From ca69888cba2ea273d5405c5e9c82245abf7d7bc5 Mon Sep 17 00:00:00 2001
From: David Desmarais-Michaud <desmarais.michaud.david@gmail.com>
Date: Wed, 5 Mar 2025 22:14:47 -0500
Subject: [PATCH] atc: allow airways to skip admission review if configured

---
 cmd/atc/handler.go                 |  14 ++++++++++++++
 cmd/atc/internal/.DS_Store         | Bin 6148 -> 0 bytes
 pkg/apis/airway/v1alpha1/airway.go |   8 ++++++++
 pkg/openapi/flight.golden.json     |   3 +++
 4 files changed, 25 insertions(+)
 delete mode 100644 cmd/atc/internal/.DS_Store

diff --git a/cmd/atc/handler.go b/cmd/atc/handler.go
index ec5dd65..5c9ab38 100644
--- a/cmd/atc/handler.go
+++ b/cmd/atc/handler.go
@@ -154,6 +154,20 @@ func Handler(client *k8s.Client, cache *wasm.ModuleCache, logger *slog.Logger) h
 			return
 		}
 
+		if airway.Spec.SkipAdmissionWebhook {
+			review.Response = &admissionv1.AdmissionResponse{
+				UID:     review.Request.UID,
+				Allowed: true,
+				Result:  &metav1.Status{Status: metav1.StatusSuccess, Message: "admission skipped"},
+			}
+			review.Request = nil
+
+			addRequestAttrs(r.Context(), slog.Bool("skipped", true))
+
+			json.NewEncoder(w).Encode(&review)
+			return
+		}
+
 		object, _, err := unstructured.NestedFieldNoCopy(cr.Object, airway.Spec.ObjectPath...)
 		if err != nil {
 			http.Error(w, fmt.Sprintf("failed to get object path: %v", err), http.StatusInternalServerError)
diff --git a/cmd/atc/internal/.DS_Store b/cmd/atc/internal/.DS_Store
deleted file mode 100644
index 29b880e732d26421304064c4b4773434c03cfb9c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKOKQVF43%0#1Knhq<y;{*7>s*@Tp)`S6DTgEN!MQGTs>N!K9m}}n?N?@38Xip
z(HrBpuq+YL_Hx*YtVLu6H<YV|x!Jk-%pNkMKsfF=${_vc?lio;&#IRb#(k2ryvhgS
zFaFTSt;;lKsQ?wA0#twsP=Om2u-*$>JqI#U0V+TReiX3pLxCIC#4*r69SA-G02`#;
zu=ZI3SS$goiDMu#Fbyg&sG1{&1|9j5bv1De47z9zADU0roKV!Cj{A$3i`GC!DnJFM
z3OvSkZT<fR{>S`3C2>ausKCEcK$~vYwRolMt+SW2UR&UMxYc~Y&9HU~g12L!w_|Lq
e9dEoS>WZy#UK7Varz7ulAb$o-7aA3~w*uet;T5j{

diff --git a/pkg/apis/airway/v1alpha1/airway.go b/pkg/apis/airway/v1alpha1/airway.go
index bf730d6..7cc0e76 100644
--- a/pkg/apis/airway/v1alpha1/airway.go
+++ b/pkg/apis/airway/v1alpha1/airway.go
@@ -45,6 +45,14 @@ type AirwaySpec struct {
 	// CrossNamespace allows for resources to be created in other namespaces other than the releases target namespace.
 	CrossNamespace bool `json:"crossNamespace,omitempty"`
 
+	// SkipAdmissionWebhook bypasses admission webhook for the airway's CRs.
+	// The admission webhook validates that the resources that would be created pass a dry-run phase.
+	// However in the case of some multi-stage implementations, stages that depend on prior stages cannot pass dry-run.
+	// In this case there is no option but to skip the admission webhook.
+	//
+	// Therefore multi-stage Airways are not generally recommended.
+	SkipAdmissionWebhook bool `json:"skipAdmissionWebhook,omitempty"`
+
 	// Template is the CustomResourceDefinition Specification to create. A CRD will be created using this specification
 	// and bound to the implementation defined by the WasmURLs.Flight property.
 	Template apiextensionsv1.CustomResourceDefinitionSpec `json:"template"`
diff --git a/pkg/openapi/flight.golden.json b/pkg/openapi/flight.golden.json
index 4da2291..6ed6fd6 100644
--- a/pkg/openapi/flight.golden.json
+++ b/pkg/openapi/flight.golden.json
@@ -26,6 +26,9 @@
             "type": "string"
           }
         },
+        "skipAdmissionWebhook": {
+          "type": "boolean"
+        },
         "template": {
           "type": "object",
           "required": [