func()

in pkg/admission/webhook_manager.go [380:453]

• 58 lines of code
• 25 McCabe index (conditional complexity)

func (wm *webhookManagerImpl) checkValidatingWebhook(webhook *v1.ValidatingWebhookConfiguration) error {
	ignore := v1.Ignore
	none := v1.SideEffectClassNone
	path := "/validate-conf"

	value, ok := webhook.ObjectMeta.GetLabels()["app"]
	if !ok || value != webhookLabel {
		return errors.New("webhook: missing label app=yunikorn")
	}

	if len(webhook.Webhooks) != 1 {
		return errors.New("webhook: wrong webhook count")
	}

	hook := webhook.Webhooks[0]
	if hook.Name != validateConfHook {
		return errors.New("webhook: wrong webhook name")
	}

	cc := hook.ClientConfig
	svc := cc.Service
	if svc == nil {
		return errors.New("webhook: missing service")
	}

	if svc.Name != wm.conf.GetAmServiceName() {
		return errors.New("webhook: wrong service name")
	}

	if svc.Namespace != wm.conf.GetNamespace() {
		return errors.New("webhook: wrong service namespace")
	}

	if svc.Path == nil || *svc.Path != path {
		return errors.New("webhook: wrong service path")
	}

	err := wm.validateCaBundle(cc.CABundle)
	if err != nil {
		return err
	}

	rules := hook.Rules
	if len(rules) != 1 {
		return errors.New("webhook: wrong rule count")
	}

	rule := rules[0]
	if len(rule.Operations) != 2 || rule.Operations[0] != v1.Create || rule.Operations[1] != v1.Update {
		return errors.New("webhook: wrong operations")
	}

	if len(rule.APIGroups) != 1 || rule.APIGroups[0] != "" {
		return errors.New("webhook: wrong api groups")
	}

	if len(rule.APIVersions) != 1 || rule.APIVersions[0] != "v1" {
		return errors.New("webhook: wrong api versions")
	}

	if len(rule.Resources) != 1 || rule.Resources[0] != "configmaps" {
		return errors.New("webhook: wrong resources")
	}

	if hook.FailurePolicy == nil || *hook.FailurePolicy != ignore {
		return errors.New("webhook: wrong failure policy")
	}

	if hook.SideEffects == nil || *hook.SideEffects != none {
		return errors.New("webhook: wrong side effects")
	}

	return nil
}