github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

add import-alias for k8s.io/api/admissionregistration/v1beta1

Browse Source
This commit is contained in:
Aaron Crickenberger 2019-06-20 11:39:35 -07:00
parent ab3b24ac0a
commit ba36cc9ebb
2 changed files with 123 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hack/.import-aliases
View File

@ -1,3 +1,3 @@
{ {
"k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1": "kubeletstatsv1alpha1" "k8s.io/api/admissionregistration/v1beta1": "admissionregistrationv1beta1"
} }

243
test/e2e/apimachinery/webhook.go
View File

@ -18,11 +18,7 @@ package apimachinery
import ( import (
"fmt" "fmt"
"reflect" admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
"strings"
"time"
"k8s.io/api/admissionregistration/v1beta1"
apps "k8s.io/api/apps/v1" apps "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
@ -44,6 +40,9 @@ import (
"k8s.io/kubernetes/test/utils/crd" "k8s.io/kubernetes/test/utils/crd"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
"k8s.io/utils/pointer" "k8s.io/utils/pointer"
"reflect"
"strings"
"time"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"github.com/onsi/gomega" "github.com/onsi/gomega"
@ -234,8 +233,8 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
}) })
ginkgo.It("Should honor timeout", func() { ginkgo.It("Should honor timeout", func() {
policyFail := v1beta1.Fail policyFail := admissionregistrationv1beta1.Fail
policyIgnore := v1beta1.Ignore policyIgnore := admissionregistrationv1beta1.Ignore
ginkgo.By("Setting timeout (1s) shorter than webhook latency (5s)") ginkgo.By("Setting timeout (1s) shorter than webhook latency (5s)")
slowWebhookCleanup := registerSlowWebhook(f, context, &policyFail, pointer.Int32Ptr(1)) slowWebhookCleanup := registerSlowWebhook(f, context, &policyFail, pointer.Int32Ptr(1))
@ -422,26 +421,26 @@ func registerWebhook(f *framework.Framework, context *certContext) func() {
configName := webhookConfigName configName := webhookConfigName
// A webhook that cannot talk to server, with fail-open policy // A webhook that cannot talk to server, with fail-open policy
failOpenHook := failingWebhook(namespace, "fail-open.k8s.io") failOpenHook := failingWebhook(namespace, "fail-open.k8s.io")
policyIgnore := v1beta1.Ignore policyIgnore := admissionregistrationv1beta1.Ignore
failOpenHook.FailurePolicy = &policyIgnore failOpenHook.FailurePolicy = &policyIgnore
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
{ {
Name: "deny-unwanted-pod-container-name-and-label.k8s.io", Name: "deny-unwanted-pod-container-name-and-label.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"pods"}, Resources: []string{"pods"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/pods"), Path: strPtr("/pods"),
@ -452,9 +451,9 @@ func registerWebhook(f *framework.Framework, context *certContext) func() {
}, },
{ {
Name: "deny-unwanted-configmap-data.k8s.io", Name: "deny-unwanted-configmap-data.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create, v1beta1.Update, v1beta1.Delete}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update, admissionregistrationv1beta1.Delete},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"configmaps"}, Resources: []string{"configmaps"},
@ -470,8 +469,8 @@ func registerWebhook(f *framework.Framework, context *certContext) func() {
}, },
}, },
}, },
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/configmaps"), Path: strPtr("/configmaps"),
@ -503,26 +502,26 @@ func registerWebhookForAttachingPod(f *framework.Framework, context *certContext
configName := attachingPodWebhookConfigName configName := attachingPodWebhookConfigName
// A webhook that cannot talk to server, with fail-open policy // A webhook that cannot talk to server, with fail-open policy
failOpenHook := failingWebhook(namespace, "fail-open.k8s.io") failOpenHook := failingWebhook(namespace, "fail-open.k8s.io")
policyIgnore := v1beta1.Ignore policyIgnore := admissionregistrationv1beta1.Ignore
failOpenHook.FailurePolicy = &policyIgnore failOpenHook.FailurePolicy = &policyIgnore
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
{ {
Name: "deny-attaching-pod.k8s.io", Name: "deny-attaching-pod.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Connect}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Connect},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"pods/attach"}, Resources: []string{"pods/attach"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/pods/attach"), Path: strPtr("/pods/attach"),
@ -550,23 +549,23 @@ func registerMutatingWebhookForConfigMap(f *framework.Framework, context *certCo
namespace := f.Namespace.Name namespace := f.Namespace.Name
configName := mutatingWebhookConfigName configName := mutatingWebhookConfigName
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&v1beta1.MutatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&admissionregistrationv1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.MutatingWebhook{ Webhooks: []admissionregistrationv1beta1.MutatingWebhook{
{ {
Name: "adding-configmap-data-stage-1.k8s.io", Name: "adding-configmap-data-stage-1.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"configmaps"}, Resources: []string{"configmaps"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/mutating-configmaps"), Path: strPtr("/mutating-configmaps"),
@ -577,16 +576,16 @@ func registerMutatingWebhookForConfigMap(f *framework.Framework, context *certCo
}, },
{ {
Name: "adding-configmap-data-stage-2.k8s.io", Name: "adding-configmap-data-stage-2.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"configmaps"}, Resources: []string{"configmaps"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/mutating-configmaps"), Path: strPtr("/mutating-configmaps"),
@ -627,23 +626,23 @@ func registerMutatingWebhookForPod(f *framework.Framework, context *certContext)
namespace := f.Namespace.Name namespace := f.Namespace.Name
configName := podMutatingWebhookConfigName configName := podMutatingWebhookConfigName
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&v1beta1.MutatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&admissionregistrationv1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.MutatingWebhook{ Webhooks: []admissionregistrationv1beta1.MutatingWebhook{
{ {
Name: "adding-init-container.k8s.io", Name: "adding-init-container.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"pods"}, Resources: []string{"pods"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/mutating-pods"), Path: strPtr("/mutating-pods"),
@ -834,19 +833,19 @@ func testAttachingPodWebhook(f *framework.Framework) {
// failingWebhook returns a webhook with rule of create configmaps, // failingWebhook returns a webhook with rule of create configmaps,
// but with an invalid client config so that server cannot communicate with it // but with an invalid client config so that server cannot communicate with it
func failingWebhook(namespace, name string) v1beta1.ValidatingWebhook { func failingWebhook(namespace, name string) admissionregistrationv1beta1.ValidatingWebhook {
return v1beta1.ValidatingWebhook{ return admissionregistrationv1beta1.ValidatingWebhook{
Name: name, Name: name,
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"configmaps"}, Resources: []string{"configmaps"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/configmaps"), Path: strPtr("/configmaps"),
@ -865,7 +864,7 @@ func registerFailClosedWebhook(f *framework.Framework, context *certContext) fun
namespace := f.Namespace.Name namespace := f.Namespace.Name
configName := webhookFailClosedConfigName configName := webhookFailClosedConfigName
// A webhook that cannot talk to server, with fail-closed policy // A webhook that cannot talk to server, with fail-closed policy
policyFail := v1beta1.Fail policyFail := admissionregistrationv1beta1.Fail
hook := failingWebhook(namespace, "fail-closed.k8s.io") hook := failingWebhook(namespace, "fail-closed.k8s.io")
hook.FailurePolicy = &policyFail hook.FailurePolicy = &policyFail
hook.NamespaceSelector = &metav1.LabelSelector{ hook.NamespaceSelector = &metav1.LabelSelector{
@ -878,11 +877,11 @@ func registerFailClosedWebhook(f *framework.Framework, context *certContext) fun
}, },
} }
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
// Server cannot talk to this webhook, so it always fails. // Server cannot talk to this webhook, so it always fails.
// Because this webhook is configured fail-closed, request should be rejected after the call fails. // Because this webhook is configured fail-closed, request should be rejected after the call fails.
hook, hook,
@ -929,21 +928,21 @@ func registerValidatingWebhookForWebhookConfigurations(f *framework.Framework, c
namespace := f.Namespace.Name namespace := f.Namespace.Name
configName := validatingWebhookForWebhooksConfigName configName := validatingWebhookForWebhooksConfigName
failurePolicy := v1beta1.Fail failurePolicy := admissionregistrationv1beta1.Fail
// This webhook denies all requests to Delete validating webhook configuration and // This webhook denies all requests to Delete validating webhook configuration and
// mutating webhook configuration objects. It should never be called, however, because // mutating webhook configuration objects. It should never be called, however, because
// dynamic admission webhooks should not be called on requests involving webhook configuration objects. // dynamic admission webhooks should not be called on requests involving webhook configuration objects.
_, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ _, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
{ {
Name: "deny-webhook-configuration-deletions.k8s.io", Name: "deny-webhook-configuration-deletions.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Delete}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Delete},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{"admissionregistration.k8s.io"}, APIGroups: []string{"admissionregistration.k8s.io"},
APIVersions: []string{"*"}, APIVersions: []string{"*"},
Resources: []string{ Resources: []string{
@ -952,8 +951,8 @@ func registerValidatingWebhookForWebhookConfigurations(f *framework.Framework, c
}, },
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/always-deny"), Path: strPtr("/always-deny"),
@ -982,21 +981,21 @@ func registerMutatingWebhookForWebhookConfigurations(f *framework.Framework, con
namespace := f.Namespace.Name namespace := f.Namespace.Name
configName := mutatingWebhookForWebhooksConfigName configName := mutatingWebhookForWebhooksConfigName
failurePolicy := v1beta1.Fail failurePolicy := admissionregistrationv1beta1.Fail
// This webhook adds a label to all requests create to validating webhook configuration and // This webhook adds a label to all requests create to validating webhook configuration and
// mutating webhook configuration objects. It should never be called, however, because // mutating webhook configuration objects. It should never be called, however, because
// dynamic admission webhooks should not be called on requests involving webhook configuration objects. // dynamic admission webhooks should not be called on requests involving webhook configuration objects.
_, err = client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&v1beta1.MutatingWebhookConfiguration{ _, err = client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&admissionregistrationv1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.MutatingWebhook{ Webhooks: []admissionregistrationv1beta1.MutatingWebhook{
{ {
Name: "add-label-to-webhook-configurations.k8s.io", Name: "add-label-to-webhook-configurations.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{"admissionregistration.k8s.io"}, APIGroups: []string{"admissionregistration.k8s.io"},
APIVersions: []string{"*"}, APIVersions: []string{"*"},
Resources: []string{ Resources: []string{
@ -1005,8 +1004,8 @@ func registerMutatingWebhookForWebhookConfigurations(f *framework.Framework, con
}, },
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/add-label"), Path: strPtr("/add-label"),
@ -1037,26 +1036,26 @@ func testWebhooksForWebhookConfigurations(f *framework.Framework) {
ginkgo.By("Creating a dummy validating-webhook-configuration object") ginkgo.By("Creating a dummy validating-webhook-configuration object")
namespace := f.Namespace.Name namespace := f.Namespace.Name
failurePolicy := v1beta1.Ignore failurePolicy := admissionregistrationv1beta1.Ignore
mutatedValidatingWebhookConfiguration, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ mutatedValidatingWebhookConfiguration, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: dummyValidatingWebhookConfigName, Name: dummyValidatingWebhookConfigName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
{ {
Name: "dummy-validating-webhook.k8s.io", Name: "dummy-validating-webhook.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
// This will not match any real resources so this webhook should never be called. // This will not match any real resources so this webhook should never be called.
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"invalid"}, Resources: []string{"invalid"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
// This path not recognized by the webhook service, // This path not recognized by the webhook service,
@ -1087,24 +1086,24 @@ func testWebhooksForWebhookConfigurations(f *framework.Framework) {
ginkgo.By("Creating a dummy mutating-webhook-configuration object") ginkgo.By("Creating a dummy mutating-webhook-configuration object")
mutatedMutatingWebhookConfiguration, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&v1beta1.MutatingWebhookConfiguration{ mutatedMutatingWebhookConfiguration, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&admissionregistrationv1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: dummyMutatingWebhookConfigName, Name: dummyMutatingWebhookConfigName,
}, },
Webhooks: []v1beta1.MutatingWebhook{ Webhooks: []admissionregistrationv1beta1.MutatingWebhook{
{ {
Name: "dummy-mutating-webhook.k8s.io", Name: "dummy-mutating-webhook.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
// This will not match any real resources so this webhook should never be called. // This will not match any real resources so this webhook should never be called.
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"invalid"}, Resources: []string{"invalid"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
// This path not recognized by the webhook service, // This path not recognized by the webhook service,
@ -1295,23 +1294,23 @@ func registerWebhookForCustomResource(f *framework.Framework, context *certConte
namespace := f.Namespace.Name namespace := f.Namespace.Name
configName := crWebhookConfigName configName := crWebhookConfigName
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
{ {
Name: "deny-unwanted-custom-resource-data.k8s.io", Name: "deny-unwanted-custom-resource-data.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create, v1beta1.Update, v1beta1.Delete}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update, admissionregistrationv1beta1.Delete},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{testcrd.Crd.Spec.Group}, APIGroups: []string{testcrd.Crd.Spec.Group},
APIVersions: servedAPIVersions(testcrd.Crd), APIVersions: servedAPIVersions(testcrd.Crd),
Resources: []string{testcrd.Crd.Spec.Names.Plural}, Resources: []string{testcrd.Crd.Spec.Names.Plural},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/custom-resource"), Path: strPtr("/custom-resource"),
@ -1337,23 +1336,23 @@ func registerMutatingWebhookForCustomResource(f *framework.Framework, context *c
namespace := f.Namespace.Name namespace := f.Namespace.Name
configName := f.UniqueName configName := f.UniqueName
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&v1beta1.MutatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&admissionregistrationv1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.MutatingWebhook{ Webhooks: []admissionregistrationv1beta1.MutatingWebhook{
{ {
Name: "mutate-custom-resource-data-stage-1.k8s.io", Name: "mutate-custom-resource-data-stage-1.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create, v1beta1.Update}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{testcrd.Crd.Spec.Group}, APIGroups: []string{testcrd.Crd.Spec.Group},
APIVersions: servedAPIVersions(testcrd.Crd), APIVersions: servedAPIVersions(testcrd.Crd),
Resources: []string{testcrd.Crd.Spec.Names.Plural}, Resources: []string{testcrd.Crd.Spec.Names.Plural},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/mutating-custom-resource"), Path: strPtr("/mutating-custom-resource"),
@ -1364,16 +1363,16 @@ func registerMutatingWebhookForCustomResource(f *framework.Framework, context *c
}, },
{ {
Name: "mutate-custom-resource-data-stage-2.k8s.io", Name: "mutate-custom-resource-data-stage-2.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{testcrd.Crd.Spec.Group}, APIGroups: []string{testcrd.Crd.Spec.Group},
APIVersions: servedAPIVersions(testcrd.Crd), APIVersions: servedAPIVersions(testcrd.Crd),
Resources: []string{testcrd.Crd.Spec.Names.Plural}, Resources: []string{testcrd.Crd.Spec.Names.Plural},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/mutating-custom-resource"), Path: strPtr("/mutating-custom-resource"),
@ -1532,23 +1531,23 @@ func registerValidatingWebhookForCRD(f *framework.Framework, context *certContex
// label "webhook-e2e-test":"webhook-disallow" // label "webhook-e2e-test":"webhook-disallow"
// NOTE: Because tests are run in parallel and in an unpredictable order, it is critical // NOTE: Because tests are run in parallel and in an unpredictable order, it is critical
// that no other test attempts to create CRD with that label. // that no other test attempts to create CRD with that label.
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
{ {
Name: "deny-crd-with-unwanted-label.k8s.io", Name: "deny-crd-with-unwanted-label.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{"apiextensions.k8s.io"}, APIGroups: []string{"apiextensions.k8s.io"},
APIVersions: []string{"*"}, APIVersions: []string{"*"},
Resources: []string{"customresourcedefinitions"}, Resources: []string{"customresourcedefinitions"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/crd"), Path: strPtr("/crd"),
@ -1621,7 +1620,7 @@ func testCRDDenyWebhook(f *framework.Framework) {
} }
} }
func registerSlowWebhook(f *framework.Framework, context *certContext, policy *v1beta1.FailurePolicyType, timeout *int32) func() { func registerSlowWebhook(f *framework.Framework, context *certContext, policy *admissionregistrationv1beta1.FailurePolicyType, timeout *int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering slow webhook via the AdmissionRegistration API") ginkgo.By("Registering slow webhook via the AdmissionRegistration API")
@ -1638,23 +1637,23 @@ func registerSlowWebhook(f *framework.Framework, context *certContext, policy *v
_, err = client.CoreV1().Namespaces().Update(ns) _, err = client.CoreV1().Namespaces().Update(ns)
framework.ExpectNoError(err, "error labeling namespace %s", namespace) framework.ExpectNoError(err, "error labeling namespace %s", namespace)
_, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{ _, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: configName, Name: configName,
}, },
Webhooks: []v1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{
{ {
Name: "allow-configmap-with-delay-webhook.k8s.io", Name: "allow-configmap-with-delay-webhook.k8s.io",
Rules: []v1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create}, Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.Create},
Rule: v1beta1.Rule{ Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{""}, APIGroups: []string{""},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
Resources: []string{"configmaps"}, Resources: []string{"configmaps"},
}, },
}}, }},
ClientConfig: v1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{ Service: &admissionregistrationv1beta1.ServiceReference{
Namespace: namespace, Namespace: namespace,
Name: serviceName, Name: serviceName,
Path: strPtr("/always-allow-delay-5s"), Path: strPtr("/always-allow-delay-5s"),