From 2f39c69db301912e52cb5544a78326f7f4db441b Mon Sep 17 00:00:00 2001
From: stoneshi-yunify <stoneshi@kubesphere.io>
Date: Tue, 19 Sep 2023 16:44:54 +0800
Subject: [PATCH] support * as matcher

Signed-off-by: stoneshi-yunify <stoneshi@kubesphere.io>
---
 webhook/pvc.go      |  4 ++--
 webhook/selector.go | 28 ++++++++++++++++++++++------
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/webhook/pvc.go b/webhook/pvc.go
index 5471bf1..2af06ff 100644
--- a/webhook/pvc.go
+++ b/webhook/pvc.go
@@ -58,8 +58,6 @@ func (a *Admitter) serverPVCRequest(w http.ResponseWriter, r *http.Request) {
 }
 
 func (a *Admitter) AdmitPVC(ar admissionv1.AdmissionReview) *admissionv1.AdmissionResponse {
-	klog.Infof("admission review: %v", ar)
-
 	if ar.Request.Operation != admissionv1.Create {
 		return reviewResponse
 	}
@@ -87,6 +85,8 @@ func (a *Admitter) AdmitPVC(ar admissionv1.AdmissionReview) *admissionv1.Admissi
 		operator:         string(ar.Request.Operation),
 		storageClassName: *newPVC.Spec.StorageClassName,
 	}
+
+	klog.Infof("request pvc: %v", reqPVC)
 	return a.decidePVCV1(context.Background(), reqPVC)
 }
 
diff --git a/webhook/selector.go b/webhook/selector.go
index 1bcf9ee..dca418c 100644
--- a/webhook/selector.go
+++ b/webhook/selector.go
@@ -19,14 +19,24 @@ func matchLabel(info map[string]string, expressions []v1alpha1.MatchExpressions)
 			if len(item.Values) == 0 {
 				continue
 			}
+			var labelKeyExist bool
+			_, ok := info[item.Key]
+			if ok {
+				labelKeyExist = true
+			}
 			switch item.Operator {
 			case v1alpha1.In:
-				rulePass = rulePass && slices.Contains(item.Values, info[item.Key])
+				rulePass = rulePass && labelKeyExist && (slices.Contains(item.Values, "*") || slices.Contains(item.Values, info[item.Key]))
 			case v1alpha1.NotIn:
-				rulePass = rulePass && !slices.Contains(item.Values, info[item.Key])
+				if labelKeyExist {
+					rulePass = rulePass && !slices.Contains(item.Values, "*") && !slices.Contains(item.Values, info[item.Key])
+				}
 			default:
 				continue
 			}
+			if !rulePass {
+				break
+			}
 		}
 		if rulePass {
 			return rulePass
@@ -58,12 +68,15 @@ func nsMatchField(ns *corev1.Namespace, expressions []v1alpha1.FieldExpressions)
 			}
 			switch item.Operator {
 			case v1alpha1.In:
-				rulePass = rulePass && slices.Contains(item.Values, val)
+				rulePass = rulePass && (slices.Contains(item.Values, "*") || slices.Contains(item.Values, val))
 			case v1alpha1.NotIn:
-				rulePass = rulePass && !slices.Contains(item.Values, val)
+				rulePass = rulePass && !slices.Contains(item.Values, "*") && !slices.Contains(item.Values, val)
 			default:
 				continue
 			}
+			if !rulePass {
+				break
+			}
 		}
 		if rulePass {
 			return rulePass
@@ -95,12 +108,15 @@ func wsMatchField(ws *workspacev1alpha1.Workspace, expressions []v1alpha1.FieldE
 			}
 			switch item.Operator {
 			case v1alpha1.In:
-				pass = pass && slices.Contains(item.Values, val)
+				pass = pass && (slices.Contains(item.Values, "*") || slices.Contains(item.Values, val))
 			case v1alpha1.NotIn:
-				pass = pass && !slices.Contains(item.Values, val)
+				pass = pass && !slices.Contains(item.Values, "*") && !slices.Contains(item.Values, val)
 			default:
 				continue
 			}
+			if !pass {
+				break
+			}
 		}
 		if pass {
 			return pass