github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

default admission hook failure safely

Browse Source
This commit is contained in:
David Eads 2017-10-18 13:44:06 -04:00
parent f07b359e5b
commit 4e79357f9f
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/admission/webhook/admission.go
View File

@ -191,7 +191,7 @@ func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
return
}
ignoreClientCallFailures := hook.FailurePolicy == nil || *hook.FailurePolicy == v1alpha1.Ignore
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
if callErr, ok := err.(*ErrCallingWebhook); ok {
if ignoreClientCallFailures {
glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)

4
plugin/pkg/admission/webhook/admission_test.go
View File

@ -216,7 +216,7 @@ func TestAdmit(t *testing.T) {
},
expectAllow: true,
},
"match & fail (but allow because fail open on nil)": {
"match & fail (but disallow because fail closed on nil)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "internalErr A",
@ -232,7 +232,7 @@ func TestAdmit(t *testing.T) {
Rules: matchEverythingRules,
}},
},
expectAllow: true,
expectAllow: false,
},
"match & fail (but fail because fail closed)": {
hookSource: fakeHookSource{