional complexity)

func (whsvr *WebhookServer) mutate(ctx context.Context, admissionReview *v1beta1.AdmissionReview) (*v1beta1.AdmissionResponse, error) {
	admissionRequest := admissionReview.Request

	var pod corev1.Pod

	if err := json.Unmarshal(admissionRequest.Object.Raw, &pod); err != nil {
		return &v1beta1.AdmissionResponse{Result: &metav1.Status{Message: err.Error()}}, fmt.Errorf("Error unmarshaling AdmissionRequest into Pod: %v", err)
	}

	nsLabels, err := whsvr.describeNamespace(ctx, admissionRequest.Namespace)

	if err != nil {
		return &v1beta1.AdmissionResponse{Result: &metav1.Status{Message: err.Error()}}, fmt.Errorf("Error describing namespace: %v", err)
	}

	if !whsvr.shouldMutate(nsLabels, &pod.ObjectMeta) {
		return &v1beta1.AdmissionResponse{Allowed: true, UID: admissionRequest.UID}, nil
	}

	var patchOperations []PatchOperation

	host, name, region := whsvr.getUpstreamEndpointParameters(nsLabels, &pod.ObjectMeta)

	sidecarArgs := []string{"--name", name, "--region", region, "--host", host, "--port", ":8005"}

	roleArn := whsvr.getRoleArn(nsLabels, &pod.ObjectMeta)

	if roleArn != "" {
		sidecarArgs = append(sidecarArgs, "--role-arn", roleArn)
	}

	image := whsvr.getProxyImage()

	sidecarContainer := []corev1.Container{{
		Name:            "sidecar-aws-sigv4-proxy",
		Image:           image,
		ImagePullPolicy: corev1.PullIfNotPresent,
		Ports: []corev1.ContainerPort{{
			ContainerPort: 8005,
		}},
		Args: sidecarArgs,
	}}

	patchOperations = append(patchOperations, addContainers(pod.Spec.Containers, sidecarContainer, "/spec/containers")...)

	annotations := map[string]string{signingProxyWebhookAnnotationStatusKey: "injected"}

	patchOperations = append(patchOperations, updateAnnotations(pod.Annotations, annotations)...)

	patchBytes, err := json.Marshal(patchOperations)

	if err != nil {
		return &v1beta1.AdmissionResponse{Result: &metav1.Status{Message: err.Error()}}, fmt.Errorf("Error unmarshaling AdmissionRequest into Pod: %v", err)
	}

	log.Printf("Admission Response: %v", string(patchBytes))

	return &v1beta1.AdmissionResponse{
		Allowed: true,
		UID:     admissionRequest.UID,
		Patch:   patchBytes,
		PatchType: func() *v1beta1.PatchType {
			pt := v1beta1.PatchTypeJSONPatch
			return &pt
		}(),
	}, nil
}