From 6d575ed0c4fc05639acd57d6e332cee205ccc61d Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Wed, 22 Nov 2017 08:17:47 -0500
Subject: [PATCH] require webhook admission kubeconfigfile to be absolute

Kubernetes-commit: 7e6ce2a04ce8ede20e3bdbcb8a5680a8e54c47a2
---
 pkg/admission/plugin/webhook/config/BUILD         | 1 +
 pkg/admission/plugin/webhook/config/kubeconfig.go | 9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkg/admission/plugin/webhook/config/BUILD b/pkg/admission/plugin/webhook/config/BUILD
index c042514ca..76c2fd3dc 100644
--- a/pkg/admission/plugin/webhook/config/BUILD
+++ b/pkg/admission/plugin/webhook/config/BUILD
@@ -16,6 +16,7 @@ go_library(
         "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors:go_default_library",
diff --git a/pkg/admission/plugin/webhook/config/kubeconfig.go b/pkg/admission/plugin/webhook/config/kubeconfig.go
index 3eef6f7e5..7cf0d3193 100644
--- a/pkg/admission/plugin/webhook/config/kubeconfig.go
+++ b/pkg/admission/plugin/webhook/config/kubeconfig.go
@@ -17,13 +17,14 @@ limitations under the License.
 package config
 
 import (
+	"fmt"
 	"io"
 	"io/ioutil"
-
-	"fmt"
+	"path"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1"
 )
@@ -57,6 +58,10 @@ func LoadConfig(configFile io.Reader) (string, error) {
 			return "", fmt.Errorf("unexpected type: %T", decodedObj)
 		}
 
+		if !path.IsAbs(config.KubeConfigFile) {
+			return "", field.Invalid(field.NewPath("kubeConfigFile"), config.KubeConfigFile, "must be an absolute file path")
+		}
+
 		kubeconfigFile = config.KubeConfigFile
 	}
 	return kubeconfigFile, nil