Handle the validation request nolint: gocritic // Must accept admission.Request as a struct to satisfy Handler interface.
(ctx context.Context, req admission.Request)
| 137 | // Handle the validation request |
| 138 | // nolint: gocritic // Must accept admission.Request as a struct to satisfy Handler interface. |
| 139 | func (h *validationHandler) Handle(ctx context.Context, req admission.Request) admission.Response { |
| 140 | timeStart := time.Now() |
| 141 | |
| 142 | if isGkServiceAccount(req.UserInfo) { |
| 143 | return admission.Allowed("Gatekeeper does not self-manage") |
| 144 | } |
| 145 | |
| 146 | if userErr, err := h.validateGatekeeperResources(ctx, &req); err != nil { |
| 147 | var code int32 |
| 148 | if userErr { |
| 149 | code = http.StatusUnprocessableEntity |
| 150 | } else { |
| 151 | code = http.StatusInternalServerError |
| 152 | } |
| 153 | return admission.Errored(code, err) |
| 154 | } |
| 155 | |
| 156 | requestResponse := unknownResponse |
| 157 | defer func() { |
| 158 | if h.reporter != nil { |
| 159 | isDryRun := "false" |
| 160 | if req.DryRun != nil && *req.DryRun { |
| 161 | isDryRun = "true" |
| 162 | } |
| 163 | if err := h.reporter.ReportValidationRequest(ctx, requestResponse, isDryRun, time.Since(timeStart)); err != nil { |
| 164 | h.log.Error(err, "failed to report request") |
| 165 | } |
| 166 | } |
| 167 | }() |
| 168 | |
| 169 | // namespace is excluded from webhook using config |
| 170 | isExcludedNamespace, err := h.skipExcludedNamespace(&req.AdmissionRequest, process.Webhook) |
| 171 | if err != nil { |
| 172 | h.log.Error(err, "error while excluding namespace") |
| 173 | } |
| 174 | |
| 175 | if isExcludedNamespace { |
| 176 | requestResponse = allowResponse |
| 177 | return admission.Allowed("Namespace is set to be ignored by Gatekeeper config") |
| 178 | } |
| 179 | |
| 180 | resp, err := h.reviewRequest(ctx, &req) |
| 181 | if err != nil { |
| 182 | h.log.Error(err, "error executing query") |
| 183 | requestResponse = errorResponse |
| 184 | return admission.Errored(http.StatusInternalServerError, err) |
| 185 | } |
| 186 | |
| 187 | if *logStatsAdmission { |
| 188 | logging.LogStatsEntries( |
| 189 | h.opa, |
| 190 | h.log.WithValues( |
| 191 | logging.Process, "admission", |
| 192 | logging.EventType, "review_response_stats", |
| 193 | logging.ResourceGroup, req.Kind.Group, |
| 194 | logging.ResourceAPIVersion, req.Kind.Version, |
| 195 | logging.ResourceKind, req.Kind.Kind, |
| 196 | logging.ResourceNamespace, req.Namespace, |