inject client and decoder for webhook

Author: Mengqi Yu

example/main.go

@@ -81,7 +81,8 @@ func main() {
 		Operations(admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update).
 		WithManager(mgr).
 		ForType(&corev1.Pod{}).
-		Build(&podAnnotator{client: mgr.GetClient(), decoder: mgr.GetAdmissionDecoder()})
+		Handlers(&podAnnotator{}).
+		Build()
 	if err != nil {
 		entryLog.Error(err, "unable to setup mutating webhook")
 		os.Exit(1)
@@ -94,7 +95,8 @@ func main() {
 		Operations(admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update).
 		WithManager(mgr).
 		ForType(&corev1.Pod{}).
-		Build(&podValidator{client: mgr.GetClient(), decoder: mgr.GetAdmissionDecoder()})
+		Handlers(&podValidator{}).
+		Build()
 	if err != nil {
 		entryLog.Error(err, "unable to setup validating webhook")
 		os.Exit(1)

example/mutatingwebhook.go

@@ -24,19 +24,20 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
 // podAnnotator annotates Pods
 type podAnnotator struct {
 	client  client.Client
-	decoder admission.Decoder
+	decoder types.Decoder
 }
 
 // Implement admission.Handler so the controller can handle admission request.
 var _ admission.Handler = &podAnnotator{}
 
 // podAnnotator adds an annotation to every incoming pods.
-func (a *podAnnotator) Handle(ctx context.Context, req admission.Request) admission.Response {
+func (a *podAnnotator) Handle(ctx context.Context, req types.Request) types.Response {
 	pod := &corev1.Pod{}
 
 	err := a.decoder.Decode(req, pod)

example/validatingwebhook.go

@@ -24,19 +24,20 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
 // podValidator validates Pods
 type podValidator struct {
 	client  client.Client
-	decoder admission.Decoder
+	decoder types.Decoder
 }
 
 // Implement admission.Handler so the controller can handle admission request.
 var _ admission.Handler = &podValidator{}
 
 // podValidator admits a pod iff a specific annotation exists.
-func (v *podValidator) Handle(ctx context.Context, req admission.Request) admission.Response {
+func (v *podValidator) Handle(ctx context.Context, req types.Request) types.Response {
 	pod := &corev1.Pod{}
 
 	err := v.decoder.Decode(req, pod)

pkg/manager/internal.go

@@ -28,7 +28,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/recorder"
 	"sigs.k8s.io/controller-runtime/pkg/runtime/inject"
 	logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
-	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
 var log = logf.KBLog.WithName("manager")
@@ -41,7 +41,7 @@ type controllerManager struct {
 	// to scheme.scheme.
 	scheme *runtime.Scheme
 	// admissionDecoder is used to decode an admission.Request.
-	admissionDecoder admission.Decoder
+	admissionDecoder types.Decoder
 
 	// runnables is the set of Controllers that the controllerManager injects deps into and Starts.
 	runnables []Runnable
@@ -112,6 +112,9 @@ func (cm *controllerManager) SetFields(i interface{}) error {
 	if _, err := inject.StopChannelInto(cm.stop, i); err != nil {
 		return err
 	}
+	if _, err := inject.DecoderInto(cm.admissionDecoder, i); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -127,7 +130,7 @@ func (cm *controllerManager) GetScheme() *runtime.Scheme {
 	return cm.scheme
 }
 
-func (cm *controllerManager) GetAdmissionDecoder() admission.Decoder {
+func (cm *controllerManager) GetAdmissionDecoder() types.Decoder {
 	return cm.admissionDecoder
 }
 

pkg/manager/manager.go

@@ -31,6 +31,7 @@ import (
 	internalrecorder "sigs.k8s.io/controller-runtime/pkg/internal/recorder"
 	"sigs.k8s.io/controller-runtime/pkg/recorder"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
 // Manager initializes shared dependencies such as Caches and Clients, and provides them to Runnables.
@@ -56,7 +57,7 @@ type Manager interface {
 	GetScheme() *runtime.Scheme
 
 	// GetAdmissionDecoder returns the runtime.Decoder based on the scheme.
-	GetAdmissionDecoder() admission.Decoder
+	GetAdmissionDecoder() types.Decoder
 
 	// GetClient returns a client configured with the Config
 	GetClient() client.Client
@@ -95,7 +96,7 @@ type Options struct {
 	newCache            func(config *rest.Config, opts cache.Options) (cache.Cache, error)
 	newClient           func(config *rest.Config, options client.Options) (client.Client, error)
 	newRecorderProvider func(config *rest.Config, scheme *runtime.Scheme) (recorder.Provider, error)
-	newAdmissionDecoder func(scheme *runtime.Scheme) (admission.Decoder, error)
+	newAdmissionDecoder func(scheme *runtime.Scheme) (types.Decoder, error)
 }
 
 // Runnable allows a component to be started.

pkg/runtime/inject/inject.go

@@ -21,6 +21,7 @@ import (
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
 // Cache is used by the ControllerManager to inject Cache into Sources, EventHandlers, Predicates, and
@@ -68,6 +69,21 @@ func ClientInto(client client.Client, i interface{}) (bool, error) {
 	return false, nil
 }
 
+// Decoder is used by the ControllerManager to inject client into Sources, EventHandlers, Predicates, and
+// Reconciles
+type Decoder interface {
+	InjectDecoder(types.Decoder) error
+}
+
+// DecoderInto will set client on i and return the result if it implements client.  Returns
+//// false if i does not implement client.
+func DecoderInto(decoder types.Decoder, i interface{}) (bool, error) {
+	if s, ok := i.(Decoder); ok {
+		return true, s.InjectDecoder(decoder)
+	}
+	return false, nil
+}
+
 // Scheme is used by the ControllerManager to inject Scheme into Sources, EventHandlers, Predicates, and
 // Reconciles
 type Scheme interface {

pkg/webhook/admission/builder/builder.go

@@ -31,14 +31,17 @@ import (
 
 // WebhookBuilder builds a webhook based on the provided options.
 type WebhookBuilder struct {
-	// Name specifies the Name of the webhook. It must be unique in the http
+	// name specifies the Name of the webhook. It must be unique in the http
 	// server that serves all the webhooks.
 	name string
 
-	// Path is the URL Path to register this webhook. e.g. "/feature-foo-mutating-pods".
+	// path is the URL Path to register this webhook. e.g. "/feature-foo-mutating-pods".
 	path string
 
-	// Type specifies the type of the webhook
+	// handlers are handlers for handling admission request.
+	handlers []admission.Handler
+
+	// t specifies the type of the webhook
 	t *types.WebhookType
 	// only one of operations and Rules can be set.
 	operations []admissionregistrationv1beta1.OperationType
@@ -128,6 +131,12 @@ func (b *WebhookBuilder) WithManager(mgr manager.Manager) *WebhookBuilder {
 	return b
 }
 
+// Handlers sets the handlers of the webhook.
+func (b *WebhookBuilder) Handlers(handlers ...admission.Handler) *WebhookBuilder {
+	b.handlers = handlers
+	return b
+}
+
 func (b *WebhookBuilder) validate() error {
 	if b.t == nil {
 		return errors.New("webhook type cannot be nil")
@@ -142,7 +151,7 @@ func (b *WebhookBuilder) validate() error {
 }
 
 // Build creates the Webhook based on the options provided.
-func (b *WebhookBuilder) Build(handlers ...admission.Handler) (*admission.Webhook, error) {
+func (b *WebhookBuilder) Build() (*admission.Webhook, error) {
 	err := b.validate()
 	if err != nil {
 		return nil, err
@@ -153,7 +162,7 @@ func (b *WebhookBuilder) Build(handlers ...admission.Handler) (*admission.Webhoo
 		Type:              *b.t,
 		FailurePolicy:     b.failurePolicy,
 		NamespaceSelector: b.namespaceSelector,
-		Handlers:          handlers,
+		Handlers:          b.handlers,
 	}
 
 	if len(b.path) == 0 {

pkg/webhook/admission/decode.go

@@ -19,21 +19,16 @@ package admission
 import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
-// Decoder is used to decode AdmissionRequest.
-type Decoder interface {
-	// Decode decodes the raw byte object from the AdmissionRequest to the passed-in runtime.Object.
-	Decode(Request, runtime.Object) error
-}
-
 // DecodeFunc is a function that implements the Decoder interface.
-type DecodeFunc func(Request, runtime.Object) error
+type DecodeFunc func(types.Request, runtime.Object) error
 
-var _ Decoder = DecodeFunc(nil)
+var _ types.Decoder = DecodeFunc(nil)
 
 // Decode implements the Decoder interface.
-func (f DecodeFunc) Decode(req Request, obj runtime.Object) error {
+func (f DecodeFunc) Decode(req types.Request, obj runtime.Object) error {
 	return f(req, obj)
 }
 
@@ -42,12 +37,12 @@ type decoder struct {
 }
 
 // NewDecoder creates a Decoder given the runtime.Scheme
-func NewDecoder(scheme *runtime.Scheme) (Decoder, error) {
+func NewDecoder(scheme *runtime.Scheme) (types.Decoder, error) {
 	return decoder{codecs: serializer.NewCodecFactory(scheme)}, nil
 }
 
 // Decode decodes the inlined object in the AdmissionRequest into the passed-in runtime.Object.
-func (d decoder) Decode(req Request, into runtime.Object) error {
+func (d decoder) Decode(req types.Request, into runtime.Object) error {
 	deserializer := d.codecs.UniversalDeserializer()
 	return runtime.DecodeInto(deserializer, req.AdmissionRequest.Object.Raw, into)
 }

pkg/webhook/admission/decode_test.go

@@ -24,10 +24,11 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
 var _ = Describe("admission webhook decoder", func() {
-	var decoder Decoder
+	var decoder types.Decoder
 	BeforeEach(func(done Done) {
 		var err error
 		decoder, err = NewDecoder(scheme.Scheme)
@@ -45,7 +46,7 @@ var _ = Describe("admission webhook decoder", func() {
 	})
 
 	Describe("Decode", func() {
-		req := Request{
+		req := types.Request{
 			AdmissionRequest: &admissionv1beta1.AdmissionRequest{
 				Object: runtime.RawExtension{
 					Raw: []byte(`{

pkg/webhook/admission/http.go

@@ -29,6 +29,7 @@ import (
 	admissionv1beta1 "k8s.io/api/admission/v1beta1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
 var admissionv1beta1scheme = runtime.NewScheme()
@@ -57,7 +58,7 @@ func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	var body []byte
 	var err error
 
-	var reviewResponse Response
+	var reviewResponse types.Response
 	if r.Body != nil {
 		if body, err = ioutil.ReadAll(r.Body); err != nil {
 			log.Error(err, "unable to read the body from the incoming request")
@@ -96,11 +97,11 @@ func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	for k := range wh.KVMap {
 		ctx = context.WithValue(ctx, ContextKey(k), wh.KVMap[k])
 	}
-	reviewResponse = wh.Handle(ctx, Request{AdmissionRequest: ar.Request})
+	reviewResponse = wh.Handle(ctx, types.Request{AdmissionRequest: ar.Request})
 	writeResponse(w, reviewResponse)
 }
 
-func writeResponse(w io.Writer, response Response) {
+func writeResponse(w io.Writer, response types.Response) {
 	encoder := json.NewEncoder(w)
 	responseAdmissionReview := v1beta1.AdmissionReview{
 		Response: response.Response,

pkg/webhook/admission/http_test.go

@@ -27,6 +27,7 @@ import (
 	. "github.com/onsi/gomega"
 
 	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	atypes "sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/types"
 )
 
@@ -154,10 +155,10 @@ func (nopCloser) Close() error { return nil }
 type fakeHandler struct {
 	invoked          bool
 	valueFromContext string
-	fn               func(context.Context, Request) Response
+	fn               func(context.Context, atypes.Request) atypes.Response
 }
 
-func (h *fakeHandler) Handle(ctx context.Context, req Request) Response {
+func (h *fakeHandler) Handle(ctx context.Context, req atypes.Request) atypes.Response {
 	v := ctx.Value(ContextKey("foo"))
 	if v != nil {
 		typed, ok := v.(string)
@@ -169,7 +170,7 @@ func (h *fakeHandler) Handle(ctx context.Context, req Request) Response {
 	if h.fn != nil {
 		return h.fn(ctx, req)
 	}
-	return Response{Response: &admissionv1beta1.AdmissionResponse{
+	return atypes.Response{Response: &admissionv1beta1.AdmissionResponse{
 		Allowed: true,
 	}}
 }

pkg/webhook/admission/response.go

@@ -19,26 +19,16 @@ package admission
 import (
 	"net/http"
 
-	"github.com/mattbaird/jsonpatch"
-
 	admissionv1beta1 "k8s.io/api/admission/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/patch"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/types"
 )
 
-// Response is the output of admission.Handler
-type Response struct {
-	// Patches are the JSON patches for mutating webhooks.
-	// Using this instead of setting Response.Patch to minimize the overhead of serialization and deserialization.
-	Patches []jsonpatch.JsonPatchOperation
-	// Response is the admission response. Don't set the Patch field in it.
-	Response *admissionv1beta1.AdmissionResponse
-}
-
 // ErrorResponse creates a new Response for an error handling the request
-func ErrorResponse(code int32, err error) Response {
-	return Response{
+func ErrorResponse(code int32, err error) types.Response {
+	return types.Response{
 		Response: &admissionv1beta1.AdmissionResponse{
 			Allowed: false,
 			Result: &metav1.Status{
@@ -50,8 +40,8 @@ func ErrorResponse(code int32, err error) Response {
 }
 
 // ValidationResponse returns a response for admitting a request
-func ValidationResponse(allowed bool, reason string) Response {
-	resp := Response{
+func ValidationResponse(allowed bool, reason string) types.Response {
+	resp := types.Response{
 		Response: &admissionv1beta1.AdmissionResponse{
 			Allowed: allowed,
 		},
@@ -65,12 +55,12 @@ func ValidationResponse(allowed bool, reason string) Response {
 }
 
 // PatchResponse returns a new response with json patch
-func PatchResponse(original, current runtime.Object) Response {
+func PatchResponse(original, current runtime.Object) types.Response {
 	patches, err := patch.NewJSONPatch(original, current)
 	if err != nil {
 		return ErrorResponse(http.StatusInternalServerError, err)
 	}
-	return Response{
+	return types.Response{
 		Patches: patches,
 		Response: &admissionv1beta1.AdmissionResponse{
 			Allowed:   true,