github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-10 20:42:26 +00:00
Code Issues Projects Releases Wiki Activity

Rebase changes.

Browse Source
This commit is contained in:
Cici Huang 2023-03-07 06:50:33 +00:00
parent 92e5b09471
commit 1445e0371f
3 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/admission_test.go
View File

@ -1622,7 +1622,7 @@ func TestAuditValidationAction(t *testing.T) {
} }
}) })
validator.RegisterDefinition(denyPolicy, func(versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult { validator.RegisterDefinition(denyPolicy, func(ctx context.Context, versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult {
return ValidateResult{ return ValidateResult{
Decisions: []PolicyDecision{ Decisions: []PolicyDecision{
{ {
@ -1693,7 +1693,7 @@ func TestWarnValidationAction(t *testing.T) {
} }
}) })
validator.RegisterDefinition(denyPolicy, func(versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult { validator.RegisterDefinition(denyPolicy, func(ctx context.Context, versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult {
return ValidateResult{ return ValidateResult{
Decisions: []PolicyDecision{ Decisions: []PolicyDecision{
{ {
@ -1752,7 +1752,7 @@ func TestAllValidationActions(t *testing.T) {
} }
}) })
validator.RegisterDefinition(denyPolicy, func(versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult { validator.RegisterDefinition(denyPolicy, func(ctx context.Context, versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult {
return ValidateResult{ return ValidateResult{
Decisions: []PolicyDecision{ Decisions: []PolicyDecision{
{ {
@ -1823,7 +1823,7 @@ func TestAuditAnnotations(t *testing.T) {
} }
}) })
validator.RegisterDefinition(denyPolicy, func(versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult { validator.RegisterDefinition(denyPolicy, func(ctx context.Context, versionedAttr *whgeneric.VersionedAttributes, versionedParams runtime.Object, runtimeCELCostBudget int64) ValidateResult {
o, err := meta.Accessor(versionedParams) o, err := meta.Accessor(versionedParams)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)

4
staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/validator.go
View File

@ -75,7 +75,7 @@ func (v *validator) Validate(ctx context.Context, versionedAttr *generic.Version
} }
optionalVars := cel.OptionalVariableBindings{VersionedParams: versionedParams, Authorizer: v.authorizer} optionalVars := cel.OptionalVariableBindings{VersionedParams: versionedParams, Authorizer: v.authorizer}
evalResults, err := v.validationFilter.ForInput(ctx context.Context, versionedAttr, cel.CreateAdmissionRequest(versionedAttr.Attributes), optionalVars, runtimeCELCostBudget) evalResults, err := v.validationFilter.ForInput(ctx, versionedAttr, cel.CreateAdmissionRequest(versionedAttr.Attributes), optionalVars, runtimeCELCostBudget)
if err != nil { if err != nil {
return ValidateResult{ return ValidateResult{
Decisions: []PolicyDecision{ Decisions: []PolicyDecision{
@ -124,7 +124,7 @@ func (v *validator) Validate(ctx context.Context, versionedAttr *generic.Version
} }
options := cel.OptionalVariableBindings{VersionedParams: versionedParams} options := cel.OptionalVariableBindings{VersionedParams: versionedParams}
auditAnnotationEvalResults, err := v.auditAnnotationFilter.ForInput(versionedAttr, cel.CreateAdmissionRequest(versionedAttr.Attributes), options, runtimeCELCostBudget) auditAnnotationEvalResults, err := v.auditAnnotationFilter.ForInput(ctx, versionedAttr, cel.CreateAdmissionRequest(versionedAttr.Attributes), options, runtimeCELCostBudget)
if err != nil { if err != nil {
return ValidateResult{ return ValidateResult{
Decisions: []PolicyDecision{ Decisions: []PolicyDecision{

14
staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/validator_test.go
View File

@ -629,13 +629,17 @@ func TestContextCanceled(t *testing.T) {
fc := cel.NewFilterCompiler() fc := cel.NewFilterCompiler()
f := fc.Compile([]cel.ExpressionAccessor{&ValidationCondition{Expression: "[1,2,3,4,5,6,7,8,9,10].map(x, [1,2,3,4,5,6,7,8,9,10].map(y, x*y)) == []"}}, cel.OptionalVariableDeclarations{HasParams: false, HasAuthorizer: false}, celconfig.PerCallLimit) f := fc.Compile([]cel.ExpressionAccessor{&ValidationCondition{Expression: "[1,2,3,4,5,6,7,8,9,10].map(x, [1,2,3,4,5,6,7,8,9,10].map(y, x*y)) == []"}}, cel.OptionalVariableDeclarations{HasParams: false, HasAuthorizer: false}, celconfig.PerCallLimit)
v := validator{ v := validator{
failPolicy: &fail, failPolicy: &fail,
filter: f, validationFilter: f,
auditAnnotationFilter: &fakeCelFilter{
evaluations: nil,
throwError: false,
},
} }
ctx, cancel := context.WithCancel(context.TODO()) ctx, cancel := context.WithCancel(context.TODO())
cancel() cancel()
decisions := v.Validate(ctx, fakeVersionedAttr, nil, celconfig.RuntimeCELCostBudget) validationResult := v.Validate(ctx, fakeVersionedAttr, nil, celconfig.RuntimeCELCostBudget)
if len(decisions) != 1 || !strings.Contains(decisions[0].Message, "operation interrupted") { if len(validationResult.Decisions) != 1 || !strings.Contains(validationResult.Decisions[0].Message, "operation interrupted") {
t.Errorf("Expected 'operation interrupted' but got %v", decisions) t.Errorf("Expected 'operation interrupted' but got %v", validationResult.Decisions)
} }
} }