func()

in pkg/admission/admission_controller.go [220:282]

• 53 lines of code
• 12 McCabe index (conditional complexity)

func (c *AdmissionController) processWorkload(req *admissionv1.AdmissionRequest, namespace string) *admissionv1.AdmissionResponse {
	var uid = string(req.UID)

	if !c.shouldProcessWorkload(req) {
		return admissionResponseBuilder(uid, true, "", nil)
	}

	var supported bool
	var err error
	var labels map[string]string
	labels, supported, err = c.labelExtractor.GetLabelsFromWorkload(req)
	if !supported {
		// Unknown request kind - pass
		return admissionResponseBuilder(uid, true, "", nil)
	}
	if err != nil {
		return admissionResponseBuilder(uid, false, err.Error(), nil)
	}

	if !c.shouldProcessAdmissionReview(namespace, labels) {
		log.Log(log.Admission).Info("bypassing namespace", zap.String("namespace", namespace))
		return admissionResponseBuilder(uid, true, "", nil)
	}

	var annotations map[string]string
	annotations, supported, err = c.annotationHandler.GetAnnotationsFromRequestKind(req)
	if !supported {
		// Unknown request kind - pass
		return admissionResponseBuilder(uid, true, "", nil)
	}
	if err != nil {
		return admissionResponseBuilder(uid, false, err.Error(), nil)
	}

	userName := req.UserInfo.Username
	groups := req.UserInfo.Groups
	failureResponse, userInfoSet := c.checkUserInfoAnnotation(func() (string, bool) {
		a, ok := annotations[common.UserInfoAnnotation]
		return a, ok
	}, userName, groups, uid)
	if failureResponse != nil {
		return failureResponse
	}

	if !userInfoSet && !c.conf.GetBypassAuth() {
		patch, err := c.annotationHandler.GetPatchForWorkload(req, userName, groups)
		if err != nil {
			log.Log(log.Admission).Error("could not generate patch for workload", zap.Error(err))
			return admissionResponseBuilder(uid, false, err.Error(), nil)
		}

		patchBytes, patchErr := json.Marshal(patch)
		if patchErr != nil {
			log.Log(log.Admission).Error("failed to marshal patch", zap.Error(patchErr))
			return admissionResponseBuilder(uid, false, patchErr.Error(), nil)
		}
		log.Log(log.Admission).Info("updating annotations on workload", zap.String("type", req.Kind.Kind),
			zap.Any("generated patch", patch))
		return admissionResponseBuilder(uid, true, "", patchBytes)
	}

	return admissionResponseBuilder(uid, true, "", nil)
}