Merge pull request #56103 from caesarxuchao/validating-webhook-validator

Automatic merge from submit-queue (batch tested with PRs 54811, 54292, 56103). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Update the validating webhook plugin to implement the ValidatingInterface

ref: kubernetes/features#492

This makes sure the validating admission webhook runs in the validation phase.

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/admission.go

@@ -102,6 +102,8 @@ func NewMutatingWebhook(configFile io.Reader) (*MutatingWebhook, error) {
 	}, nil
 }
 
+var _ admission.MutationInterface = &MutatingWebhook{}
+
 // MutatingWebhook is an implementation of admission.Interface.
 type MutatingWebhook struct {
 	*admission.Handler

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go

@@ -101,6 +101,8 @@ func NewValidatingAdmissionWebhook(configFile io.Reader) (*ValidatingAdmissionWe
 	}, nil
 }
 
+var _ admission.ValidationInterface = &ValidatingAdmissionWebhook{}
+
 // ValidatingAdmissionWebhook is an implementation of admission.Interface.
 type ValidatingAdmissionWebhook struct {
 	*admission.Handler
@@ -185,8 +187,8 @@ func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes
 	return hookConfig, nil
 }
 
-// Admit makes an admission decision based on the request attributes.
+// Validate makes an admission decision based on the request attributes.
-func (a *ValidatingAdmissionWebhook) Admit(attr admission.Attributes) error {
+func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
 	hookConfig, err := a.loadConfiguration(attr)
 	if err != nil {
 		return err

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go

@@ -116,8 +116,8 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook
 	}
 }
 
-// TestAdmit tests that ValidatingAdmissionWebhook#Admit works as expected
+// TestValidate tests that ValidatingAdmissionWebhook#Validate works as expected
-func TestAdmit(t *testing.T) {
+func TestValidate(t *testing.T) {
 	scheme := runtime.NewScheme()
 	v1alpha1.AddToScheme(scheme)
 	corev1.AddToScheme(scheme)
@@ -393,7 +393,7 @@ func TestAdmit(t *testing.T) {
 		}
 		t.Run(name, func(t *testing.T) {
 			wh.hookSource = &tt.hookSource
-			err = wh.Admit(admission.NewAttributesRecord(&object, &oldObject, kind, namespace, name, resource, subResource, operation, &userInfo))
+			err = wh.Validate(admission.NewAttributesRecord(&object, &oldObject, kind, namespace, name, resource, subResource, operation, &userInfo))
 			if tt.expectAllow != (err == nil) {
 				t.Errorf("expected allowed=%v, but got err=%v", tt.expectAllow, err)
 			}
@@ -410,8 +410,8 @@ func TestAdmit(t *testing.T) {
 	}
 }
 
-// TestAdmitCachedClient tests that ValidatingAdmissionWebhook#Admit should cache restClient
+// TestValidateCachedClient tests that ValidatingAdmissionWebhook#Validate should cache restClient
-func TestAdmitCachedClient(t *testing.T) {
+func TestValidateCachedClient(t *testing.T) {
 	scheme := runtime.NewScheme()
 	v1alpha1.AddToScheme(scheme)
 	corev1.AddToScheme(scheme)
@@ -560,7 +560,7 @@ func TestAdmitCachedClient(t *testing.T) {
 				t.Fatal(err)
 			}
 
-			err = wh.Admit(admission.NewAttributesRecord(&object, &oldObject, kind, namespace, testcase.name, resource, subResource, operation, &userInfo))
+			err = wh.Validate(admission.NewAttributesRecord(&object, &oldObject, kind, namespace, testcase.name, resource, subResource, operation, &userInfo))
 			if testcase.expectAllow != (err == nil) {
 				t.Errorf("expected allowed=%v, but got err=%v", testcase.expectAllow, err)
 			}