From 6c3891a25f192aaad8e5c1ed1fe5580662805d53 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Fri, 28 Jun 2019 15:36:45 -0700 Subject: [PATCH] Remove default admissionReviewVersions in v1, make required in validation --- pkg/apis/admissionregistration/v1/defaults.go | 8 ------- .../validation/validation.go | 2 +- .../validation/validation_test.go | 21 +++++++++++++++++++ .../api/admissionregistration/v1/types.go | 8 ++----- 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/pkg/apis/admissionregistration/v1/defaults.go b/pkg/apis/admissionregistration/v1/defaults.go index 4105ae14168..7a63c5cdf71 100644 --- a/pkg/apis/admissionregistration/v1/defaults.go +++ b/pkg/apis/admissionregistration/v1/defaults.go @@ -48,10 +48,6 @@ func SetDefaults_ValidatingWebhook(obj *admissionregistrationv1.ValidatingWebhoo obj.TimeoutSeconds = new(int32) *obj.TimeoutSeconds = 10 } - - if len(obj.AdmissionReviewVersions) == 0 { - obj.AdmissionReviewVersions = []string{admissionregistrationv1.SchemeGroupVersion.Version} - } } func SetDefaults_MutatingWebhook(obj *admissionregistrationv1.MutatingWebhook) { @@ -79,10 +75,6 @@ func SetDefaults_MutatingWebhook(obj *admissionregistrationv1.MutatingWebhook) { never := admissionregistrationv1.NeverReinvocationPolicy obj.ReinvocationPolicy = &never } - - if len(obj.AdmissionReviewVersions) == 0 { - obj.AdmissionReviewVersions = []string{admissionregistrationv1.SchemeGroupVersion.Version} - } } func SetDefaults_Rule(obj *admissionregistrationv1.Rule) { diff --git a/pkg/apis/admissionregistration/validation/validation.go b/pkg/apis/admissionregistration/validation/validation.go index 377bf878a37..c2cbd13cc72 100644 --- a/pkg/apis/admissionregistration/validation/validation.go +++ b/pkg/apis/admissionregistration/validation/validation.go @@ -167,7 +167,7 @@ func validateAdmissionReviewVersions(versions []string, requireRecognizedVersion // Currently only v1beta1 accepted in AdmissionReviewVersions if len(versions) < 1 { - allErrors = append(allErrors, field.Required(fldPath, "")) + allErrors = append(allErrors, field.Required(fldPath, fmt.Sprintf("must specify one of %v", strings.Join(AcceptedAdmissionReviewVersions, ", ")))) } else { seen := map[string]bool{} hasAcceptedVersion := false diff --git a/pkg/apis/admissionregistration/validation/validation_test.go b/pkg/apis/admissionregistration/validation/validation_test.go index 95a93f5efd3..39ff7c58b83 100644 --- a/pkg/apis/admissionregistration/validation/validation_test.go +++ b/pkg/apis/admissionregistration/validation/validation_test.go @@ -58,6 +58,16 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) { expectedError string }{ { + name: "AdmissionReviewVersions are required", + config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{ + { + Name: "webhook.k8s.io", + ClientConfig: validClientConfig, + SideEffects: validSideEffect, + }, + }, false), + expectedError: `webhooks[0].admissionReviewVersions: Required value: must specify one of v1beta1`, + }, { name: "should fail on bad AdmissionReviewVersion value", config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{ { @@ -358,6 +368,17 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) { }, true), expectedError: `webhooks[0].failurePolicy: Unsupported value: "other": supported values: "Fail", "Ignore"`, }, + { + name: "AdmissionReviewVersions are required", + config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{ + { + Name: "webhook.k8s.io", + ClientConfig: validClientConfig, + SideEffects: validSideEffect, + }, + }, false), + expectedError: `webhooks[0].admissionReviewVersions: Required value: must specify one of v1beta1`, + }, { name: "SideEffects are required", config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{ diff --git a/staging/src/k8s.io/api/admissionregistration/v1/types.go b/staging/src/k8s.io/api/admissionregistration/v1/types.go index 82358e44df0..b9b40f26928 100644 --- a/staging/src/k8s.io/api/admissionregistration/v1/types.go +++ b/staging/src/k8s.io/api/admissionregistration/v1/types.go @@ -296,9 +296,7 @@ type ValidatingWebhook struct { // If a persisted webhook configuration specifies allowed versions and does not // include any versions known to the API Server, calls to the webhook will fail // and be subject to the failure policy. - // Default to `['v1beta1']`. - // +optional - AdmissionReviewVersions []string `json:"admissionReviewVersions,omitempty" protobuf:"bytes,8,rep,name=admissionReviewVersions"` + AdmissionReviewVersions []string `json:"admissionReviewVersions" protobuf:"bytes,8,rep,name=admissionReviewVersions"` } // MutatingWebhook describes an admission webhook and the resources and operations it applies to. @@ -427,9 +425,7 @@ type MutatingWebhook struct { // If a persisted webhook configuration specifies allowed versions and does not // include any versions known to the API Server, calls to the webhook will fail // and be subject to the failure policy. - // Default to `['v1beta1']`. - // +optional - AdmissionReviewVersions []string `json:"admissionReviewVersions,omitempty" protobuf:"bytes,8,rep,name=admissionReviewVersions"` + AdmissionReviewVersions []string `json:"admissionReviewVersions" protobuf:"bytes,8,rep,name=admissionReviewVersions"` // reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. // Allowed values are "Never" and "IfNeeded".