Prevent adding DevWorkspace(Template)s through kube components

amisevsk · amisevsk · commit e58403dddc44 · 2022-12-16T14:40:57.000-05:00
Signed-off-by: Angel Misevski &lt;amisevsk@redhat.com&gt;
diff --git a/webhook/workspace/handler/kubernetes.go b/webhook/workspace/handler/kubernetes.go
@@ -89,6 +89,9 @@ func (h *WebhookHandler) validatePermissionsOnObject(ctx context.Context, req ad
 	if kind == "Role" || kind == "Rolebinding" || kind == "ClusterRole" || kind == "ClusterRoleBinding" {
 		return fmt.Errorf("kubernetes RBAC objects are not permitted within DevWorkspace components")
 	}
+	if kind == "DevWorkspace" || kind == "DevWorkspaceTemplate" {
+		return fmt.Errorf("DevWorkspace objects are not permitted within DevWorkspace components")
+	}
 
 	// Workaround to get the correct resource type for a given kind -- probably fragile
 	// Convert e.g. Pod -> pods, Deployment -> deployments

Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,9 @@ func (h *WebhookHandler) validatePermissionsOnObject(ctx context.Context, req ad`
`89`	`89`	`if kind == "Role" \|\| kind == "Rolebinding" \|\| kind == "ClusterRole" \|\| kind == "ClusterRoleBinding" {`
`90`	`90`	`return fmt.Errorf("kubernetes RBAC objects are not permitted within DevWorkspace components")`
`91`	`91`	`}`
	`92`	`+ if kind == "DevWorkspace" \|\| kind == "DevWorkspaceTemplate" {`
	`93`	`+ return fmt.Errorf("DevWorkspace objects are not permitted within DevWorkspace components")`
	`94`	`+ }`
`92`	`95`
`93`	`96`	`// Workaround to get the correct resource type for a given kind -- probably fragile`
`94`	`97`	`// Convert e.g. Pod -> pods, Deployment -> deployments`