mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-28 22:17:14 +00:00
Fix admission control in tests
This commit is contained in:
derekwaynecarr
parent
520ae3ef27
commit
1e2b995a79
@ -31,6 +31,7 @@ import (
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest"
|
||||
@ -162,10 +163,10 @@ func startComponents(manifestURL string) (apiServerURL string) {
|
||||
EnableLogsSupport: false,
|
||||
APIPrefix: "/api",
|
||||
Authorizer: apiserver.NewAlwaysAllowAuthorizer(),
|
||||
|
||||
ReadWritePort: portNumber,
|
||||
ReadOnlyPort: portNumber,
|
||||
PublicAddress: host,
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
ReadWritePort: portNumber,
|
||||
ReadOnlyPort: portNumber,
|
||||
PublicAddress: host,
|
||||
})
|
||||
handler.delegate = m.Handler
|
||||
|
||||
|
||||
@ -21,15 +21,30 @@ import (
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime"
|
||||
)
|
||||
|
||||
// alwaysAdmitController says yes to all admission control requests, its useful for testing.
|
||||
type alwaysAdmitController struct{}
|
||||
|
||||
func (alwaysAdmitController) AdmissionControl(operation, kind, namespace string, object runtime.Object) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewAlwaysAdmitController() AdmissionControl {
|
||||
return new(alwaysAdmitController)
|
||||
}
|
||||
|
||||
type admissionController struct {
|
||||
client client.Interface
|
||||
admissionHandler Interface
|
||||
}
|
||||
|
||||
func NewAdmissionControl(client client.Interface, pluginNames []string, configFilePath string) AdmissionControl {
|
||||
return NewAdmissionControlForHandler(client, newInterface(pluginNames, configFilePath))
|
||||
}
|
||||
|
||||
func NewAdmissionControlForHandler(client client.Interface, handler Interface) AdmissionControl {
|
||||
return &admissionController{
|
||||
client: client,
|
||||
admissionHandler: newInterface(pluginNames, configFilePath),
|
||||
admissionHandler: handler,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -39,7 +39,6 @@ import (
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/version"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/watch"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/admission/admit"
|
||||
)
|
||||
|
||||
func convert(obj runtime.Object) (runtime.Object, error) {
|
||||
@ -55,7 +54,7 @@ var accessor = meta.NewAccessor()
|
||||
var versioner runtime.ResourceVersioner = accessor
|
||||
var selfLinker runtime.SelfLinker = accessor
|
||||
var mapper meta.RESTMapper
|
||||
var admissionHandler admission.Interface
|
||||
var admissionControl admission.AdmissionControl
|
||||
|
||||
func interfacesFor(version string) (*meta.VersionInterfaces, error) {
|
||||
switch version {
|
||||
@ -95,7 +94,7 @@ func init() {
|
||||
)
|
||||
defMapper.Add(api.Scheme, true, versions...)
|
||||
mapper = defMapper
|
||||
admissionHandler = admit.NewAlwaysAdmit()
|
||||
admissionControl = admission.NewAlwaysAdmitController()
|
||||
}
|
||||
|
||||
type Simple struct {
|
||||
@ -266,7 +265,7 @@ func TestNotFound(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": &SimpleRESTStorage{},
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
client := http.Client{}
|
||||
@ -288,7 +287,7 @@ func TestNotFound(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestVersion(t *testing.T) {
|
||||
handler := Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
client := http.Client{}
|
||||
@ -323,7 +322,7 @@ func TestSimpleList(t *testing.T) {
|
||||
namespace: "other",
|
||||
expectedSet: "/prefix/version/simple?namespace=other",
|
||||
}
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -346,7 +345,7 @@ func TestErrorList(t *testing.T) {
|
||||
errors: map[string]error{"list": fmt.Errorf("test Error")},
|
||||
}
|
||||
storage["simple"] = &simpleStorage
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -372,7 +371,7 @@ func TestNonEmptyList(t *testing.T) {
|
||||
},
|
||||
}
|
||||
storage["simple"] = &simpleStorage
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -418,7 +417,7 @@ func TestGet(t *testing.T) {
|
||||
expectedSet: "/prefix/version/simple/id",
|
||||
}
|
||||
storage["simple"] = &simpleStorage
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -443,7 +442,7 @@ func TestGetMissing(t *testing.T) {
|
||||
errors: map[string]error{"get": apierrs.NewNotFound("simple", "id")},
|
||||
}
|
||||
storage["simple"] = &simpleStorage
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -462,7 +461,7 @@ func TestDelete(t *testing.T) {
|
||||
simpleStorage := SimpleRESTStorage{}
|
||||
ID := "id"
|
||||
storage["simple"] = &simpleStorage
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -485,7 +484,7 @@ func TestDeleteMissing(t *testing.T) {
|
||||
errors: map[string]error{"delete": apierrs.NewNotFound("simple", ID)},
|
||||
}
|
||||
storage["simple"] = &simpleStorage
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -510,7 +509,7 @@ func TestUpdate(t *testing.T) {
|
||||
t: t,
|
||||
expectedSet: "/prefix/version/simple/" + ID,
|
||||
}
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -545,7 +544,7 @@ func TestUpdateMissing(t *testing.T) {
|
||||
errors: map[string]error{"update": apierrs.NewNotFound("simple", ID)},
|
||||
}
|
||||
storage["simple"] = &simpleStorage
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -580,7 +579,7 @@ func TestCreate(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
@ -623,7 +622,7 @@ func TestCreateNotFound(t *testing.T) {
|
||||
// See https://github.com/GoogleCloudPlatform/kubernetes/pull/486#discussion_r15037092.
|
||||
errors: map[string]error{"create": apierrs.NewNotFound("simple", "id")},
|
||||
},
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
client := http.Client{}
|
||||
@ -691,7 +690,7 @@ func TestSyncCreate(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": &storage,
|
||||
}, codec, "/prefix", testVersion, selfLinker)
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
client := http.Client{}
|
||||
@ -764,7 +763,7 @@ func TestAsyncDelayReturnsError(t *testing.T) {
|
||||
return nil, apierrs.NewAlreadyExists("foo", "bar")
|
||||
},
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
handler.(*defaultAPIServer).group.handler.asyncOpWait = time.Millisecond / 2
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
@ -788,7 +787,7 @@ func TestAsyncCreateError(t *testing.T) {
|
||||
name: "bar",
|
||||
expectedSet: "/prefix/version/foo/bar",
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
@ -888,7 +887,7 @@ func TestSyncCreateTimeout(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": &storage,
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", testVersion, selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -920,7 +919,7 @@ func TestCORSAllowedOrigins(t *testing.T) {
|
||||
}
|
||||
|
||||
handler := CORS(
|
||||
Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
|
||||
Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionControl),
|
||||
allowedOriginRegexps, nil, nil, "true",
|
||||
)
|
||||
server := httptest.NewServer(handler)
|
||||
|
||||
@ -113,7 +113,7 @@ func TestOperationsList(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/prefix", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", "version", selfLinker, admissionControl)
|
||||
handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
@ -170,7 +170,7 @@ func TestOpGet(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/prefix", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", "version", selfLinker, admissionControl)
|
||||
handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -182,7 +182,7 @@ func TestProxy(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/prefix", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", "version", selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@ func TestRedirect(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/prefix", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/prefix", "version", selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -84,7 +84,7 @@ func TestRedirectWithNamespaces(t *testing.T) {
|
||||
}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/prefix", "version", selfLinker)
|
||||
}, codec, "/prefix", "version", selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ func TestWatchWebsocket(t *testing.T) {
|
||||
_ = ResourceWatcher(simpleStorage) // Give compile error if this doesn't work.
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/api", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/api", "version", selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -104,7 +104,7 @@ func TestWatchHTTP(t *testing.T) {
|
||||
simpleStorage := &SimpleRESTStorage{}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/api", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/api", "version", selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
client := http.Client{}
|
||||
@ -167,7 +167,7 @@ func TestWatchParamParsing(t *testing.T) {
|
||||
simpleStorage := &SimpleRESTStorage{}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/api", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/api", "version", selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
|
||||
@ -239,7 +239,7 @@ func TestWatchProtocolSelection(t *testing.T) {
|
||||
simpleStorage := &SimpleRESTStorage{}
|
||||
handler := Handle(map[string]RESTStorage{
|
||||
"foo": simpleStorage,
|
||||
}, codec, "/api", "version", selfLinker, admissionHandler)
|
||||
}, codec, "/api", "version", selfLinker, admissionControl)
|
||||
server := httptest.NewServer(handler)
|
||||
defer server.Close()
|
||||
defer server.CloseClientConnections()
|
||||
|
||||
@ -32,6 +32,7 @@ import (
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken"
|
||||
@ -306,6 +307,7 @@ func TestAuthModeAlwaysAllow(t *testing.T) {
|
||||
EnableUISupport: false,
|
||||
APIPrefix: "/api",
|
||||
Authorizer: apiserver.NewAlwaysAllowAuthorizer(),
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
@ -356,6 +358,7 @@ func TestAuthModeAlwaysDeny(t *testing.T) {
|
||||
EnableUISupport: false,
|
||||
APIPrefix: "/api",
|
||||
Authorizer: apiserver.NewAlwaysDenyAuthorizer(),
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
@ -421,6 +424,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
||||
APIPrefix: "/api",
|
||||
Authenticator: getTestTokenAuth(),
|
||||
Authorizer: allowAliceAuthorizer{},
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
@ -480,6 +484,7 @@ func TestBobIsForbidden(t *testing.T) {
|
||||
APIPrefix: "/api",
|
||||
Authenticator: getTestTokenAuth(),
|
||||
Authorizer: allowAliceAuthorizer{},
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
@ -539,6 +544,7 @@ func TestUnknownUserIsUnauthorized(t *testing.T) {
|
||||
APIPrefix: "/api",
|
||||
Authenticator: getTestTokenAuth(),
|
||||
Authorizer: allowAliceAuthorizer{},
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
@ -617,6 +623,7 @@ func TestNamespaceAuthorization(t *testing.T) {
|
||||
APIPrefix: "/api",
|
||||
Authenticator: getTestTokenAuth(),
|
||||
Authorizer: a,
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
@ -700,6 +707,7 @@ func TestKindAuthorization(t *testing.T) {
|
||||
APIPrefix: "/api",
|
||||
Authenticator: getTestTokenAuth(),
|
||||
Authorizer: a,
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
@ -777,6 +785,7 @@ func TestReadOnlyAuthorization(t *testing.T) {
|
||||
APIPrefix: "/api",
|
||||
Authenticator: getTestTokenAuth(),
|
||||
Authorizer: a,
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
transport := http.DefaultTransport
|
||||
|
||||
@ -24,6 +24,7 @@ import (
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
|
||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
|
||||
@ -56,6 +57,7 @@ func TestClient(t *testing.T) {
|
||||
EnableUISupport: false,
|
||||
APIPrefix: "/api",
|
||||
Authorizer: apiserver.NewAlwaysAllowAuthorizer(),
|
||||
AdmissionControl: admission.NewAlwaysAdmitController(),
|
||||
})
|
||||
|
||||
testCases := []string{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user