feat: add new callback request

Allow to obtain the plural name of a Kubernetes resource via a callback query. This is required to enable OPA policies to be context aware. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
kubewarden · Oct 23, 2023 · d339be3 · d339be3
1 parent fe982fb
commit d339be3
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 0 deletions.
diff --git a/src/callback_handler/kubernetes.rs b/src/callback_handler/kubernetes.rs
@@ -182,6 +182,11 @@ impl Client {
             .map_err(anyhow::Error::new)?
             .ok_or_else(|| anyhow!("Cannot find {api_version}/{kind} named '{name}' inside of namespace '{namespace:?}'"))
     }
+
+    async fn get_resource_plural_name(&mut self, api_version: &str, kind: &str) -> Result<String> {
+        let resource = self.build_kube_resource(api_version, kind).await?;
+        Ok(resource.resource.plural)
+    }
 }
 
 #[cached(
@@ -287,3 +292,24 @@ pub(crate) async fn get_resource_cached(
 ) -> Result<cached::Return<kube::core::DynamicObject>> {
     get_resource(client, api_version, kind, name, namespace).await
 }
+
+pub(crate) async fn get_resource_plural_name(
+    client: Option<&mut Client>,
+    api_version: &str,
+    kind: &str,
+) -> Result<cached::Return<String>> {
+    if client.is_none() {
+        return Err(anyhow!("kube::Client was not initialized properly"));
+    }
+
+    client
+        .unwrap()
+        .get_resource_plural_name(api_version, kind)
+        .await
+        .map(|value| cached::Return {
+            // this is always cached, because the client builds an overview of
+            // the cluster resources at bootstrap time
+            was_cached: true,
+            value,
+        })
+}
diff --git a/src/callback_handler/mod.rs b/src/callback_handler/mod.rs
@@ -300,6 +300,24 @@ impl CallbackHandler {
                                     )
                                 }
                             }
+                            CallbackRequestType::KubernetesGetResourcePluralName {
+                                api_version,
+                                kind,
+                            } => {
+                                handle_callback!(
+                                    req,
+                                    format!("{api_version}/{kind}"),
+                                    "Is Kubernetes resource namespaced",
+                                    {
+                                        kubernetes::get_resource_plural_name(
+                                            self.kubernetes_client.as_mut(),
+                                            &api_version,
+                                            &kind,
+                                        )
+                                    }
+                                )
+                            }
+
                         }
                     }
                 },

diff --git a/src/callback_requests.rs b/src/callback_requests.rs
@@ -162,6 +162,14 @@ pub enum CallbackRequestType {
         /// might cause issues to the cluster
         disable_cache: bool,
     },
+
+    /// Get the plural name of a Kubernetes resource. E.g. `v1/Service` -> `services`
+    KubernetesGetResourcePluralName {
+        /// apiVersion of the resource (v1 for core group, groupName/groupVersions for other).
+        api_version: String,
+        /// Singular PascalCase name of the resource
+        kind: String,
+    },
 }
 
 impl From<SigstoreVerificationInputV2> for CallbackRequestType {