mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 05:27:21 +00:00
Drop legacy validation logic for admission registration
This commit is contained in:
Jordan Liggitt
parent
39a1293cbc
commit
befffd1565
@ -22,7 +22,6 @@ import (
|
|||||||
|
|
||||||
genericvalidation "k8s.io/apimachinery/pkg/api/validation"
|
genericvalidation "k8s.io/apimachinery/pkg/api/validation"
|
||||||
metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
|
metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
utilvalidation "k8s.io/apimachinery/pkg/util/validation"
|
utilvalidation "k8s.io/apimachinery/pkg/util/validation"
|
||||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||||
@ -201,11 +200,11 @@ func validateAdmissionReviewVersions(versions []string, requireRecognizedAdmissi
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ValidateValidatingWebhookConfiguration validates a webhook before creation.
|
// ValidateValidatingWebhookConfiguration validates a webhook before creation.
|
||||||
func ValidateValidatingWebhookConfiguration(e *admissionregistration.ValidatingWebhookConfiguration, requestGV schema.GroupVersion) field.ErrorList {
|
func ValidateValidatingWebhookConfiguration(e *admissionregistration.ValidatingWebhookConfiguration) field.ErrorList {
|
||||||
return validateValidatingWebhookConfiguration(e, validationOptions{
|
return validateValidatingWebhookConfiguration(e, validationOptions{
|
||||||
requireNoSideEffects: requireNoSideEffects(requestGV),
|
requireNoSideEffects: true,
|
||||||
requireRecognizedAdmissionReviewVersion: true,
|
requireRecognizedAdmissionReviewVersion: true,
|
||||||
requireUniqueWebhookNames: requireUniqueWebhookNames(requestGV),
|
requireUniqueWebhookNames: true,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -226,11 +225,11 @@ func validateValidatingWebhookConfiguration(e *admissionregistration.ValidatingW
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ValidateMutatingWebhookConfiguration validates a webhook before creation.
|
// ValidateMutatingWebhookConfiguration validates a webhook before creation.
|
||||||
func ValidateMutatingWebhookConfiguration(e *admissionregistration.MutatingWebhookConfiguration, requestGV schema.GroupVersion) field.ErrorList {
|
func ValidateMutatingWebhookConfiguration(e *admissionregistration.MutatingWebhookConfiguration) field.ErrorList {
|
||||||
return validateMutatingWebhookConfiguration(e, validationOptions{
|
return validateMutatingWebhookConfiguration(e, validationOptions{
|
||||||
requireNoSideEffects: requireNoSideEffects(requestGV),
|
requireNoSideEffects: true,
|
||||||
requireRecognizedAdmissionReviewVersion: true,
|
requireRecognizedAdmissionReviewVersion: true,
|
||||||
requireUniqueWebhookNames: requireUniqueWebhookNames(requestGV),
|
requireUniqueWebhookNames: true,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -497,29 +496,19 @@ func validatingHasNoSideEffects(webhooks []admissionregistration.ValidatingWebho
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ValidateValidatingWebhookConfigurationUpdate validates update of validating webhook configuration
|
// ValidateValidatingWebhookConfigurationUpdate validates update of validating webhook configuration
|
||||||
func ValidateValidatingWebhookConfigurationUpdate(newC, oldC *admissionregistration.ValidatingWebhookConfiguration, requestGV schema.GroupVersion) field.ErrorList {
|
func ValidateValidatingWebhookConfigurationUpdate(newC, oldC *admissionregistration.ValidatingWebhookConfiguration) field.ErrorList {
|
||||||
return validateValidatingWebhookConfiguration(newC, validationOptions{
|
return validateValidatingWebhookConfiguration(newC, validationOptions{
|
||||||
requireNoSideEffects: requireNoSideEffects(requestGV) && validatingHasNoSideEffects(oldC.Webhooks),
|
requireNoSideEffects: validatingHasNoSideEffects(oldC.Webhooks),
|
||||||
requireRecognizedAdmissionReviewVersion: validatingHasAcceptedAdmissionReviewVersions(oldC.Webhooks),
|
requireRecognizedAdmissionReviewVersion: validatingHasAcceptedAdmissionReviewVersions(oldC.Webhooks),
|
||||||
requireUniqueWebhookNames: requireUniqueWebhookNames(requestGV) && validatingHasUniqueWebhookNames(oldC.Webhooks),
|
requireUniqueWebhookNames: validatingHasUniqueWebhookNames(oldC.Webhooks),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateMutatingWebhookConfigurationUpdate validates update of mutating webhook configuration
|
// ValidateMutatingWebhookConfigurationUpdate validates update of mutating webhook configuration
|
||||||
func ValidateMutatingWebhookConfigurationUpdate(newC, oldC *admissionregistration.MutatingWebhookConfiguration, requestGV schema.GroupVersion) field.ErrorList {
|
func ValidateMutatingWebhookConfigurationUpdate(newC, oldC *admissionregistration.MutatingWebhookConfiguration) field.ErrorList {
|
||||||
return validateMutatingWebhookConfiguration(newC, validationOptions{
|
return validateMutatingWebhookConfiguration(newC, validationOptions{
|
||||||
requireNoSideEffects: requireNoSideEffects(requestGV) && mutatingHasNoSideEffects(oldC.Webhooks),
|
requireNoSideEffects: mutatingHasNoSideEffects(oldC.Webhooks),
|
||||||
requireRecognizedAdmissionReviewVersion: mutatingHasAcceptedAdmissionReviewVersions(oldC.Webhooks),
|
requireRecognizedAdmissionReviewVersion: mutatingHasAcceptedAdmissionReviewVersions(oldC.Webhooks),
|
||||||
requireUniqueWebhookNames: requireUniqueWebhookNames(requestGV) && mutatingHasUniqueWebhookNames(oldC.Webhooks),
|
requireUniqueWebhookNames: mutatingHasUniqueWebhookNames(oldC.Webhooks),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// requireUniqueWebhookNames returns true for all requests except v1beta1 (for backwards compatibility)
|
|
||||||
func requireUniqueWebhookNames(requestGV schema.GroupVersion) bool {
|
|
||||||
return requestGV != (schema.GroupVersion{Group: admissionregistration.GroupName, Version: "v1beta1"})
|
|
||||||
}
|
|
||||||
|
|
||||||
// requireNoSideEffects returns true for all requests except v1beta1 (for backwards compatibility)
|
|
||||||
func requireNoSideEffects(requestGV schema.GroupVersion) bool {
|
|
||||||
return requestGV != (schema.GroupVersion{Group: admissionregistration.GroupName, Version: "v1beta1"})
|
|
||||||
}
|
|
||||||
|
|||||||
@ -21,7 +21,6 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
"k8s.io/kubernetes/pkg/apis/admissionregistration"
|
"k8s.io/kubernetes/pkg/apis/admissionregistration"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -46,6 +45,7 @@ func newValidatingWebhookConfiguration(hooks []admissionregistration.ValidatingW
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
||||||
|
noSideEffect := admissionregistration.SideEffectClassNone
|
||||||
unknownSideEffect := admissionregistration.SideEffectClassUnknown
|
unknownSideEffect := admissionregistration.SideEffectClassUnknown
|
||||||
validClientConfig := admissionregistration.WebhookClientConfig{
|
validClientConfig := admissionregistration.WebhookClientConfig{
|
||||||
URL: strPtr("https://example.com"),
|
URL: strPtr("https://example.com"),
|
||||||
@ -53,7 +53,6 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
config *admissionregistration.ValidatingWebhookConfiguration
|
config *admissionregistration.ValidatingWebhookConfiguration
|
||||||
gv schema.GroupVersion
|
|
||||||
expectedError string
|
expectedError string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@ -83,11 +82,10 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
AdmissionReviewVersions: []string{"v1beta1"},
|
AdmissionReviewVersions: []string{"v1beta1"},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -96,11 +94,10 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
AdmissionReviewVersions: []string{"v1beta1", "invalid-version"},
|
AdmissionReviewVersions: []string{"v1beta1", "invalid-version"},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -131,24 +128,23 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "k8s.io",
|
Name: "k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "",
|
Name: "",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: `webhooks[1].name: Invalid value: "k8s.io": should be a domain with at least three segments separated by dots, webhooks[2].name: Required value`,
|
expectedError: `webhooks[1].name: Invalid value: "k8s.io": should be a domain with at least three segments separated by dots, webhooks[2].name: Required value`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Webhooks must have unique names when not created via v1beta1",
|
name: "Webhooks must have unique names when created",
|
||||||
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
@ -161,26 +157,8 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &unknownSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "foo", Version: "bar"},
|
|
||||||
expectedError: `webhooks[1].name: Duplicate value: "webhook.k8s.io"`,
|
expectedError: `webhooks[1].name: Duplicate value: "webhook.k8s.io"`,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
name: "Webhooks can have duplicate names when created via v1beta1",
|
|
||||||
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
}, true),
|
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
name: "Operations must not be empty or nil",
|
name: "Operations must not be empty or nil",
|
||||||
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
||||||
@ -271,7 +249,7 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
Rules: []admissionregistration.RuleWithOperations{
|
Rules: []admissionregistration.RuleWithOperations{
|
||||||
{
|
{
|
||||||
Operations: []admissionregistration.OperationType{"CREATE"},
|
Operations: []admissionregistration.OperationType{"CREATE"},
|
||||||
@ -284,7 +262,6 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: `resource "*" cannot mix with resources that don't have subresources`,
|
name: `resource "*" cannot mix with resources that don't have subresources`,
|
||||||
@ -334,7 +311,7 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
Rules: []admissionregistration.RuleWithOperations{
|
Rules: []admissionregistration.RuleWithOperations{
|
||||||
{
|
{
|
||||||
Operations: []admissionregistration.OperationType{"CREATE"},
|
Operations: []admissionregistration.OperationType{"CREATE"},
|
||||||
@ -347,7 +324,6 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "resource */a cannot mix with x/a",
|
name: "resource */a cannot mix with x/a",
|
||||||
@ -429,7 +405,7 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
expectedError: `webhooks[0].sideEffects: Required value: must specify one of None, NoneOnDryRun`,
|
expectedError: `webhooks[0].sideEffects: Required value: must specify one of None, NoneOnDryRun`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "SideEffects can only be \"Unknown\", \"None\", \"Some\", or \"NoneOnDryRun\" via v1beta1",
|
name: "SideEffects can only be \"None\" or \"NoneOnDryRun\" when created",
|
||||||
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
@ -440,22 +416,6 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
}(),
|
}(),
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: `webhooks[0].sideEffects: Unsupported value: "other": supported values: "None", "NoneOnDryRun", "Some", "Unknown"`,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "SideEffects can only be \"None\" or \"NoneOnDryRun\" via v1",
|
|
||||||
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: func() *admissionregistration.SideEffectClass {
|
|
||||||
r := admissionregistration.SideEffectClass("other")
|
|
||||||
return &r
|
|
||||||
}(),
|
|
||||||
},
|
|
||||||
}, true),
|
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1"},
|
|
||||||
expectedError: `webhooks[0].sideEffects: Unsupported value: "other": supported values: "None", "NoneOnDryRun"`,
|
expectedError: `webhooks[0].sideEffects: Unsupported value: "other": supported values: "None", "NoneOnDryRun"`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -599,10 +559,9 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -618,10 +577,9 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -637,7 +595,7 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
expectedError: `clientConfig.service.path: Invalid value: "//": segment[0] may not be empty`,
|
expectedError: `clientConfig.service.path: Invalid value: "//": segment[0] may not be empty`,
|
||||||
@ -775,28 +733,27 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
TimeoutSeconds: int32Ptr(1),
|
TimeoutSeconds: int32Ptr(1),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "webhook2.k8s.io",
|
Name: "webhook2.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
TimeoutSeconds: int32Ptr(15),
|
TimeoutSeconds: int32Ptr(15),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "webhook3.k8s.io",
|
Name: "webhook3.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
TimeoutSeconds: int32Ptr(30),
|
TimeoutSeconds: int32Ptr(30),
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
t.Run(test.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
errs := ValidateValidatingWebhookConfiguration(test.config, test.gv)
|
errs := ValidateValidatingWebhookConfiguration(test.config)
|
||||||
err := errs.ToAggregate()
|
err := errs.ToAggregate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
||||||
@ -821,7 +778,6 @@ func TestValidateValidatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
name string
|
name string
|
||||||
oldconfig *admissionregistration.ValidatingWebhookConfiguration
|
oldconfig *admissionregistration.ValidatingWebhookConfiguration
|
||||||
config *admissionregistration.ValidatingWebhookConfiguration
|
config *admissionregistration.ValidatingWebhookConfiguration
|
||||||
gv schema.GroupVersion
|
|
||||||
expectedError string
|
expectedError string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@ -903,7 +859,7 @@ func TestValidateValidatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
expectedError: `Invalid value: []string{"invalid-v1"}`,
|
expectedError: `Invalid value: []string{"invalid-v1"}`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Webhooks must have unique names when not updated via v1beta1",
|
name: "Webhooks must have unique names when old config has unique names",
|
||||||
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
@ -923,7 +879,6 @@ func TestValidateValidatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &unknownSideEffect,
|
||||||
},
|
},
|
||||||
}, false),
|
}, false),
|
||||||
gv: schema.GroupVersion{Group: "foo", Version: "bar"},
|
|
||||||
expectedError: `webhooks[1].name: Duplicate value: "webhook.k8s.io"`,
|
expectedError: `webhooks[1].name: Duplicate value: "webhook.k8s.io"`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -952,37 +907,12 @@ func TestValidateValidatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &unknownSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "foo", Version: "bar"},
|
|
||||||
expectedError: ``,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "Webhooks can have duplicate names when updated via v1beta1",
|
|
||||||
config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
}, true),
|
|
||||||
oldconfig: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
}, false),
|
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
t.Run(test.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
errs := ValidateValidatingWebhookConfigurationUpdate(test.config, test.oldconfig, test.gv)
|
errs := ValidateValidatingWebhookConfigurationUpdate(test.config, test.oldconfig)
|
||||||
err := errs.ToAggregate()
|
err := errs.ToAggregate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
||||||
@ -1015,6 +945,7 @@ func newMutatingWebhookConfiguration(hooks []admissionregistration.MutatingWebho
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
||||||
|
noSideEffect := admissionregistration.SideEffectClassNone
|
||||||
unknownSideEffect := admissionregistration.SideEffectClassUnknown
|
unknownSideEffect := admissionregistration.SideEffectClassUnknown
|
||||||
validClientConfig := admissionregistration.WebhookClientConfig{
|
validClientConfig := admissionregistration.WebhookClientConfig{
|
||||||
URL: strPtr("https://example.com"),
|
URL: strPtr("https://example.com"),
|
||||||
@ -1022,7 +953,6 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
config *admissionregistration.MutatingWebhookConfiguration
|
config *admissionregistration.MutatingWebhookConfiguration
|
||||||
gv schema.GroupVersion
|
|
||||||
expectedError string
|
expectedError string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@ -1052,11 +982,10 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
AdmissionReviewVersions: []string{"v1beta1"},
|
AdmissionReviewVersions: []string{"v1beta1"},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -1065,11 +994,10 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
AdmissionReviewVersions: []string{"v1beta1", "invalid-version"},
|
AdmissionReviewVersions: []string{"v1beta1", "invalid-version"},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -1100,24 +1028,23 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "k8s.io",
|
Name: "k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "",
|
Name: "",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: `webhooks[1].name: Invalid value: "k8s.io": should be a domain with at least three segments separated by dots, webhooks[2].name: Required value`,
|
expectedError: `webhooks[1].name: Invalid value: "k8s.io": should be a domain with at least three segments separated by dots, webhooks[2].name: Required value`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Webhooks must have unique names when not created via v1beta1",
|
name: "Webhooks must have unique names when created",
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
@ -1130,26 +1057,8 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &unknownSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "foo", Version: "bar"},
|
|
||||||
expectedError: `webhooks[1].name: Duplicate value: "webhook.k8s.io"`,
|
expectedError: `webhooks[1].name: Duplicate value: "webhook.k8s.io"`,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
name: "Webhooks can have duplicate names when created via v1beta1",
|
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
}, true),
|
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
name: "Operations must not be empty or nil",
|
name: "Operations must not be empty or nil",
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
||||||
@ -1240,7 +1149,7 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
Rules: []admissionregistration.RuleWithOperations{
|
Rules: []admissionregistration.RuleWithOperations{
|
||||||
{
|
{
|
||||||
Operations: []admissionregistration.OperationType{"CREATE"},
|
Operations: []admissionregistration.OperationType{"CREATE"},
|
||||||
@ -1253,7 +1162,6 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: `resource "*" cannot mix with resources that don't have subresources`,
|
name: `resource "*" cannot mix with resources that don't have subresources`,
|
||||||
@ -1303,7 +1211,7 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
Rules: []admissionregistration.RuleWithOperations{
|
Rules: []admissionregistration.RuleWithOperations{
|
||||||
{
|
{
|
||||||
Operations: []admissionregistration.OperationType{"CREATE"},
|
Operations: []admissionregistration.OperationType{"CREATE"},
|
||||||
@ -1316,7 +1224,6 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "resource */a cannot mix with x/a",
|
name: "resource */a cannot mix with x/a",
|
||||||
@ -1398,7 +1305,7 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
expectedError: `webhooks[0].sideEffects: Required value: must specify one of None, NoneOnDryRun`,
|
expectedError: `webhooks[0].sideEffects: Required value: must specify one of None, NoneOnDryRun`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "SideEffects can only be \"Unknown\", \"None\", \"Some\", or \"NoneOnDryRun\" via v1beta1",
|
name: "SideEffects can only be \"None\" or \"NoneOnDryRun\" when created",
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
@ -1409,22 +1316,6 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
}(),
|
}(),
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: `webhooks[0].sideEffects: Unsupported value: "other": supported values: "None", "NoneOnDryRun", "Some", "Unknown"`,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "SideEffects can only be \"None\" or \"NoneOnDryRun\" via v1",
|
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: func() *admissionregistration.SideEffectClass {
|
|
||||||
r := admissionregistration.SideEffectClass("other")
|
|
||||||
return &r
|
|
||||||
}(),
|
|
||||||
},
|
|
||||||
}, true),
|
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1"},
|
|
||||||
expectedError: `webhooks[0].sideEffects: Unsupported value: "other": supported values: "None", "NoneOnDryRun"`,
|
expectedError: `webhooks[0].sideEffects: Unsupported value: "other": supported values: "None", "NoneOnDryRun"`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -1568,10 +1459,9 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -1587,10 +1477,9 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -1606,7 +1495,7 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
expectedError: `clientConfig.service.path: Invalid value: "//": segment[0] may not be empty`,
|
expectedError: `clientConfig.service.path: Invalid value: "//": segment[0] may not be empty`,
|
||||||
@ -1744,28 +1633,27 @@ func TestValidateMutatingWebhookConfiguration(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
TimeoutSeconds: int32Ptr(1),
|
TimeoutSeconds: int32Ptr(1),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "webhook2.k8s.io",
|
Name: "webhook2.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
TimeoutSeconds: int32Ptr(15),
|
TimeoutSeconds: int32Ptr(15),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "webhook3.k8s.io",
|
Name: "webhook3.k8s.io",
|
||||||
ClientConfig: validClientConfig,
|
ClientConfig: validClientConfig,
|
||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
TimeoutSeconds: int32Ptr(30),
|
TimeoutSeconds: int32Ptr(30),
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
t.Run(test.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
errs := ValidateMutatingWebhookConfiguration(test.config, test.gv)
|
errs := ValidateMutatingWebhookConfiguration(test.config)
|
||||||
err := errs.ToAggregate()
|
err := errs.ToAggregate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
||||||
@ -1791,7 +1679,6 @@ func TestValidateMutatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
name string
|
name string
|
||||||
oldconfig *admissionregistration.MutatingWebhookConfiguration
|
oldconfig *admissionregistration.MutatingWebhookConfiguration
|
||||||
config *admissionregistration.MutatingWebhookConfiguration
|
config *admissionregistration.MutatingWebhookConfiguration
|
||||||
gv schema.GroupVersion
|
|
||||||
expectedError string
|
expectedError string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@ -1917,35 +1804,10 @@ func TestValidateMutatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &unknownSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "foo", Version: "bar"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Webhooks can have duplicate names when updated via v1beta1",
|
name: "Webhooks can't have side effects when old config has no side effects",
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
}, true),
|
|
||||||
oldconfig: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
}, false),
|
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "Webhooks can't have side effects when old config has no side effects via v1",
|
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
||||||
{
|
{
|
||||||
Name: "webhook.k8s.io",
|
Name: "webhook.k8s.io",
|
||||||
@ -1960,7 +1822,6 @@ func TestValidateMutatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
SideEffects: &noSideEffect,
|
SideEffects: &noSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1"},
|
|
||||||
expectedError: `Unsupported value: "Unknown": supported values: "None", "NoneOnDryRun"`,
|
expectedError: `Unsupported value: "Unknown": supported values: "None", "NoneOnDryRun"`,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -1979,32 +1840,12 @@ func TestValidateMutatingWebhookConfigurationUpdate(t *testing.T) {
|
|||||||
SideEffects: &unknownSideEffect,
|
SideEffects: &unknownSideEffect,
|
||||||
},
|
},
|
||||||
}, true),
|
}, true),
|
||||||
gv: schema.GroupVersion{Group: "foo", Version: "bar"},
|
|
||||||
expectedError: ``,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "Webhooks can have side effects when updated via v1beta1",
|
|
||||||
config: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &unknownSideEffect,
|
|
||||||
},
|
|
||||||
}, true),
|
|
||||||
oldconfig: newMutatingWebhookConfiguration([]admissionregistration.MutatingWebhook{
|
|
||||||
{
|
|
||||||
Name: "webhook.k8s.io",
|
|
||||||
ClientConfig: validClientConfig,
|
|
||||||
SideEffects: &noSideEffect,
|
|
||||||
},
|
|
||||||
}, false),
|
|
||||||
gv: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"},
|
|
||||||
expectedError: ``,
|
expectedError: ``,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
t.Run(test.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
errs := ValidateMutatingWebhookConfigurationUpdate(test.config, test.oldconfig, test.gv)
|
errs := ValidateMutatingWebhookConfigurationUpdate(test.config, test.oldconfig)
|
||||||
err := errs.ToAggregate()
|
err := errs.ToAggregate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
|
||||||
|
|||||||
@ -21,9 +21,7 @@ import (
|
|||||||
"reflect"
|
"reflect"
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
|
||||||
"k8s.io/apiserver/pkg/storage/names"
|
"k8s.io/apiserver/pkg/storage/names"
|
||||||
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
||||||
"k8s.io/kubernetes/pkg/apis/admissionregistration"
|
"k8s.io/kubernetes/pkg/apis/admissionregistration"
|
||||||
@ -70,13 +68,8 @@ func (mutatingWebhookConfigurationStrategy) PrepareForUpdate(ctx context.Context
|
|||||||
|
|
||||||
// Validate validates a new mutatingWebhookConfiguration.
|
// Validate validates a new mutatingWebhookConfiguration.
|
||||||
func (mutatingWebhookConfigurationStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
func (mutatingWebhookConfigurationStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
||||||
var groupVersion schema.GroupVersion
|
|
||||||
if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found {
|
|
||||||
groupVersion = schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion}
|
|
||||||
}
|
|
||||||
|
|
||||||
ic := obj.(*admissionregistration.MutatingWebhookConfiguration)
|
ic := obj.(*admissionregistration.MutatingWebhookConfiguration)
|
||||||
return validation.ValidateMutatingWebhookConfiguration(ic, groupVersion)
|
return validation.ValidateMutatingWebhookConfiguration(ic)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Canonicalize normalizes the object after validation.
|
// Canonicalize normalizes the object after validation.
|
||||||
@ -90,12 +83,7 @@ func (mutatingWebhookConfigurationStrategy) AllowCreateOnUpdate() bool {
|
|||||||
|
|
||||||
// ValidateUpdate is the default update validation for an end user.
|
// ValidateUpdate is the default update validation for an end user.
|
||||||
func (mutatingWebhookConfigurationStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
func (mutatingWebhookConfigurationStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
||||||
var groupVersion schema.GroupVersion
|
return validation.ValidateMutatingWebhookConfigurationUpdate(obj.(*admissionregistration.MutatingWebhookConfiguration), old.(*admissionregistration.MutatingWebhookConfiguration))
|
||||||
if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found {
|
|
||||||
groupVersion = schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion}
|
|
||||||
}
|
|
||||||
|
|
||||||
return validation.ValidateMutatingWebhookConfigurationUpdate(obj.(*admissionregistration.MutatingWebhookConfiguration), old.(*admissionregistration.MutatingWebhookConfiguration), groupVersion)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// WarningsOnUpdate returns warnings for the given update.
|
// WarningsOnUpdate returns warnings for the given update.
|
||||||
|
|||||||
@ -21,9 +21,7 @@ import (
|
|||||||
"reflect"
|
"reflect"
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
|
||||||
"k8s.io/apiserver/pkg/storage/names"
|
"k8s.io/apiserver/pkg/storage/names"
|
||||||
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
||||||
"k8s.io/kubernetes/pkg/apis/admissionregistration"
|
"k8s.io/kubernetes/pkg/apis/admissionregistration"
|
||||||
@ -65,12 +63,7 @@ func (validatingWebhookConfigurationStrategy) PrepareForUpdate(ctx context.Conte
|
|||||||
|
|
||||||
// Validate validates a new validatingWebhookConfiguration.
|
// Validate validates a new validatingWebhookConfiguration.
|
||||||
func (validatingWebhookConfigurationStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
func (validatingWebhookConfigurationStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
||||||
var groupVersion schema.GroupVersion
|
return validation.ValidateValidatingWebhookConfiguration(obj.(*admissionregistration.ValidatingWebhookConfiguration))
|
||||||
if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found {
|
|
||||||
groupVersion = schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion}
|
|
||||||
}
|
|
||||||
|
|
||||||
return validation.ValidateValidatingWebhookConfiguration(obj.(*admissionregistration.ValidatingWebhookConfiguration), groupVersion)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// WarningsOnCreate returns warnings for the creation of the given object.
|
// WarningsOnCreate returns warnings for the creation of the given object.
|
||||||
@ -89,12 +82,7 @@ func (validatingWebhookConfigurationStrategy) AllowCreateOnUpdate() bool {
|
|||||||
|
|
||||||
// ValidateUpdate is the default update validation for an end user.
|
// ValidateUpdate is the default update validation for an end user.
|
||||||
func (validatingWebhookConfigurationStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
func (validatingWebhookConfigurationStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
||||||
var groupVersion schema.GroupVersion
|
return validation.ValidateValidatingWebhookConfigurationUpdate(obj.(*admissionregistration.ValidatingWebhookConfiguration), old.(*admissionregistration.ValidatingWebhookConfiguration))
|
||||||
if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found {
|
|
||||||
groupVersion = schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion}
|
|
||||||
}
|
|
||||||
|
|
||||||
return validation.ValidateValidatingWebhookConfigurationUpdate(obj.(*admissionregistration.ValidatingWebhookConfiguration), old.(*admissionregistration.ValidatingWebhookConfiguration), groupVersion)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// WarningsOnUpdate returns warnings for the given update.
|
// WarningsOnUpdate returns warnings for the given update.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user