github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

fix a TODO in ValidatingAdmissionWebhook

Browse Source
This commit is contained in:
Cao Shufeng 2018-06-04 14:55:46 +08:00
parent 27c327cd33
commit 162499515c
3 changed files with 78 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin_test.go
View File

@ -48,7 +48,10 @@ func TestAdmit(t *testing.T) {
stopCh := make(chan struct{}) stopCh := make(chan struct{})
defer close(stopCh) defer close(stopCh)
for _, tt := range webhooktesting.NewTestCases(serverURL) { testCases := append(webhooktesting.NewMutatingTestCases(serverURL),
webhooktesting.NewNonMutatingTestCases(serverURL)...)
for _, tt := range testCases {
wh, err := NewMutatingWebhook(nil) wh, err := NewMutatingWebhook(nil)
if err != nil { if err != nil {
t.Errorf("%s: failed to create mutating webhook: %v", tt.Name, err) t.Errorf("%s: failed to create mutating webhook: %v", tt.Name, err)

133
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testing/testcase.go
View File

@ -155,8 +155,11 @@ type Test struct {
ErrorContains string ErrorContains string
} }
// NewTestCases returns test cases with a given base url. // NewNonMutatingTestCases returns test cases with a given base url.
func NewTestCases(url *url.URL) []Test { // All test cases in NewNonMutatingTestCases have no Patch set in
// AdmissionResponse. The test cases are used by both MutatingAdmissionWebhook
// and ValidatingAdmissionWebhook.
func NewNonMutatingTestCases(url *url.URL) []Test {
policyFail := registrationv1beta1.Fail policyFail := registrationv1beta1.Fail
policyIgnore := registrationv1beta1.Ignore policyIgnore := registrationv1beta1.Ignore
ccfgURL := urlConfigGenerator{url}.ccfgURL ccfgURL := urlConfigGenerator{url}.ccfgURL
@ -184,64 +187,6 @@ func NewTestCases(url *url.URL) []Test {
}}, }},
ExpectAllow: true, ExpectAllow: true,
}, },
{
Name: "match & remove label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "removeLabel",
ClientConfig: ccfgSVC("removeLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
ExpectAllow: true,
AdditionalLabels: map[string]string{"remove": "me"},
ExpectLabels: map[string]string{"pod.name": "my-pod"},
},
{
Name: "match & add label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "addLabel",
ClientConfig: ccfgSVC("addLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
ExpectAllow: true,
ExpectLabels: map[string]string{"pod.name": "my-pod", "added": "test"},
},
{
Name: "match CRD & add label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "addLabel",
ClientConfig: ccfgSVC("addLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
IsCRD: true,
ExpectAllow: true,
ExpectLabels: map[string]string{"crd.name": "my-test-crd", "added": "test"},
},
{
Name: "match CRD & remove label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "removeLabel",
ClientConfig: ccfgSVC("removeLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
IsCRD: true,
ExpectAllow: true,
AdditionalLabels: map[string]string{"remove": "me"},
ExpectLabels: map[string]string{"crd.name": "my-test-crd"},
},
{
Name: "match & invalid mutation",
Webhooks: []registrationv1beta1.Webhook{{
Name: "invalidMutation",
ClientConfig: ccfgSVC("invalidMutation"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
ErrorContains: "invalid character",
},
{ {
Name: "match & disallow", Name: "match & disallow",
Webhooks: []registrationv1beta1.Webhook{{ Webhooks: []registrationv1beta1.Webhook{{
@ -409,6 +354,74 @@ func NewTestCases(url *url.URL) []Test {
} }
} }
// NewMutatingTestCases returns test cases with a given base url.
// All test cases in NewMutatingTestCases have Patch set in
// AdmissionResponse. The test cases are only used by both MutatingAdmissionWebhook.
func NewMutatingTestCases(url *url.URL) []Test {
return []Test{
{
Name: "match & remove label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "removeLabel",
ClientConfig: ccfgSVC("removeLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
ExpectAllow: true,
AdditionalLabels: map[string]string{"remove": "me"},
ExpectLabels: map[string]string{"pod.name": "my-pod"},
},
{
Name: "match & add label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "addLabel",
ClientConfig: ccfgSVC("addLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
ExpectAllow: true,
ExpectLabels: map[string]string{"pod.name": "my-pod", "added": "test"},
},
{
Name: "match CRD & add label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "addLabel",
ClientConfig: ccfgSVC("addLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
IsCRD: true,
ExpectAllow: true,
ExpectLabels: map[string]string{"crd.name": "my-test-crd", "added": "test"},
},
{
Name: "match CRD & remove label",
Webhooks: []registrationv1beta1.Webhook{{
Name: "removeLabel",
ClientConfig: ccfgSVC("removeLabel"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
IsCRD: true,
ExpectAllow: true,
AdditionalLabels: map[string]string{"remove": "me"},
ExpectLabels: map[string]string{"crd.name": "my-test-crd"},
},
{
Name: "match & invalid mutation",
Webhooks: []registrationv1beta1.Webhook{{
Name: "invalidMutation",
ClientConfig: ccfgSVC("invalidMutation"),
Rules: matchEverythingRules,
NamespaceSelector: &metav1.LabelSelector{},
}},
ErrorContains: "invalid character",
},
// No need to test everything with the url case, since only the
// connection is different.
}
}
// CachedTest is a test case for the client manager. // CachedTest is a test case for the client manager.
type CachedTest struct { type CachedTest struct {
Name string Name string

7
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/plugin_test.go
View File

@ -46,12 +46,7 @@ func TestValidate(t *testing.T) {
stopCh := make(chan struct{}) stopCh := make(chan struct{})
defer close(stopCh) defer close(stopCh)
for _, tt := range webhooktesting.NewTestCases(serverURL) { for _, tt := range webhooktesting.NewNonMutatingTestCases(serverURL) {
// TODO: re-enable all tests
if !strings.Contains(tt.Name, "no match") {
continue
}
wh, err := NewValidatingAdmissionWebhook(nil) wh, err := NewValidatingAdmissionWebhook(nil)
if err != nil { if err != nil {
t.Errorf("%s: failed to create validating webhook: %v", tt.Name, err) t.Errorf("%s: failed to create validating webhook: %v", tt.Name, err)