func()

in pkg/admission/webhook_manager.go [455:532]

• 62 lines of code
• 33 McCabe index (conditional complexity)

func (wm *webhookManagerImpl) checkMutatingWebhook(webhook *v1.MutatingWebhookConfiguration) error {
	ignore := v1.Ignore
	none := v1.SideEffectClassNone
	path := "/mutate"

	value, ok := webhook.ObjectMeta.GetLabels()["app"]
	if !ok || value != "yunikorn" {
		return errors.New("webhook: missing label app=yunikorn")
	}

	if len(webhook.Webhooks) != 1 {
		return errors.New("mutate webhook: wrong webhook count")
	}

	hook := webhook.Webhooks[0]
	if hook.Name != mutatePodsWebhook {
		return errors.New("webhook: wrong webhook name")
	}

	cc := hook.ClientConfig
	svc := cc.Service
	if svc == nil {
		return errors.New("webhook: missing service")
	}

	if svc.Name != wm.conf.GetAmServiceName() {
		return errors.New("webhook: wrong service name")
	}

	if svc.Namespace != wm.conf.GetNamespace() {
		return errors.New("webhook: wrong service namespace")
	}

	if svc.Path == nil || *svc.Path != path {
		return errors.New("webhook: wrong service path")
	}

	err := wm.validateCaBundle(cc.CABundle)
	if err != nil {
		return err
	}

	rules := hook.Rules
	if len(rules) != 1 {
		return errors.New("webhook: wrong rule count")
	}

	rule := rules[0]
	if len(rule.Operations) != 2 || rule.Operations[0] != v1.Create || rule.Operations[1] != v1.Update {
		return errors.New("webhook: wrong operations")
	}

	if len(rule.APIGroups) != 3 || rule.APIGroups[0] != "" ||
		rule.APIGroups[1] != "apps" || rule.APIGroups[2] != "batch" {
		return errors.New("webhook: wrong api groups")
	}

	if len(rule.APIVersions) != 1 || rule.APIVersions[0] != "v1" {
		return errors.New("webhook: wrong api versions")
	}

	if len(rule.Resources) != 7 || rule.Resources[0] != "pods" ||
		rule.Resources[1] != "deployments" || rule.Resources[2] != "replicasets" ||
		rule.Resources[3] != "statefulsets" || rule.Resources[4] != "daemonsets" ||
		rule.Resources[5] != "jobs" || rule.Resources[6] != "cronjobs" {
		return errors.New("webhook: wrong resources")
	}

	if hook.FailurePolicy == nil || *hook.FailurePolicy != ignore {
		return errors.New("webhook: wrong failure policy")
	}

	if hook.SideEffects == nil || *hook.SideEffects != none {
		return errors.New("webhook: wrong side effects")
	}

	return nil
}