Fix admission control in tests

cmd/integration/integration.go

@@ -31,6 +31,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest"
@@ -162,10 +163,10 @@ func startComponents(manifestURL string) (apiServerURL string) {
 		EnableLogsSupport: false,
 		APIPrefix:         "/api",
 		Authorizer:        apiserver.NewAlwaysAllowAuthorizer(),
-
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
-		ReadWritePort: portNumber,
+		ReadWritePort:     portNumber,
-		ReadOnlyPort:  portNumber,
+		ReadOnlyPort:      portNumber,
-		PublicAddress: host,
+		PublicAddress:     host,
 	})
 	handler.delegate = m.Handler
 

pkg/admission/admission_control.go

@@ -21,15 +21,30 @@ import (
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime"
 )
 
+// alwaysAdmitController says yes to all admission control requests, its useful for testing.
+type alwaysAdmitController struct{}
+
+func (alwaysAdmitController) AdmissionControl(operation, kind, namespace string, object runtime.Object) (err error) {
+	return nil
+}
+
+func NewAlwaysAdmitController() AdmissionControl {
+	return new(alwaysAdmitController)
+}
+
 type admissionController struct {
 	client           client.Interface
 	admissionHandler Interface
 }
 
 func NewAdmissionControl(client client.Interface, pluginNames []string, configFilePath string) AdmissionControl {
+	return NewAdmissionControlForHandler(client, newInterface(pluginNames, configFilePath))
+}
+
+func NewAdmissionControlForHandler(client client.Interface, handler Interface) AdmissionControl {
 	return &admissionController{
 		client:           client,
-		admissionHandler: newInterface(pluginNames, configFilePath),
+		admissionHandler: handler,
 	}
 }
 

pkg/apiserver/apiserver_test.go

@@ -39,7 +39,6 @@ import (
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/version"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/watch"
-	"github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/admission/admit"
 )
 
 func convert(obj runtime.Object) (runtime.Object, error) {
@@ -55,7 +54,7 @@ var accessor = meta.NewAccessor()
 var versioner runtime.ResourceVersioner = accessor
 var selfLinker runtime.SelfLinker = accessor
 var mapper meta.RESTMapper
-var admissionHandler admission.Interface
+var admissionControl admission.AdmissionControl
 
 func interfacesFor(version string) (*meta.VersionInterfaces, error) {
 	switch version {
@@ -95,7 +94,7 @@ func init() {
 	)
 	defMapper.Add(api.Scheme, true, versions...)
 	mapper = defMapper
-	admissionHandler = admit.NewAlwaysAdmit()
+	admissionControl = admission.NewAlwaysAdmitController()
 }
 
 type Simple struct {
@@ -266,7 +265,7 @@ func TestNotFound(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": &SimpleRESTStorage{},
-	}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	client := http.Client{}
@@ -288,7 +287,7 @@ func TestNotFound(t *testing.T) {
 }
 
 func TestVersion(t *testing.T) {
-	handler := Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	client := http.Client{}
@@ -323,7 +322,7 @@ func TestSimpleList(t *testing.T) {
 		namespace:   "other",
 		expectedSet: "/prefix/version/simple?namespace=other",
 	}
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -346,7 +345,7 @@ func TestErrorList(t *testing.T) {
 		errors: map[string]error{"list": fmt.Errorf("test Error")},
 	}
 	storage["simple"] = &simpleStorage
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -372,7 +371,7 @@ func TestNonEmptyList(t *testing.T) {
 		},
 	}
 	storage["simple"] = &simpleStorage
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -418,7 +417,7 @@ func TestGet(t *testing.T) {
 		expectedSet: "/prefix/version/simple/id",
 	}
 	storage["simple"] = &simpleStorage
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -443,7 +442,7 @@ func TestGetMissing(t *testing.T) {
 		errors: map[string]error{"get": apierrs.NewNotFound("simple", "id")},
 	}
 	storage["simple"] = &simpleStorage
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -462,7 +461,7 @@ func TestDelete(t *testing.T) {
 	simpleStorage := SimpleRESTStorage{}
 	ID := "id"
 	storage["simple"] = &simpleStorage
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -485,7 +484,7 @@ func TestDeleteMissing(t *testing.T) {
 		errors: map[string]error{"delete": apierrs.NewNotFound("simple", ID)},
 	}
 	storage["simple"] = &simpleStorage
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -510,7 +509,7 @@ func TestUpdate(t *testing.T) {
 		t:           t,
 		expectedSet: "/prefix/version/simple/" + ID,
 	}
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -545,7 +544,7 @@ func TestUpdateMissing(t *testing.T) {
 		errors: map[string]error{"update": apierrs.NewNotFound("simple", ID)},
 	}
 	storage["simple"] = &simpleStorage
-	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -580,7 +579,7 @@ func TestCreate(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
 	server := httptest.NewServer(handler)
 	defer server.Close()
@@ -623,7 +622,7 @@ func TestCreateNotFound(t *testing.T) {
 			// See https://github.com/GoogleCloudPlatform/kubernetes/pull/486#discussion_r15037092.
 			errors: map[string]error{"create": apierrs.NewNotFound("simple", "id")},
 		},
-	}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	client := http.Client{}
@@ -691,7 +690,7 @@ func TestSyncCreate(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": &storage,
-	}, codec, "/prefix", testVersion, selfLinker)
+	}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	client := http.Client{}
@@ -764,7 +763,7 @@ func TestAsyncDelayReturnsError(t *testing.T) {
 			return nil, apierrs.NewAlreadyExists("foo", "bar")
 		},
 	}
-	handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	handler.(*defaultAPIServer).group.handler.asyncOpWait = time.Millisecond / 2
 	server := httptest.NewServer(handler)
 	defer server.Close()
@@ -788,7 +787,7 @@ func TestAsyncCreateError(t *testing.T) {
 		name:        "bar",
 		expectedSet: "/prefix/version/foo/bar",
 	}
-	handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	handler := Handle(map[string]RESTStorage{"foo": &storage}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
 	server := httptest.NewServer(handler)
 	defer server.Close()
@@ -888,7 +887,7 @@ func TestSyncCreateTimeout(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": &storage,
-	}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+	}, codec, "/prefix", testVersion, selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -920,7 +919,7 @@ func TestCORSAllowedOrigins(t *testing.T) {
 		}
 
 		handler := CORS(
-			Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionHandler)
+			Handle(map[string]RESTStorage{}, codec, "/prefix", testVersion, selfLinker, admissionControl),
 			allowedOriginRegexps, nil, nil, "true",
 		)
 		server := httptest.NewServer(handler)

pkg/apiserver/operation_test.go

@@ -113,7 +113,7 @@ func TestOperationsList(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/prefix", "version", selfLinker, admissionHandler)
+	}, codec, "/prefix", "version", selfLinker, admissionControl)
 	handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
 	server := httptest.NewServer(handler)
 	defer server.Close()
@@ -170,7 +170,7 @@ func TestOpGet(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/prefix", "version", selfLinker, admissionHandler)
+	}, codec, "/prefix", "version", selfLinker, admissionControl)
 	handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
 	server := httptest.NewServer(handler)
 	defer server.Close()

pkg/apiserver/proxy_test.go

@@ -182,7 +182,7 @@ func TestProxy(t *testing.T) {
 		}
 		handler := Handle(map[string]RESTStorage{
 			"foo": simpleStorage,
-		}, codec, "/prefix", "version", selfLinker, admissionHandler)
+		}, codec, "/prefix", "version", selfLinker, admissionControl)
 		server := httptest.NewServer(handler)
 		defer server.Close()
 

pkg/apiserver/redirect_test.go

@@ -31,7 +31,7 @@ func TestRedirect(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/prefix", "version", selfLinker, admissionHandler)
+	}, codec, "/prefix", "version", selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -84,7 +84,7 @@ func TestRedirectWithNamespaces(t *testing.T) {
 	}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/prefix", "version", selfLinker)
+	}, codec, "/prefix", "version", selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 

pkg/apiserver/watch_test.go

@@ -50,7 +50,7 @@ func TestWatchWebsocket(t *testing.T) {
 	_ = ResourceWatcher(simpleStorage) // Give compile error if this doesn't work.
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/api", "version", selfLinker, admissionHandler)
+	}, codec, "/api", "version", selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -104,7 +104,7 @@ func TestWatchHTTP(t *testing.T) {
 	simpleStorage := &SimpleRESTStorage{}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/api", "version", selfLinker, admissionHandler)
+	}, codec, "/api", "version", selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	client := http.Client{}
@@ -167,7 +167,7 @@ func TestWatchParamParsing(t *testing.T) {
 	simpleStorage := &SimpleRESTStorage{}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/api", "version", selfLinker, admissionHandler)
+	}, codec, "/api", "version", selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 
@@ -239,7 +239,7 @@ func TestWatchProtocolSelection(t *testing.T) {
 	simpleStorage := &SimpleRESTStorage{}
 	handler := Handle(map[string]RESTStorage{
 		"foo": simpleStorage,
-	}, codec, "/api", "version", selfLinker, admissionHandler)
+	}, codec, "/api", "version", selfLinker, admissionControl)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	defer server.CloseClientConnections()

test/integration/auth_test.go

@@ -32,6 +32,7 @@ import (
 	"os"
 	"testing"
 
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken"
@@ -306,6 +307,7 @@ func TestAuthModeAlwaysAllow(t *testing.T) {
 		EnableUISupport:   false,
 		APIPrefix:         "/api",
 		Authorizer:        apiserver.NewAlwaysAllowAuthorizer(),
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport
@@ -356,6 +358,7 @@ func TestAuthModeAlwaysDeny(t *testing.T) {
 		EnableUISupport:   false,
 		APIPrefix:         "/api",
 		Authorizer:        apiserver.NewAlwaysDenyAuthorizer(),
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport
@@ -421,6 +424,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
 		APIPrefix:         "/api",
 		Authenticator:     getTestTokenAuth(),
 		Authorizer:        allowAliceAuthorizer{},
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport
@@ -480,6 +484,7 @@ func TestBobIsForbidden(t *testing.T) {
 		APIPrefix:         "/api",
 		Authenticator:     getTestTokenAuth(),
 		Authorizer:        allowAliceAuthorizer{},
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport
@@ -539,6 +544,7 @@ func TestUnknownUserIsUnauthorized(t *testing.T) {
 		APIPrefix:         "/api",
 		Authenticator:     getTestTokenAuth(),
 		Authorizer:        allowAliceAuthorizer{},
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport
@@ -617,6 +623,7 @@ func TestNamespaceAuthorization(t *testing.T) {
 		APIPrefix:         "/api",
 		Authenticator:     getTestTokenAuth(),
 		Authorizer:        a,
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport
@@ -700,6 +707,7 @@ func TestKindAuthorization(t *testing.T) {
 		APIPrefix:         "/api",
 		Authenticator:     getTestTokenAuth(),
 		Authorizer:        a,
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport
@@ -777,6 +785,7 @@ func TestReadOnlyAuthorization(t *testing.T) {
 		APIPrefix:         "/api",
 		Authenticator:     getTestTokenAuth(),
 		Authorizer:        a,
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	transport := http.DefaultTransport

test/integration/client_test.go

@@ -24,6 +24,7 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
@@ -56,6 +57,7 @@ func TestClient(t *testing.T) {
 		EnableUISupport:   false,
 		APIPrefix:         "/api",
 		Authorizer:        apiserver.NewAlwaysAllowAuthorizer(),
+		AdmissionControl:  admission.NewAlwaysAdmitController(),
 	})
 
 	testCases := []string{