Drop the unused apiReader

I noticed the unused parameter in my previous change and tugged. Seems completely unused. I also noticed another unused field for the unstructured decoder, so dropping that. Signed-off-by: Matt Moore <[email protected]>
sigstore · Sep 7, 2021 · 645547b · 645547b
1 parent 6a1e1b5
commit 645547b
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 28 deletions.
diff --git a/cmd/cosign/webhook/main.go b/cmd/cosign/webhook/main.go
@@ -63,8 +63,6 @@ func main() {
 	flags.Uint16Var(&bindPort, "secure-port", bindPort, "The port on which to serve HTTPS.")
 	flags.StringVar(&tlsCertDirectory, "tls-cert-dir", tlsCertDirectory, "The directory where the TLS certs are located.")
 
-	kubernetesClientOptions := webhook.NewClientOptions(webhook.Scheme)
-
 	err := flags.Parse(os.Args[1:])
 	if err != nil {
 		klog.Error(err)
@@ -80,13 +78,7 @@ func main() {
 		appsv1.SchemeGroupVersion.WithKind("DaemonSet"):    webhook.ValidateSignedResources,
 	}
 
-	dynamicClient, err := kubernetesClientOptions.NewDynamicClient()
-	if err != nil {
-		klog.Error(err, "Failed to create client")
-		os.Exit(1)
-	}
-
-	cosignedValidationHook := webhook.NewFuncAdmissionValidator(webhook.Scheme, dynamicClient, cosignedValidationFuncs, secretKeyRef)
+	cosignedValidationHook := webhook.NewFuncAdmissionValidator(webhook.Scheme, cosignedValidationFuncs, secretKeyRef)
 
 	opts := ctrl.Options{
 		Scheme:             webhook.Scheme,

diff --git a/pkg/cosign/kubernetes/webhook/handler.go b/pkg/cosign/kubernetes/webhook/handler.go
@@ -26,13 +26,11 @@ import (
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
@@ -50,29 +48,25 @@ func init() { //nolint:gochecknoinits
 }
 
 type funcAdmissionValidator struct {
-	regularDecoder      runtime.Decoder
-	unstructuredDecoder runtime.Decoder
-	apiReader           client.Reader
-	validations         map[schema.GroupVersionKind]ValidationFunc
-	scheme              *runtime.Scheme
-	secretKeyRef        string
+	regularDecoder runtime.Decoder
+	validations    map[schema.GroupVersionKind]ValidationFunc
+	scheme         *runtime.Scheme
+	secretKeyRef   string
 }
 
-func NewFuncAdmissionValidator(scheme *runtime.Scheme, dynamicClient client.Client, fns map[schema.GroupVersionKind]ValidationFunc, secretKeyRef string) *webhook.Admission {
+func NewFuncAdmissionValidator(scheme *runtime.Scheme, fns map[schema.GroupVersionKind]ValidationFunc, secretKeyRef string) *webhook.Admission {
 	factory := serializer.NewCodecFactory(scheme)
 	return &webhook.Admission{
 		Handler: &funcAdmissionValidator{
-			regularDecoder:      factory.UniversalDeserializer(),
-			unstructuredDecoder: unstructured.UnstructuredJSONScheme,
-			apiReader:           dynamicClient,
-			scheme:              scheme,
-			validations:         fns,
-			secretKeyRef:        secretKeyRef,
+			regularDecoder: factory.UniversalDeserializer(),
+			scheme:         scheme,
+			validations:    fns,
+			secretKeyRef:   secretKeyRef,
 		},
 	}
 }
 
-type ValidationFunc func(newObj runtime.Object, apiReader client.Reader, keys []*ecdsa.PublicKey) field.ErrorList
+type ValidationFunc func(newObj runtime.Object, keys []*ecdsa.PublicKey) field.ErrorList
 
 func (c *funcAdmissionValidator) Handle(_ context.Context, admissionSpec admission.Request) admission.Response {
 	var (
@@ -147,7 +141,7 @@ func (c *funcAdmissionValidator) Handle(_ context.Context, admissionSpec admissi
 
 	switch admissionSpec.Operation {
 	case admissionv1.Create, admissionv1.Update:
-		validationErrs = validateFunc(newObj, c.apiReader, keys)
+		validationErrs = validateFunc(newObj, keys)
 
 	default:
 		return admission.Response{

diff --git a/pkg/cosign/kubernetes/webhook/validation.go b/pkg/cosign/kubernetes/webhook/validation.go
@@ -33,14 +33,13 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 var (
 	log = ctrl.Log.WithName("cosigned")
 )
 
-func ValidateSignedResources(obj runtime.Object, apiReader client.Reader, keys []*ecdsa.PublicKey) field.ErrorList {
+func ValidateSignedResources(obj runtime.Object, keys []*ecdsa.PublicKey) field.ErrorList {
 	containers, err := getContainers(obj)
 	if err != nil {
 		return field.ErrorList{field.InternalError(field.NewPath(""), err)}