Matchconditions admission webhooks alpha implementation for kep-3716 (#116261)

* api changes adding match conditions * feature gate and registry strategy to drop fields * matchConditions logic for admission webhooks * feedback * update test * import order * bears.com * update fail policy ignore behavior * update docs and matcher to hold fail policy as non-pointer * update matcher error aggregation, fix early fail failpolicy ignore, update docs * final cleanup * openapi gen Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
2025-06-26 15:12:06 +00:00 · 2023-03-14 22:28:26 -05:00 · 2023-03-14 22:28:26 -05:00 · 38589731da
commit 38589731da
parent 445660b561
10 changed files with 214 additions and 4 deletions
--- a/applyconfigurations/admissionregistration/v1/matchcondition.go
+++ b/applyconfigurations/admissionregistration/v1/matchcondition.go
@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// MatchConditionApplyConfiguration represents an declarative configuration of the MatchCondition type for use
+// with apply.
+type MatchConditionApplyConfiguration struct {
+	Name       *string `json:"name,omitempty"`
+	Expression *string `json:"expression,omitempty"`
+}
+
+// MatchConditionApplyConfiguration constructs an declarative configuration of the MatchCondition type for use with
+// apply.
+func MatchCondition() *MatchConditionApplyConfiguration {
+	return &MatchConditionApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *MatchConditionApplyConfiguration) WithName(value string) *MatchConditionApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *MatchConditionApplyConfiguration) WithExpression(value string) *MatchConditionApplyConfiguration {
+	b.Expression = &value
+	return b
+}
--- a/applyconfigurations/admissionregistration/v1/mutatingwebhook.go
+++ b/applyconfigurations/admissionregistration/v1/mutatingwebhook.go
@ -37,6 +37,7 @@ type MutatingWebhookApplyConfiguration struct {
 	TimeoutSeconds          *int32                                          `json:"timeoutSeconds,omitempty"`
 	AdmissionReviewVersions []string                                        `json:"admissionReviewVersions,omitempty"`
 	ReinvocationPolicy      *admissionregistrationv1.ReinvocationPolicyType `json:"reinvocationPolicy,omitempty"`
+	MatchConditions         []MatchConditionApplyConfiguration              `json:"matchConditions,omitempty"`
 }

 // MutatingWebhookApplyConfiguration constructs an declarative configuration of the MutatingWebhook type for use with
@ -139,3 +140,16 @@ func (b *MutatingWebhookApplyConfiguration) WithReinvocationPolicy(value admissi
 	b.ReinvocationPolicy = &value
 	return b
 }
+
+// WithMatchConditions adds the given value to the MatchConditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the MatchConditions field.
+func (b *MutatingWebhookApplyConfiguration) WithMatchConditions(values ...*MatchConditionApplyConfiguration) *MutatingWebhookApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithMatchConditions")
+		}
+		b.MatchConditions = append(b.MatchConditions, *values[i])
+	}
+	return b
+}
--- a/applyconfigurations/admissionregistration/v1/validatingwebhook.go
+++ b/applyconfigurations/admissionregistration/v1/validatingwebhook.go
@ -36,6 +36,7 @@ type ValidatingWebhookApplyConfiguration struct {
 	SideEffects             *admissionregistrationv1.SideEffectClass   `json:"sideEffects,omitempty"`
 	TimeoutSeconds          *int32                                     `json:"timeoutSeconds,omitempty"`
 	AdmissionReviewVersions []string                                   `json:"admissionReviewVersions,omitempty"`
+	MatchConditions         []MatchConditionApplyConfiguration         `json:"matchConditions,omitempty"`
 }

 // ValidatingWebhookApplyConfiguration constructs an declarative configuration of the ValidatingWebhook type for use with
@ -130,3 +131,16 @@ func (b *ValidatingWebhookApplyConfiguration) WithAdmissionReviewVersions(values
 	}
 	return b
 }
+
+// WithMatchConditions adds the given value to the MatchConditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the MatchConditions field.
+func (b *ValidatingWebhookApplyConfiguration) WithMatchConditions(values ...*MatchConditionApplyConfiguration) *ValidatingWebhookApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithMatchConditions")
+		}
+		b.MatchConditions = append(b.MatchConditions, *values[i])
+	}
+	return b
+}
--- a/applyconfigurations/admissionregistration/v1beta1/matchcondition.go
+++ b/applyconfigurations/admissionregistration/v1beta1/matchcondition.go
@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// MatchConditionApplyConfiguration represents an declarative configuration of the MatchCondition type for use
+// with apply.
+type MatchConditionApplyConfiguration struct {
+	Name       *string `json:"name,omitempty"`
+	Expression *string `json:"expression,omitempty"`
+}
+
+// MatchConditionApplyConfiguration constructs an declarative configuration of the MatchCondition type for use with
+// apply.
+func MatchCondition() *MatchConditionApplyConfiguration {
+	return &MatchConditionApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *MatchConditionApplyConfiguration) WithName(value string) *MatchConditionApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *MatchConditionApplyConfiguration) WithExpression(value string) *MatchConditionApplyConfiguration {
+	b.Expression = &value
+	return b
+}
--- a/applyconfigurations/admissionregistration/v1beta1/mutatingwebhook.go
+++ b/applyconfigurations/admissionregistration/v1beta1/mutatingwebhook.go
@ -38,6 +38,7 @@ type MutatingWebhookApplyConfiguration struct {
 	TimeoutSeconds          *int32                                               `json:"timeoutSeconds,omitempty"`
 	AdmissionReviewVersions []string                                             `json:"admissionReviewVersions,omitempty"`
 	ReinvocationPolicy      *admissionregistrationv1beta1.ReinvocationPolicyType `json:"reinvocationPolicy,omitempty"`
+	MatchConditions         []MatchConditionApplyConfiguration                   `json:"matchConditions,omitempty"`
 }

 // MutatingWebhookApplyConfiguration constructs an declarative configuration of the MutatingWebhook type for use with
@ -140,3 +141,16 @@ func (b *MutatingWebhookApplyConfiguration) WithReinvocationPolicy(value admissi
 	b.ReinvocationPolicy = &value
 	return b
 }
+
+// WithMatchConditions adds the given value to the MatchConditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the MatchConditions field.
+func (b *MutatingWebhookApplyConfiguration) WithMatchConditions(values ...*MatchConditionApplyConfiguration) *MutatingWebhookApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithMatchConditions")
+		}
+		b.MatchConditions = append(b.MatchConditions, *values[i])
+	}
+	return b
+}
--- a/applyconfigurations/admissionregistration/v1beta1/validatingwebhook.go
+++ b/applyconfigurations/admissionregistration/v1beta1/validatingwebhook.go
@ -37,6 +37,7 @@ type ValidatingWebhookApplyConfiguration struct {
 	SideEffects             *admissionregistrationv1beta1.SideEffectClass   `json:"sideEffects,omitempty"`
 	TimeoutSeconds          *int32                                          `json:"timeoutSeconds,omitempty"`
 	AdmissionReviewVersions []string                                        `json:"admissionReviewVersions,omitempty"`
+	MatchConditions         []MatchConditionApplyConfiguration              `json:"matchConditions,omitempty"`
 }

 // ValidatingWebhookApplyConfiguration constructs an declarative configuration of the ValidatingWebhook type for use with
@ -131,3 +132,16 @@ func (b *ValidatingWebhookApplyConfiguration) WithAdmissionReviewVersions(values
 	}
 	return b
 }
+
+// WithMatchConditions adds the given value to the MatchConditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the MatchConditions field.
+func (b *ValidatingWebhookApplyConfiguration) WithMatchConditions(values ...*MatchConditionApplyConfiguration) *ValidatingWebhookApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithMatchConditions")
+		}
+		b.MatchConditions = append(b.MatchConditions, *values[i])
+	}
+	return b
+}
--- a/applyconfigurations/internal/internal.go
+++ b/applyconfigurations/internal/internal.go
@ -39,6 +39,17 @@ func Parser() *typed.Parser {
 var parserOnce sync.Once
 var parser *typed.Parser
 var schemaYAML = typed.YAMLObject(`types:
+- name: io.k8s.api.admissionregistration.v1.MatchCondition
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: name
+      type:
+        scalar: string
+      default: ""
 - name: io.k8s.api.admissionregistration.v1.MutatingWebhook
  map:
    fields:
@ -55,6 +66,14 @@ var schemaYAML = typed.YAMLObject(`types:
    - name: failurePolicy
      type:
        scalar: string
+    - name: matchConditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1.MatchCondition
+          elementRelationship: associative
+          keys:
+          - name
    - name: matchPolicy
      type:
        scalar: string
@ -167,6 +186,14 @@ var schemaYAML = typed.YAMLObject(`types:
    - name: failurePolicy
      type:
        scalar: string
+    - name: matchConditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1.MatchCondition
+          elementRelationship: associative
+          keys:
+          - name
    - name: matchPolicy
      type:
        scalar: string
@ -451,6 +478,17 @@ var schemaYAML = typed.YAMLObject(`types:
    - name: reason
      type:
        scalar: string
+- name: io.k8s.api.admissionregistration.v1beta1.MatchCondition
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: name
+      type:
+        scalar: string
+      default: ""
 - name: io.k8s.api.admissionregistration.v1beta1.MutatingWebhook
  map:
    fields:
@ -467,6 +505,14 @@ var schemaYAML = typed.YAMLObject(`types:
    - name: failurePolicy
      type:
        scalar: string
+    - name: matchConditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.MatchCondition
+          elementRelationship: associative
+          keys:
+          - name
    - name: matchPolicy
      type:
        scalar: string
@ -549,6 +595,14 @@ var schemaYAML = typed.YAMLObject(`types:
    - name: failurePolicy
      type:
        scalar: string
+    - name: matchConditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.MatchCondition
+          elementRelationship: associative
+          keys:
+          - name
    - name: matchPolicy
      type:
        scalar: string
--- a/applyconfigurations/utils.go
+++ b/applyconfigurations/utils.go
@ -121,6 +121,8 @@ import (
 func ForKind(kind schema.GroupVersionKind) interface{} {
 	switch kind {
 	// Group=admissionregistration.k8s.io, Version=v1
+	case v1.SchemeGroupVersion.WithKind("MatchCondition"):
+		return &admissionregistrationv1.MatchConditionApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("MutatingWebhook"):
 		return &admissionregistrationv1.MutatingWebhookApplyConfiguration{}
 	case v1.SchemeGroupVersion.WithKind("MutatingWebhookConfiguration"):
@ -167,6 +169,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		return &admissionregistrationv1alpha1.ValidationApplyConfiguration{}

 		// Group=admissionregistration.k8s.io, Version=v1beta1
+	case v1beta1.SchemeGroupVersion.WithKind("MatchCondition"):
+		return &admissionregistrationv1beta1.MatchConditionApplyConfiguration{}
 	case v1beta1.SchemeGroupVersion.WithKind("MutatingWebhook"):
 		return &admissionregistrationv1beta1.MutatingWebhookApplyConfiguration{}
 	case v1beta1.SchemeGroupVersion.WithKind("MutatingWebhookConfiguration"):
--- a/go.mod
+++ b/go.mod
@ -24,7 +24,7 @@ require (
 	golang.org/x/term v0.6.0
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
 	google.golang.org/protobuf v1.28.1
-	k8s.io/api v0.0.0-20230315055835-286fd7ee0419
+	k8s.io/api v0.0.0-20230315032826-0b4c449988b1
 	k8s.io/apimachinery v0.0.0-20230315054728-8d1258da8f38
 	k8s.io/klog/v2 v2.90.1
 	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a
@ -59,6 +59,6 @@ require (
 )

 replace (
-	k8s.io/api => k8s.io/api v0.0.0-20230315055835-286fd7ee0419
+	k8s.io/api => k8s.io/api v0.0.0-20230315032826-0b4c449988b1
 	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230315054728-8d1258da8f38
 )
--- a/go.sum
+++ b/go.sum
@ -477,8 +477,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.0.0-20230315055835-286fd7ee0419 h1:4aCwVAD4ugAc04mLcDwgZicreRARKKTaukyfvfeV7xM=
-k8s.io/api v0.0.0-20230315055835-286fd7ee0419/go.mod h1:aZ6MBt4NMLXSxkSKFkoDaP4hTutnZIvH5dCSpOis9g4=
+k8s.io/api v0.0.0-20230315032826-0b4c449988b1 h1:wlCdY1kqV0RkfnfRr4mEZ3fGJ1VvLelr5Q2vCnCICIo=
+k8s.io/api v0.0.0-20230315032826-0b4c449988b1/go.mod h1:aZ6MBt4NMLXSxkSKFkoDaP4hTutnZIvH5dCSpOis9g4=
 k8s.io/apimachinery v0.0.0-20230315054728-8d1258da8f38 h1:n1qDRCTPAXwyXYg7eSpWDO9FdW79lwAQ9dAr1vETpn4=
 k8s.io/apimachinery v0.0.0-20230315054728-8d1258da8f38/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
 k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=