github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 02:09:56 +00:00
Code Issues Projects Releases Wiki Activity

Add tests to ensure resthandler invokes admission control

Browse Source
This commit is contained in:
derekwaynecarr 2015-01-06 15:16:13 -05:00
parent 74d2ee69eb
commit 5ceffe2625
3 changed files with 94 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/admission/admission_control.go
View File

@ -19,6 +19,7 @@ package admission
import ( import (
"errors" "errors"
apierrors "github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
"github.com/GoogleCloudPlatform/kubernetes/pkg/client" "github.com/GoogleCloudPlatform/kubernetes/pkg/client"
"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime" "github.com/GoogleCloudPlatform/kubernetes/pkg/runtime"
) )
@ -30,7 +31,7 @@ type stubAdmissionController struct {
func (ac *stubAdmissionController) AdmissionControl(operation, kind, namespace string, object runtime.Object) (err error) { func (ac *stubAdmissionController) AdmissionControl(operation, kind, namespace string, object runtime.Object) (err error) {
if !ac.admit { if !ac.admit {
err = errors.New("No changes allowed") err = apierrors.NewConflict(kind, "name", errors.New("No changes allowed"))
} }
return err return err
} }

88
pkg/apiserver/apiserver_test.go
View File

@ -477,6 +477,26 @@ func TestDelete(t *testing.T) {
} }
} }
func TestDeleteInvokesAdmissionControl(t *testing.T) {
storage := map[string]RESTStorage{}
simpleStorage := SimpleRESTStorage{}
ID := "id"
storage["simple"] = &simpleStorage
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admission.NewAlwaysDenyController())
server := httptest.NewServer(handler)
defer server.Close()
client := http.Client{}
request, err := http.NewRequest("DELETE", server.URL+"/prefix/version/simple/"+ID, nil)
response, err := client.Do(request)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if response.StatusCode != http.StatusConflict {
t.Errorf("Unexpected response %#v", response)
}
}
func TestDeleteMissing(t *testing.T) { func TestDeleteMissing(t *testing.T) {
storage := map[string]RESTStorage{} storage := map[string]RESTStorage{}
ID := "id" ID := "id"
@ -537,6 +557,39 @@ func TestUpdate(t *testing.T) {
} }
} }
func TestUpdateInvokesAdmissionControl(t *testing.T) {
storage := map[string]RESTStorage{}
simpleStorage := SimpleRESTStorage{}
ID := "id"
storage["simple"] = &simpleStorage
selfLinker := &setTestSelfLinker{
t: t,
expectedSet: "/prefix/version/simple/" + ID,
}
handler := Handle(storage, codec, "/prefix", testVersion, selfLinker, admission.NewAlwaysDenyController())
server := httptest.NewServer(handler)
defer server.Close()
item := &Simple{
Other: "bar",
}
body, err := codec.Encode(item)
if err != nil {
// The following cases will fail, so die now
t.Fatalf("unexpected error: %v", err)
}
client := http.Client{}
request, err := http.NewRequest("PUT", server.URL+"/prefix/version/simple/"+ID, bytes.NewReader(body))
response, err := client.Do(request)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if response.StatusCode != http.StatusConflict {
t.Errorf("Unexpected response %#v", response)
}
}
func TestUpdateMissing(t *testing.T) { func TestUpdateMissing(t *testing.T) {
storage := map[string]RESTStorage{} storage := map[string]RESTStorage{}
ID := "id" ID := "id"
@ -615,6 +668,41 @@ func TestCreate(t *testing.T) {
wait.Done() wait.Done()
} }
func TestCreateInvokesAdmissionControl(t *testing.T) {
wait := sync.WaitGroup{}
wait.Add(1)
simpleStorage := &SimpleRESTStorage{
injectedFunction: func(obj runtime.Object) (returnObj runtime.Object, err error) {
wait.Wait()
return &Simple{}, nil
},
}
handler := Handle(map[string]RESTStorage{
"foo": simpleStorage,
}, codec, "/prefix", testVersion, selfLinker, admission.NewAlwaysDenyController())
handler.(*defaultAPIServer).group.handler.asyncOpWait = 0
server := httptest.NewServer(handler)
defer server.Close()
client := http.Client{}
simple := &Simple{
Other: "foo",
}
data, _ := codec.Encode(simple)
request, err := http.NewRequest("POST", server.URL+"/prefix/version/foo", bytes.NewBuffer(data))
if err != nil {
t.Errorf("unexpected error: %v", err)
}
response, err := client.Do(request)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if response.StatusCode != http.StatusConflict {
t.Errorf("Unexpected response %#v", response)
}
}
func TestCreateNotFound(t *testing.T) { func TestCreateNotFound(t *testing.T) {
handler := Handle(map[string]RESTStorage{ handler := Handle(map[string]RESTStorage{
"simple": &SimpleRESTStorage{ "simple": &SimpleRESTStorage{

6
plugin/pkg/admission/deny/admission.go
View File

@ -18,8 +18,10 @@ package deny
import ( import (
"errors" "errors"
"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
"io" "io"
"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
apierrors "github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
) )
func init() { func init() {
@ -31,7 +33,7 @@ func init() {
type alwaysDeny struct{} type alwaysDeny struct{}
func (alwaysDeny) Admit(a admission.Attributes) (err error) { func (alwaysDeny) Admit(a admission.Attributes) (err error) {
return errors.New("You shall not pass!") return apierrors.NewConflict(a.GetKind(), "", errors.New("No changes allowed"))
} }
func NewAlwaysDeny() admission.Interface { func NewAlwaysDeny() admission.Interface {