BonnyPlug.AdmissionReview.Request (bonny_plug v1.0.3) View Source

Helper functions for admission review request handling. This module is imported when using WebhookHandler.

Link to this section Summary

Functions

Adds a warning to the admission review's response.

Responds by allowing the operation

Checks the given field's value - if defined - against a list of allowed values. If the field is not defined, the request is considered valid and no error is returned. Use the CRD to define required fields.

Verifies that a given field has not been mutated.

Responds by denying the operation

Responds by denying the operation, returning response code and message

Link to this section Functions

Link to this function

add_warning(admission_review, warning)

View Source

Specs

Adds a warning to the admission review's response.

Examples

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.add_warning(admission_review, "warning")
%BonnyPlug.AdmissionReview{request: %{}, response: %{"warnings" => ["warning"]}}

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{}, response: %{"warnings" => ["existing_warning"]}}
...> BonnyPlug.AdmissionReview.Request.add_warning(admission_review, "new_warning")
%BonnyPlug.AdmissionReview{request: %{}, response: %{"warnings" => ["new_warning", "existing_warning"]}}

Specs

Responds by allowing the operation

Examples

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.allow(admission_review)
%BonnyPlug.AdmissionReview{request: %{}, response: %{"allowed" => true}}
Link to this function

check_allowed_values(admission_review, field, allowed_values)

View Source

Specs

Checks the given field's value - if defined - against a list of allowed values. If the field is not defined, the request is considered valid and no error is returned. Use the CRD to define required fields.

Examples

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "bar"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.check_allowed_values(admission_review, ~w(metadata annotations some/annotation), ["foo", "bar"])
%BonnyPlug.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "bar"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{"object" => %{"metadata" => %{}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.check_allowed_values(admission_review, ~w(metadata annotations some/annotation), ["foo", "bar"])
%BonnyPlug.AdmissionReview{request: %{"object" => %{"metadata" => %{}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "other"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.check_allowed_values(admission_review, ~w(metadata annotations some/annotation), ["foo", "bar"])
%BonnyPlug.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "other"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => ~S(The field .metadata.annotations.some/annotation must contain one of the values in ["foo", "bar"] but it's currently set to "other".)}}}
Link to this function

check_immutable(admission_review, field)

View Source

Specs

Verifies that a given field has not been mutated.

Examples

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.check_immutable(admission_review, ["spec", "immutable"])
%BonnyPlug.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}}

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "new_value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.check_immutable(admission_review, ["spec", "immutable"])
%BonnyPlug.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "new_value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => "The field .spec.immutable is immutable."}}}

Specs

Responds by denying the operation

Examples

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.deny(admission_review)
%BonnyPlug.AdmissionReview{request: %{}, response: %{"allowed" => false}}
Link to this function

deny(admission_review, code \\ 400, message)

View Source

Specs

Responds by denying the operation, returning response code and message

Examples

iex> admission_review = %BonnyPlug.AdmissionReview{request: %{}, response: %{}}
...> BonnyPlug.AdmissionReview.Request.deny(admission_review, 403, "foo")
%BonnyPlug.AdmissionReview{request: %{}, response: %{"allowed" => false, "status" => %{"code" => 403, "message" => "foo"}}}

iex> BonnyPlug.AdmissionReview.Request.deny(%BonnyPlug.AdmissionReview{request: %{}, response: %{}}, "foo")
%BonnyPlug.AdmissionReview{request: %{}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => "foo"}}}