From 1e2b995a79bcb8afe6773b46a5523f1f79ed91f1 Mon Sep 17 00:00:00 2001 From: derekwaynecarr Date: Tue, 6 Jan 2015 14:26:17 -0500 Subject: [PATCH] Fix admission control in tests --- cmd/integration/integration.go | 9 ++++--- pkg/admission/admission_control.go | 17 ++++++++++++- pkg/apiserver/apiserver_test.go | 41 +++++++++++++++--------------- pkg/apiserver/operation_test.go | 4 +-- pkg/apiserver/proxy_test.go | 2 +- pkg/apiserver/redirect_test.go | 4 +-- pkg/apiserver/watch_test.go | 8 +++--- test/integration/auth_test.go | 9 +++++++ test/integration/client_test.go | 2 ++ 9 files changed, 61 insertions(+), 35 deletions(-) diff --git a/cmd/integration/integration.go b/cmd/integration/integration.go index c7954f9dfa0..1f8b8e1d618 100644 --- a/cmd/integration/integration.go +++ b/cmd/integration/integration.go @@ -31,6 +31,7 @@ import ( "sync" "time" + "github.com/GoogleCloudPlatform/kubernetes/pkg/admission" "github.com/GoogleCloudPlatform/kubernetes/pkg/api" "github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors" "github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest" @@ -162,10 +163,10 @@ func startComponents(manifestURL string) (apiServerURL string) { EnableLogsSupport: false, APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), - - ReadWritePort: portNumber, - ReadOnlyPort: portNumber, - PublicAddress: host, + AdmissionControl: admission.NewAlwaysAdmitController(), + ReadWritePort: portNumber, + ReadOnlyPort: portNumber, + PublicAddress: host, }) handler.delegate = m.Handler diff --git a/pkg/admission/admission_control.go b/pkg/admission/admission_control.go index 0defcde33a7..31cab355906 100644 --- a/pkg/admission/admission_control.go +++ b/pkg/admission/admission_control.go @@ -21,15 +21,30 @@ import ( "github.com/GoogleCloudPlatform/kubernetes/pkg/runtime" ) +// alwaysAdmitController says yes to all admission control requests, its useful for testing. +type alwaysAdmitController struct{} + +func (alwaysAdmitController) AdmissionControl(operation, kind, namespace string, object runtime.Object) (err error) { + return nil +} + +func NewAlwaysAdmitController() AdmissionControl { + return new(alwaysAdmitController) +} + type admissionController struct { client client.Interface admissionHandler Interface } func NewAdmissionControl(client client.Interface, pluginNames []string, configFilePath string) AdmissionControl { + return NewAdmissionControlForHandler(client, newInterface(pluginNames, configFilePath)) +} + +func NewAdmissionControlForHandler(client client.Interface, handler Interface) AdmissionControl { return &admissionController{ client: client, - admissionHandler: newInterface(pluginNames, configFilePath), + admissionHandler: handler, } } diff --git a/pkg/apiserver/apiserver_test.go b/pkg/apiserver/apiserver_test.go index d915665c5a9..4adb9643ef8 100644 --- a/pkg/apiserver/apiserver_test.go +++ b/pkg/apiserver/apiserver_test.go @@ -39,7 +39,6 @@ import ( "github.com/GoogleCloudPlatform/kubernetes/pkg/util" "github.com/GoogleCloudPlatform/kubernetes/pkg/version" "github.com/GoogleCloudPlatform/kubernetes/pkg/watch" - "github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/admission/admit" ) func convert(obj runtime.Object) (runtime.Object, error) { @@ -55,7 +54,7 @@ var accessor = meta.NewAccessor() var versioner runtime.ResourceVersioner = accessor var selfLinker runtime.SelfLinker = accessor var mapper meta.RESTMapper -var admissionHandler admission.Interface +var admissionControl admission.AdmissionControl func interfacesFor(version string) (*meta.VersionInterfaces, error) { switch version { @@ -95,7 +94,7 @@ func init() { ) defMapper.Add(api.Scheme, true, versions...) mapper = defMapper - admissionHandler = admit.NewAlwaysAdmit() + admissionControl = admission.NewAlwaysAdmitController() } type Simple struct { @@ -266,7 +265,7 @@ func TestNotFound(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": &SimpleRESTStorage{}, - }, codec, "/prefix", testVersion, selfLinker, admissionHandler) + }, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() client := http.Client{} @@ -288,7 +287,7 @@ func TestNotFound(t *testing.T) { } func TestVersion(t *testing.T) { - handler := Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() client := http.Client{} @@ -323,7 +322,7 @@ func TestSimpleList(t *testing.T) { namespace: "other", expectedSet: "/prefix/version/simple?namespace=other", } - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -346,7 +345,7 @@ func TestErrorList(t *testing.T) { errors: map[string]error{"list": fmt.Errorf("test Error")}, } storage["simple"] = &simpleStorage - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -372,7 +371,7 @@ func TestNonEmptyList(t *testing.T) { }, } storage["simple"] = &simpleStorage - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -418,7 +417,7 @@ func TestGet(t *testing.T) { expectedSet: "/prefix/version/simple/id", } storage["simple"] = &simpleStorage - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -443,7 +442,7 @@ func TestGetMissing(t *testing.T) { errors: map[string]error{"get": apierrs.NewNotFound("simple", "id")}, } storage["simple"] = &simpleStorage - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -462,7 +461,7 @@ func TestDelete(t *testing.T) { simpleStorage := SimpleRESTStorage{} ID := "id" storage["simple"] = &simpleStorage - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -485,7 +484,7 @@ func TestDeleteMissing(t *testing.T) { errors: map[string]error{"delete": apierrs.NewNotFound("simple", ID)}, } storage["simple"] = &simpleStorage - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -510,7 +509,7 @@ func TestUpdate(t *testing.T) { t: t, expectedSet: "/prefix/version/simple/" + ID, } - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -545,7 +544,7 @@ func TestUpdateMissing(t *testing.T) { errors: map[string]error{"update": apierrs.NewNotFound("simple", ID)}, } storage["simple"] = &simpleStorage - handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -580,7 +579,7 @@ func TestCreate(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/prefix", testVersion, selfLinker, admissionHandler) + }, codec, "/prefix", testVersion, selfLinker, admissionControl) handler.(*defaultAPIServer).group.handler.asyncOpWait = 0 server := httptest.NewServer(handler) defer server.Close() @@ -623,7 +622,7 @@ func TestCreateNotFound(t *testing.T) { // See https://github.com/GoogleCloudPlatform/kubernetes/pull/486#discussion_r15037092. errors: map[string]error{"create": apierrs.NewNotFound("simple", "id")}, }, - }, codec, "/prefix", testVersion, selfLinker, admissionHandler) + }, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() client := http.Client{} @@ -691,7 +690,7 @@ func TestSyncCreate(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": &storage, - }, codec, "/prefix", testVersion, selfLinker) + }, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() client := http.Client{} @@ -764,7 +763,7 @@ func TestAsyncDelayReturnsError(t *testing.T) { return nil, apierrs.NewAlreadyExists("foo", "bar") }, } - handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionControl) handler.(*defaultAPIServer).group.handler.asyncOpWait = time.Millisecond / 2 server := httptest.NewServer(handler) defer server.Close() @@ -788,7 +787,7 @@ func TestAsyncCreateError(t *testing.T) { name: "bar", expectedSet: "/prefix/version/foo/bar", } - handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionHandler) + handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionControl) handler.(*defaultAPIServer).group.handler.asyncOpWait = 0 server := httptest.NewServer(handler) defer server.Close() @@ -888,7 +887,7 @@ func TestSyncCreateTimeout(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": &storage, - }, codec, "/prefix", testVersion, selfLinker, admissionHandler) + }, codec, "/prefix", testVersion, selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -920,7 +919,7 @@ func TestCORSAllowedOrigins(t *testing.T) { } handler := CORS( - Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionHandler) + Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionControl), allowedOriginRegexps, nil, nil, "true", ) server := httptest.NewServer(handler) diff --git a/pkg/apiserver/operation_test.go b/pkg/apiserver/operation_test.go index 98dae6cba3b..8b4f5f3ef66 100644 --- a/pkg/apiserver/operation_test.go +++ b/pkg/apiserver/operation_test.go @@ -113,7 +113,7 @@ func TestOperationsList(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/prefix", "version", selfLinker, admissionHandler) + }, codec, "/prefix", "version", selfLinker, admissionControl) handler.(*defaultAPIServer).group.handler.asyncOpWait = 0 server := httptest.NewServer(handler) defer server.Close() @@ -170,7 +170,7 @@ func TestOpGet(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/prefix", "version", selfLinker, admissionHandler) + }, codec, "/prefix", "version", selfLinker, admissionControl) handler.(*defaultAPIServer).group.handler.asyncOpWait = 0 server := httptest.NewServer(handler) defer server.Close() diff --git a/pkg/apiserver/proxy_test.go b/pkg/apiserver/proxy_test.go index 1e2a5d5f49b..fdc9954af95 100644 --- a/pkg/apiserver/proxy_test.go +++ b/pkg/apiserver/proxy_test.go @@ -182,7 +182,7 @@ func TestProxy(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/prefix", "version", selfLinker, admissionHandler) + }, codec, "/prefix", "version", selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() diff --git a/pkg/apiserver/redirect_test.go b/pkg/apiserver/redirect_test.go index 2a083afa8fc..c4ae26923b1 100644 --- a/pkg/apiserver/redirect_test.go +++ b/pkg/apiserver/redirect_test.go @@ -31,7 +31,7 @@ func TestRedirect(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/prefix", "version", selfLinker, admissionHandler) + }, codec, "/prefix", "version", selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -84,7 +84,7 @@ func TestRedirectWithNamespaces(t *testing.T) { } handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/prefix", "version", selfLinker) + }, codec, "/prefix", "version", selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() diff --git a/pkg/apiserver/watch_test.go b/pkg/apiserver/watch_test.go index 07e17dae63f..276a4d3f5d0 100644 --- a/pkg/apiserver/watch_test.go +++ b/pkg/apiserver/watch_test.go @@ -50,7 +50,7 @@ func TestWatchWebsocket(t *testing.T) { _ = ResourceWatcher(simpleStorage) // Give compile error if this doesn't work. handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/api", "version", selfLinker, admissionHandler) + }, codec, "/api", "version", selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -104,7 +104,7 @@ func TestWatchHTTP(t *testing.T) { simpleStorage := &SimpleRESTStorage{} handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/api", "version", selfLinker, admissionHandler) + }, codec, "/api", "version", selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() client := http.Client{} @@ -167,7 +167,7 @@ func TestWatchParamParsing(t *testing.T) { simpleStorage := &SimpleRESTStorage{} handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/api", "version", selfLinker, admissionHandler) + }, codec, "/api", "version", selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() @@ -239,7 +239,7 @@ func TestWatchProtocolSelection(t *testing.T) { simpleStorage := &SimpleRESTStorage{} handler := Handle(map[string]RESTStorage{ "foo": simpleStorage, - }, codec, "/api", "version", selfLinker, admissionHandler) + }, codec, "/api", "version", selfLinker, admissionControl) server := httptest.NewServer(handler) defer server.Close() defer server.CloseClientConnections() diff --git a/test/integration/auth_test.go b/test/integration/auth_test.go index bd1a8baec21..ae27f445154 100644 --- a/test/integration/auth_test.go +++ b/test/integration/auth_test.go @@ -32,6 +32,7 @@ import ( "os" "testing" + "github.com/GoogleCloudPlatform/kubernetes/pkg/admission" "github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver" "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator" "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken" @@ -306,6 +307,7 @@ func TestAuthModeAlwaysAllow(t *testing.T) { EnableUISupport: false, APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport @@ -356,6 +358,7 @@ func TestAuthModeAlwaysDeny(t *testing.T) { EnableUISupport: false, APIPrefix: "/api", Authorizer: apiserver.NewAlwaysDenyAuthorizer(), + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport @@ -421,6 +424,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) { APIPrefix: "/api", Authenticator: getTestTokenAuth(), Authorizer: allowAliceAuthorizer{}, + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport @@ -480,6 +484,7 @@ func TestBobIsForbidden(t *testing.T) { APIPrefix: "/api", Authenticator: getTestTokenAuth(), Authorizer: allowAliceAuthorizer{}, + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport @@ -539,6 +544,7 @@ func TestUnknownUserIsUnauthorized(t *testing.T) { APIPrefix: "/api", Authenticator: getTestTokenAuth(), Authorizer: allowAliceAuthorizer{}, + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport @@ -617,6 +623,7 @@ func TestNamespaceAuthorization(t *testing.T) { APIPrefix: "/api", Authenticator: getTestTokenAuth(), Authorizer: a, + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport @@ -700,6 +707,7 @@ func TestKindAuthorization(t *testing.T) { APIPrefix: "/api", Authenticator: getTestTokenAuth(), Authorizer: a, + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport @@ -777,6 +785,7 @@ func TestReadOnlyAuthorization(t *testing.T) { APIPrefix: "/api", Authenticator: getTestTokenAuth(), Authorizer: a, + AdmissionControl: admission.NewAlwaysAdmitController(), }) transport := http.DefaultTransport diff --git a/test/integration/client_test.go b/test/integration/client_test.go index f9f333d6f1c..45928441705 100644 --- a/test/integration/client_test.go +++ b/test/integration/client_test.go @@ -24,6 +24,7 @@ import ( "reflect" "testing" + "github.com/GoogleCloudPlatform/kubernetes/pkg/admission" "github.com/GoogleCloudPlatform/kubernetes/pkg/api" "github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver" "github.com/GoogleCloudPlatform/kubernetes/pkg/client" @@ -56,6 +57,7 @@ func TestClient(t *testing.T) { EnableUISupport: false, APIPrefix: "/api", Authorizer: apiserver.NewAlwaysAllowAuthorizer(), + AdmissionControl: admission.NewAlwaysAdmitController(), }) testCases := []string{