From f3597cbf2a3c52d3099cef825ef463385b61fc21 Mon Sep 17 00:00:00 2001 From: David Eads Date: Wed, 3 Mar 2021 16:38:21 -0500 Subject: [PATCH] clean usage of admissionregistration/v1beta1 from tests --- .../admissionwebhook/broken_webhook_test.go | 28 ++++---- .../admissionwebhook/client_auth_test.go | 19 +++--- .../admissionwebhook/load_balance_test.go | 19 +++--- .../admissionwebhook/reinvocation_test.go | 39 +++++------ .../admissionwebhook/timeout_test.go | 64 ++++++++++--------- test/integration/examples/webhook_test.go | 24 ++++--- test/integration/master/audit_test.go | 22 ++++--- 7 files changed, 114 insertions(+), 101 deletions(-) diff --git a/test/integration/apiserver/admissionwebhook/broken_webhook_test.go b/test/integration/apiserver/admissionwebhook/broken_webhook_test.go index 3546760e31f..9c9de69420c 100644 --- a/test/integration/apiserver/admissionwebhook/broken_webhook_test.go +++ b/test/integration/apiserver/admissionwebhook/broken_webhook_test.go @@ -22,7 +22,7 @@ import ( "testing" "time" - admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -60,7 +60,7 @@ func TestBrokenWebhook(t *testing.T) { } t.Logf("Creating Broken Webhook that will block all operations on all objects") - _, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{}) + _, err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{}) if err != nil { t.Fatalf("Failed to register broken webhook: %v", err) } @@ -96,7 +96,7 @@ func TestBrokenWebhook(t *testing.T) { } t.Logf("Deleting the broken webhook to fix the cluster") - err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{}) + err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{}) if err != nil { t.Fatalf("Failed to delete broken webhook: %v", err) } @@ -149,19 +149,19 @@ func exampleDeployment(name string) *appsv1.Deployment { } } -func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWebhookConfiguration { +func brokenWebhookConfig(name string) *admissionregistrationv1.ValidatingWebhookConfiguration { var path string - failurePolicy := admissionregistrationv1beta1.Fail - return &admissionregistrationv1beta1.ValidatingWebhookConfiguration{ + failurePolicy := admissionregistrationv1.Fail + return &admissionregistrationv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Name: name, }, - Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{ + Webhooks: []admissionregistrationv1.ValidatingWebhook{ { Name: "broken-webhook.k8s.io", - Rules: []admissionregistrationv1beta1.RuleWithOperations{{ - Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.OperationAll}, - Rule: admissionregistrationv1beta1.Rule{ + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{ APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}, @@ -169,15 +169,17 @@ func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWe }}, // This client config references a non existent service // so it should always fail. - ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{ - Service: &admissionregistrationv1beta1.ServiceReference{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ + Service: &admissionregistrationv1.ServiceReference{ Namespace: "default", Name: "invalid-webhook-service", Path: &path, }, CABundle: nil, }, - FailurePolicy: &failurePolicy, + FailurePolicy: &failurePolicy, + SideEffects: &noSideEffects, + AdmissionReviewVersions: []string{"v1"}, }, }, } diff --git a/test/integration/apiserver/admissionwebhook/client_auth_test.go b/test/integration/apiserver/admissionwebhook/client_auth_test.go index 87534edf14c..6839be9788a 100644 --- a/test/integration/apiserver/admissionwebhook/client_auth_test.go +++ b/test/integration/apiserver/admissionwebhook/client_auth_test.go @@ -32,7 +32,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -165,28 +165,29 @@ plugins: t.Fatal(err) } - fail := admissionv1beta1.Fail - mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + fail := admissionregistrationv1.Fail + mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: "admission.integration.test", - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &webhookServer.URL, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, FailurePolicy: &fail, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }}, }, metav1.CreateOptions{}) if err != nil { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/apiserver/admissionwebhook/load_balance_test.go b/test/integration/apiserver/admissionwebhook/load_balance_test.go index 5e3a775ef25..30ed5cc5f82 100644 --- a/test/integration/apiserver/admissionwebhook/load_balance_test.go +++ b/test/integration/apiserver/admissionwebhook/load_balance_test.go @@ -31,7 +31,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -114,28 +114,29 @@ func TestWebhookLoadBalance(t *testing.T) { t.Fatal(err) } - fail := admissionv1beta1.Fail - mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + fail := admissionregistrationv1.Fail + mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: "admission.integration.test", - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &webhookURL, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, FailurePolicy: &fail, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }}, }, metav1.CreateOptions{}) if err != nil { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/apiserver/admissionwebhook/reinvocation_test.go b/test/integration/apiserver/admissionwebhook/reinvocation_test.go index 40db2ea198c..33c1f445e0c 100644 --- a/test/integration/apiserver/admissionwebhook/reinvocation_test.go +++ b/test/integration/apiserver/admissionwebhook/reinvocation_test.go @@ -34,8 +34,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" - registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" schedulingv1 "k8s.io/api/scheduling/v1" @@ -84,12 +83,12 @@ func patchAnnotationValue(configuration, webhook string, patch string) string { // testWebhookReinvocationPolicy ensures that the admission webhook reinvocation policy is applied correctly. func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { - reinvokeNever := registrationv1beta1.NeverReinvocationPolicy - reinvokeIfNeeded := registrationv1beta1.IfNeededReinvocationPolicy + reinvokeNever := admissionregistrationv1.NeverReinvocationPolicy + reinvokeIfNeeded := admissionregistrationv1.IfNeededReinvocationPolicy type testWebhook struct { path string - policy *registrationv1beta1.ReinvocationPolicyType + policy *admissionregistrationv1.ReinvocationPolicyType objectSelector *metav1.LabelSelector } @@ -339,46 +338,48 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { t.Fatal(err) } - fail := admissionv1beta1.Fail - webhooks := []admissionv1beta1.MutatingWebhook{} + fail := admissionregistrationv1.Fail + webhooks := []admissionregistrationv1.MutatingWebhook{} for j, webhook := range tt.webhooks { endpoint := webhookServer.URL + webhook.path name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.TrimPrefix(webhook.path, "/")) - webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ + webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{ Name: name, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, ObjectSelector: webhook.objectSelector, NamespaceSelector: &metav1.LabelSelector{MatchLabels: nsLabels}, FailurePolicy: &fail, ReinvocationPolicy: webhook.policy, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) } // Register a marker checking webhook with each set of webhook configurations markerEndpoint := webhookServer.URL + "/marker" - webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ + webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{ Name: "admission.integration.test.marker", - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &markerEndpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, NamespaceSelector: &metav1.LabelSelector{MatchLabels: markerNsLabels}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"marker": "true"}}, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) - cfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + cfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, Webhooks: webhooks, }, metav1.CreateOptions{}) @@ -386,7 +387,7 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/apiserver/admissionwebhook/timeout_test.go b/test/integration/apiserver/admissionwebhook/timeout_test.go index 5d01bd6a4bc..0382d16918d 100644 --- a/test/integration/apiserver/admissionwebhook/timeout_test.go +++ b/test/integration/apiserver/admissionwebhook/timeout_test.go @@ -32,7 +32,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -69,7 +69,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { type testWebhook struct { path string timeoutSeconds int32 - policy admissionv1beta1.FailurePolicyType + policy admissionregistrationv1.FailurePolicyType objectSelector *metav1.LabelSelector } @@ -86,12 +86,12 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { name: "minimum of request timeout or webhook timeout propagated", timeoutSeconds: 10, mutatingWebhooks: []testWebhook{ - {path: "/mutating/1/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, - {path: "/mutating/2/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, + {path: "/mutating/1/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, + {path: "/mutating/2/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, }, validatingWebhooks: []testWebhook{ - {path: "/validating/3/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, - {path: "/validating/4/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, + {path: "/validating/3/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, + {path: "/validating/4/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, }, expectInvocations: []invocation{ {path: "/mutating/1/0s", timeoutSeconds: 10}, // from request @@ -104,14 +104,14 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { name: "webhooks consume client timeout available, not webhook timeout", timeoutSeconds: 10, mutatingWebhooks: []testWebhook{ - {path: "/mutating/1/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, - {path: "/mutating/2/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, - {path: "/mutating/3/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, + {path: "/mutating/1/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, + {path: "/mutating/2/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, + {path: "/mutating/3/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, }, validatingWebhooks: []testWebhook{ - {path: "/validating/4/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, - {path: "/validating/5/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 10}, - {path: "/validating/6/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, + {path: "/validating/4/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, + {path: "/validating/5/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 10}, + {path: "/validating/6/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, }, expectInvocations: []invocation{ {path: "/mutating/1/1s", timeoutSeconds: 10}, // from request @@ -126,9 +126,9 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { name: "timed out client requests skip later mutating webhooks (regardless of failure policy) and fail", timeoutSeconds: 3, mutatingWebhooks: []testWebhook{ - {path: "/mutating/1/5s", policy: admissionv1beta1.Ignore, timeoutSeconds: 4}, - {path: "/mutating/2/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, - {path: "/mutating/3/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, + {path: "/mutating/1/5s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 4}, + {path: "/mutating/2/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5}, + {path: "/mutating/3/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5}, }, expectInvocations: []invocation{ {path: "/mutating/1/5s", timeoutSeconds: 3}, // from request @@ -190,27 +190,28 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { t.Fatal(err) } - mutatingWebhooks := []admissionv1beta1.MutatingWebhook{} + mutatingWebhooks := []admissionregistrationv1.MutatingWebhook{} for j, webhook := range tt.mutatingWebhooks { name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) endpoint := webhookServer.URL + webhook.path - mutatingWebhooks = append(mutatingWebhooks, admissionv1beta1.MutatingWebhook{ + mutatingWebhooks = append(mutatingWebhooks, admissionregistrationv1.MutatingWebhook{ Name: name, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, ObjectSelector: webhook.objectSelector, FailurePolicy: &tt.mutatingWebhooks[j].policy, TimeoutSeconds: &tt.mutatingWebhooks[j].timeoutSeconds, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) } - mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, Webhooks: mutatingWebhooks, }, metav1.CreateOptions{}) @@ -218,33 +219,34 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } }() - validatingWebhooks := []admissionv1beta1.ValidatingWebhook{} + validatingWebhooks := []admissionregistrationv1.ValidatingWebhook{} for j, webhook := range tt.validatingWebhooks { name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) endpoint := webhookServer.URL + webhook.path - validatingWebhooks = append(validatingWebhooks, admissionv1beta1.ValidatingWebhook{ + validatingWebhooks = append(validatingWebhooks, admissionregistrationv1.ValidatingWebhook{ Name: name, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, ObjectSelector: webhook.objectSelector, FailurePolicy: &tt.validatingWebhooks[j].policy, TimeoutSeconds: &tt.validatingWebhooks[j].timeoutSeconds, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) } - validatingCfg, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.ValidatingWebhookConfiguration{ + validatingCfg, err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, Webhooks: validatingWebhooks, }, metav1.CreateOptions{}) @@ -252,7 +254,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/examples/webhook_test.go b/test/integration/examples/webhook_test.go index cbf60fc5ac0..b16973e2d25 100644 --- a/test/integration/examples/webhook_test.go +++ b/test/integration/examples/webhook_test.go @@ -22,7 +22,8 @@ import ( "testing" "time" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -63,19 +64,22 @@ func TestWebhookLoopback(t *testing.T) { }, }) - fail := admissionv1beta1.Fail - _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + fail := admissionregistrationv1.Fail + noSideEffects := admissionregistrationv1.SideEffectClassNone + _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "webhooktest.example.com"}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: "webhooktest.example.com", - ClientConfig: admissionv1beta1.WebhookClientConfig{ - Service: &admissionv1beta1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath}, + ClientConfig: admissionregistrationv1.WebhookClientConfig{ + Service: &admissionregistrationv1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath}, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}}, }}, - FailurePolicy: &fail, + FailurePolicy: &fail, + SideEffects: &noSideEffects, + AdmissionReviewVersions: []string{"v1"}, }}, }, metav1.CreateOptions{}) if err != nil { diff --git a/test/integration/master/audit_test.go b/test/integration/master/audit_test.go index e33da73e703..5b984c6b5ac 100644 --- a/test/integration/master/audit_test.go +++ b/test/integration/master/audit_test.go @@ -28,7 +28,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" apiv1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -243,7 +243,7 @@ func runTestWithVersion(t *testing.T, version string) { t.Fatalf("Unexpected error: %v", err) } - if err := createV1beta1MutationWebhook(kubeclient, url+"/mutation"); err != nil { + if err := createMutationWebhook(kubeclient, url+"/mutation"); err != nil { t.Fatal(err) } @@ -452,24 +452,26 @@ func admitFunc(review *v1beta1.AdmissionReview) error { return nil } -func createV1beta1MutationWebhook(client clientset.Interface, endpoint string) error { - fail := admissionv1beta1.Fail +func createMutationWebhook(client clientset.Interface, endpoint string) error { + fail := admissionregistrationv1.Fail + noSideEffects := admissionregistrationv1.SideEffectClassNone // Attaching Mutation webhook to API server - _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: testWebhookConfigurationName}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: testWebhookName, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: utils.LocalhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.Create, admissionv1beta1.Update}, - Rule: admissionv1beta1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}}, }}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"admission": "true"}}, FailurePolicy: &fail, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }}, }, metav1.CreateOptions{}) return err