kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #56213 from deads2k/admission-18-validation 

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

require webhook admission kubeconfigfile to be absolute

Minimal change to enforce absolute file paths when using webhook admission config.

Eventually we should resolve the local file paths relative to the original configuration file, but that requires fairly significant plumbing.

@caesarxuchao @sttts @liggitt

If this is not fixed, then inconsistent, seemingly random file resolution will happen and may pin this API to bad behavior that we will later have to break.

Kubernetes-commit: 65f5c1e8475c26dd503860ddb14356fe83c4e5a5
This commit is contained in:
Kubernetes Publisher 2017-11-22 07:45:37 -08:00
parent bcde3e688c 6d575ed0c4
commit 21f96018e0
3 changed files with 1688 additions and 1682 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3360
Godeps/Godeps.json generated
View File

File diff suppressed because it is too large Load Diff

1
pkg/admission/plugin/webhook/config/BUILD
View File

@ -16,6 +16,7 @@ go_library(
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors:go_default_library",

9
pkg/admission/plugin/webhook/config/kubeconfig.go
View File

@ -17,13 +17,14 @@ limitations under the License.
package config
import (
"fmt"
"io"
"io/ioutil"
"fmt"
"path"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission"
"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1"
)
@ -57,6 +58,10 @@ func LoadConfig(configFile io.Reader) (string, error) {
return "", fmt.Errorf("unexpected type: %T", decodedObj)
}
if !path.IsAbs(config.KubeConfigFile) {
return "", field.Invalid(field.NewPath("kubeConfigFile"), config.KubeConfigFile, "must be an absolute file path")
}
kubeconfigFile = config.KubeConfigFile
}
return kubeconfigFile, nil