pkg icon indicating copy to clipboard operation
pkg copied to clipboard

Published 20 hours ago verified publisher icon knative

Consider putting the admission review on the webhook context

Open dprotaso opened this issue 3 years ago • 13 comments 

    > The use case is that I need to parse again the AdmissionRequest from Request.Body to perform further checks in the validating/mutating phase.

Would it make more sense for the AdmissionRequest go object to be on the context - instead of having the raw request body and parsing it again yourself?

Originally posted by @dprotaso in https://github.com/knative/pkg/issues/2583#issuecomment-1331507771

dprotaso avatar Nov 30 '22 00:11 dprotaso

Yes it does. It does not only help to prevent us from parsing the request again, but also helps not to consume the Request.Body bytes when we do so.

elfotografo007 avatar Dec 16 '22 14:12 elfotografo007

/good-first-issue

dprotaso avatar Jan 04 '23 20:01 dprotaso

@dprotaso: This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-good-first-issue command.

In response to this:

/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

knative-prow[bot] avatar Jan 04 '23 20:01 knative-prow[bot]

/assign

rahulii avatar Apr 03 '23 12:04 rahulii

hey @dprotaso @elfotografo007 , could you give some pointers to where could I start looking into? thanks!

rahulii avatar Apr 03 '23 12:04 rahulii

First, you can check this PR. Reading the HTTP request body r.Body will consume the bytes and you are not able to read it again afterwards. The PR reads it and sets a copy again in r.Body so it can be read a second time. The purpose of this issue is to make the AdmissionRequest go object to be available in the context cxt for later use.

To accomplish this, you may need to create something similar to ctx = apis.WithHTTPRequest(ctx, r) like ctx = apis.WithAdmissionRequest(ctx, r) to set it and apis.GetAdmissionRequest(ctx) to read it afterwards.

I really don't know about Knative internals so I cannot help you any further than this.

elfotografo007 avatar Apr 03 '23 17:04 elfotografo007

I would also remove apis.WithHTTPRequest - since we would want folks to use these GetAdmissionRequest helper

dprotaso avatar Apr 04 '23 20:04 dprotaso

First, you can check this PR. Reading the HTTP request body r.Body will consume the bytes and you are not able to read it again afterwards. The PR reads it and sets a copy again in r.Body so it can be read a second time. The purpose of this issue is to make the AdmissionRequest go object to be available in the context cxt for later use.

@elfotografo007 got it . I gad one naive doubt though - why can't it read for the second time? In the previous PR its mentioned it returns EOF? 🤔

rahulii avatar Apr 07 '23 10:04 rahulii

When you read the bytes, they are consumed and gone forever. I mitigated the issue by using a TeeReader that reads the bytes and copies them back so they can be read again. This has a problem that if you read them again and don't copy them back, they are gone.

elfotografo007 avatar Apr 07 '23 11:04 elfotografo007

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Jul 07 '23 01:07 github-actions[bot]

/lifecycle frozen

dprotaso avatar Jul 07 '23 13:07 dprotaso

Is this issue being worked on ? If not, i'd love to look into the issue @elfotografo007

TusharMohapatra07 avatar Dec 09 '24 16:12 TusharMohapatra07

I am not working on it, so I guess you can take it.

elfotografo007 avatar Dec 09 '24 16:12 elfotografo007