Check for watched namespace before getting kubernetes objects

This commit is contained in:
Daniel Tomcej 2018-12-26 04:30:05 -06:00 committed by Traefiker Bot
parent a0b1d54012
commit bc6e9d5042

View file

@ -53,6 +53,7 @@ type clientImpl struct {
factories map[string]informers.SharedInformerFactory factories map[string]informers.SharedInformerFactory
ingressLabelSelector labels.Selector ingressLabelSelector labels.Selector
isNamespaceAll bool isNamespaceAll bool
watchedNamespaces Namespaces
} }
func newClientImpl(clientset *kubernetes.Clientset) *clientImpl { func newClientImpl(clientset *kubernetes.Clientset) *clientImpl {
@ -120,6 +121,8 @@ func (c *clientImpl) WatchAll(namespaces Namespaces, stopCh <-chan struct{}) (<-
c.isNamespaceAll = true c.isNamespaceAll = true
} }
c.watchedNamespaces = namespaces
eventHandler := c.newResourceEventHandler(eventCh) eventHandler := c.newResourceEventHandler(eventCh)
for _, ns := range namespaces { for _, ns := range namespaces {
factory := informers.NewFilteredSharedInformerFactory(c.clientset, resyncPeriod, ns, nil) factory := informers.NewFilteredSharedInformerFactory(c.clientset, resyncPeriod, ns, nil)
@ -168,6 +171,10 @@ func (c *clientImpl) GetIngresses() []*extensionsv1beta1.Ingress {
// UpdateIngressStatus updates an Ingress with a provided status. // UpdateIngressStatus updates an Ingress with a provided status.
func (c *clientImpl) UpdateIngressStatus(namespace, name, ip, hostname string) error { func (c *clientImpl) UpdateIngressStatus(namespace, name, ip, hostname string) error {
if !c.isWatchedNamespace(namespace) {
return fmt.Errorf("failed to get ingress %s/%s: namespace is not within watched namespaces", namespace, name)
}
ing, err := c.factories[c.lookupNamespace(namespace)].Extensions().V1beta1().Ingresses().Lister().Ingresses(namespace).Get(name) ing, err := c.factories[c.lookupNamespace(namespace)].Extensions().V1beta1().Ingresses().Lister().Ingresses(namespace).Get(name)
if err != nil { if err != nil {
return fmt.Errorf("failed to get ingress %s/%s: %v", namespace, name, err) return fmt.Errorf("failed to get ingress %s/%s: %v", namespace, name, err)
@ -193,6 +200,10 @@ func (c *clientImpl) UpdateIngressStatus(namespace, name, ip, hostname string) e
// GetService returns the named service from the given namespace. // GetService returns the named service from the given namespace.
func (c *clientImpl) GetService(namespace, name string) (*corev1.Service, bool, error) { func (c *clientImpl) GetService(namespace, name string) (*corev1.Service, bool, error) {
if !c.isWatchedNamespace(namespace) {
return nil, false, fmt.Errorf("failed to get service %s/%s: namespace is not within watched namespaces", namespace, name)
}
service, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Services().Lister().Services(namespace).Get(name) service, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Services().Lister().Services(namespace).Get(name)
exist, err := translateNotFoundError(err) exist, err := translateNotFoundError(err)
return service, exist, err return service, exist, err
@ -200,6 +211,10 @@ func (c *clientImpl) GetService(namespace, name string) (*corev1.Service, bool,
// GetEndpoints returns the named endpoints from the given namespace. // GetEndpoints returns the named endpoints from the given namespace.
func (c *clientImpl) GetEndpoints(namespace, name string) (*corev1.Endpoints, bool, error) { func (c *clientImpl) GetEndpoints(namespace, name string) (*corev1.Endpoints, bool, error) {
if !c.isWatchedNamespace(namespace) {
return nil, false, fmt.Errorf("failed to get endpoints %s/%s: namespace is not within watched namespaces", namespace, name)
}
endpoint, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Endpoints().Lister().Endpoints(namespace).Get(name) endpoint, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Endpoints().Lister().Endpoints(namespace).Get(name)
exist, err := translateNotFoundError(err) exist, err := translateNotFoundError(err)
return endpoint, exist, err return endpoint, exist, err
@ -207,6 +222,10 @@ func (c *clientImpl) GetEndpoints(namespace, name string) (*corev1.Endpoints, bo
// GetSecret returns the named secret from the given namespace. // GetSecret returns the named secret from the given namespace.
func (c *clientImpl) GetSecret(namespace, name string) (*corev1.Secret, bool, error) { func (c *clientImpl) GetSecret(namespace, name string) (*corev1.Secret, bool, error) {
if !c.isWatchedNamespace(namespace) {
return nil, false, fmt.Errorf("failed to get secret %s/%s: namespace is not within watched namespaces", namespace, name)
}
secret, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Secrets().Lister().Secrets(namespace).Get(name) secret, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Secrets().Lister().Secrets(namespace).Get(name)
exist, err := translateNotFoundError(err) exist, err := translateNotFoundError(err)
return secret, exist, err return secret, exist, err
@ -257,3 +276,17 @@ func translateNotFoundError(err error) (bool, error) {
} }
return err == nil, err return err == nil, err
} }
// isWatchedNamespace checks to ensure that the namespace is being watched before we request
// it to ensure we don't panic by requesting an out-of-watch object
func (c *clientImpl) isWatchedNamespace(ns string) bool {
if c.isNamespaceAll {
return true
}
for _, watchedNamespace := range c.watchedNamespaces {
if watchedNamespace == ns {
return true
}
}
return false
}