github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

default admission hook failure safely

Browse Source
This commit is contained in:
David Eads 2017-10-18 13:44:06 -04:00
parent f07b359e5b
commit 4e79357f9f
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/admission/webhook/admission.go
View File

@ -191,7 +191,7 @@ func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
return return
} }
ignoreClientCallFailures := hook.FailurePolicy == nil || *hook.FailurePolicy == v1alpha1.Ignore ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
if callErr, ok := err.(*ErrCallingWebhook); ok { if callErr, ok := err.(*ErrCallingWebhook); ok {
if ignoreClientCallFailures { if ignoreClientCallFailures {
glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr) glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)

4
plugin/pkg/admission/webhook/admission_test.go
View File

@ -216,7 +216,7 @@ func TestAdmit(t *testing.T) {
}, },
expectAllow: true, expectAllow: true,
}, },
"match & fail (but allow because fail open on nil)": { "match & fail (but disallow because fail closed on nil)": {
hookSource: fakeHookSource{ hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{ hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "internalErr A", Name: "internalErr A",
@ -232,7 +232,7 @@ func TestAdmit(t *testing.T) {
Rules: matchEverythingRules, Rules: matchEverythingRules,
}}, }},
}, },
expectAllow: true, expectAllow: false,
}, },
"match & fail (but fail because fail closed)": { "match & fail (but fail because fail closed)": {
hookSource: fakeHookSource{ hookSource: fakeHookSource{