Skip to content

feature: Implement ValidatingAdmissionPolicy #3733

New issue
New issue
Open
Feature
Open
feature: Implement ValidatingAdmissionPolicy#3733
Feature
Assignees
olamilekan000
Labels
kind/featureCategorizes issue or PR as related to a new feature.
@mjudeikis

Description

@mjudeikis
mjudeikis
opened on Nov 26, 2025

Feature Description

ValidatingWebhookConfiguration (pkg/admission/validatingwebhook/plugin.go):

  • Has getSourceClusterForGroupResource() method
  • Checks APIBindings to find the source workspace
  • Calls webhooks from the APIExport workspace when resources are bound

This means that any object, created in APIBinding workspace will be checked using WebhookConfiguration in Provider workspace.

And missing part:

ValidatingAdmissionPolicy (pkg/admission/validatingadmissionpolicy/validating_admission_policy.go):

  • Only looks at policies in the same logical cluster (line 190-191)
  • No APIBinding/cross-workspace logic
  • Policies in an APIExport workspace won't apply to consuming workspaces

So ValidatingAdmissionPolicy is not implemented

Proposed Solution

Implement in the same way as ValidatingWebhookConfiguration
Add tests :)
Update docs :)

Alternative Solutions

No response

Want to contribute?

  • I would like to work on this issue.

Additional Context

No response

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.

Type

Feature

Projects

kcp

Status

New

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions