func()

in pkg/admission/admission_controller.go [284:322]

• 31 lines of code
• 7 McCabe index (conditional complexity)

func (c *AdmissionController) processPodUpdate(req *admissionv1.AdmissionRequest, namespace string) *admissionv1.AdmissionResponse {
	uid := string(req.UID)

	var newPod v1.Pod
	if err := json.Unmarshal(req.Object.Raw, &newPod); err != nil {
		log.Log(log.Admission).Error("unmarshal failed", zap.Error(err))
		return admissionResponseBuilder(uid, false, err.Error(), nil)
	}

	var oldPod v1.Pod
	if err := json.Unmarshal(req.OldObject.Raw, &oldPod); err != nil {
		log.Log(log.Admission).Error("unmarshal failed", zap.Error(err))
		return admissionResponseBuilder(uid, false, err.Error(), nil)
	}

	if labelAppValue, ok := newPod.Labels[constants.LabelApp]; ok {
		if labelAppValue == yunikornPod {
			log.Log(log.Admission).Info("pod update - ignore yunikorn pod")
			return admissionResponseBuilder(uid, true, "", nil)
		}
	}

	if !c.shouldProcessAdmissionReview(namespace, newPod.Labels) {
		log.Log(log.Admission).Info("pod update - bypassing namespace", zap.String("namespace", namespace))
		return admissionResponseBuilder(uid, true, "", nil)
	}

	originalUserInfo := oldPod.Annotations[common.UserInfoAnnotation]
	newUserInfo := newPod.Annotations[common.UserInfoAnnotation]

	log.Log(log.Admission).Debug("checking original and new pod annotation", zap.String("original", originalUserInfo),
		zap.String("new", newUserInfo))

	if originalUserInfo != newUserInfo {
		return admissionResponseBuilder(uid, false, "user info annotation change is not allowed", nil)
	}

	return admissionResponseBuilder(uid, true, "", nil)
}