github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 10:51:29 +00:00
Code Issues Projects Releases Wiki Activity

clean usage of admissionregistration/v1beta1 from tests

Browse Source
This commit is contained in:
David Eads 2021-03-03 16:38:21 -05:00
parent a473ef6c0a
commit f3597cbf2a
7 changed files with 114 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
test/integration/apiserver/admissionwebhook/broken_webhook_test.go
View File

@ -22,7 +22,7 @@ import (
"testing" "testing"
"time" "time"
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -60,7 +60,7 @@ func TestBrokenWebhook(t *testing.T) {
} }
t.Logf("Creating Broken Webhook that will block all operations on all objects") t.Logf("Creating Broken Webhook that will block all operations on all objects")
_, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{}) _, err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{})
if err != nil { if err != nil {
t.Fatalf("Failed to register broken webhook: %v", err) t.Fatalf("Failed to register broken webhook: %v", err)
} }
@ -96,7 +96,7 @@ func TestBrokenWebhook(t *testing.T) {
} }
t.Logf("Deleting the broken webhook to fix the cluster") t.Logf("Deleting the broken webhook to fix the cluster")
err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{}) err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatalf("Failed to delete broken webhook: %v", err) t.Fatalf("Failed to delete broken webhook: %v", err)
} }
@ -149,19 +149,19 @@ func exampleDeployment(name string) *appsv1.Deployment {
} }
} }
func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWebhookConfiguration { func brokenWebhookConfig(name string) *admissionregistrationv1.ValidatingWebhookConfiguration {
var path string var path string
failurePolicy := admissionregistrationv1beta1.Fail failurePolicy := admissionregistrationv1.Fail
return &admissionregistrationv1beta1.ValidatingWebhookConfiguration{ return &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: name, Name: name,
}, },
Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
{ {
Name: "broken-webhook.k8s.io", Name: "broken-webhook.k8s.io",
Rules: []admissionregistrationv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionregistrationv1beta1.Rule{ Rule: admissionregistrationv1.Rule{
APIGroups: []string{"*"}, APIGroups: []string{"*"},
APIVersions: []string{"*"}, APIVersions: []string{"*"},
Resources: []string{"*/*"}, Resources: []string{"*/*"},
@ -169,8 +169,8 @@ func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWe
}}, }},
// This client config references a non existent service // This client config references a non existent service
// so it should always fail. // so it should always fail.
ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
Service: &admissionregistrationv1beta1.ServiceReference{ Service: &admissionregistrationv1.ServiceReference{
Namespace: "default", Namespace: "default",
Name: "invalid-webhook-service", Name: "invalid-webhook-service",
Path: &path, Path: &path,
@ -178,6 +178,8 @@ func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWe
CABundle: nil, CABundle: nil,
}, },
FailurePolicy: &failurePolicy, FailurePolicy: &failurePolicy,
SideEffects: &noSideEffects,
AdmissionReviewVersions: []string{"v1"},
}, },
}, },
} }

19
test/integration/apiserver/admissionwebhook/client_auth_test.go
View File

@ -32,7 +32,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -165,28 +165,29 @@ plugins:
t.Fatal(err) t.Fatal(err)
} }
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: "admission.integration.test", Name: "admission.integration.test",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &webhookServer.URL, URL: &webhookServer.URL,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
FailurePolicy: &fail, FailurePolicy: &fail,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

19
test/integration/apiserver/admissionwebhook/load_balance_test.go
View File

@ -31,7 +31,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -114,28 +114,29 @@ func TestWebhookLoadBalance(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: "admission.integration.test", Name: "admission.integration.test",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &webhookURL, URL: &webhookURL,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
FailurePolicy: &fail, FailurePolicy: &fail,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

39
test/integration/apiserver/admissionwebhook/reinvocation_test.go
View File

@ -34,8 +34,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
schedulingv1 "k8s.io/api/scheduling/v1" schedulingv1 "k8s.io/api/scheduling/v1"
@ -84,12 +83,12 @@ func patchAnnotationValue(configuration, webhook string, patch string) string {
// testWebhookReinvocationPolicy ensures that the admission webhook reinvocation policy is applied correctly. // testWebhookReinvocationPolicy ensures that the admission webhook reinvocation policy is applied correctly.
func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) {
reinvokeNever := registrationv1beta1.NeverReinvocationPolicy reinvokeNever := admissionregistrationv1.NeverReinvocationPolicy
reinvokeIfNeeded := registrationv1beta1.IfNeededReinvocationPolicy reinvokeIfNeeded := admissionregistrationv1.IfNeededReinvocationPolicy
type testWebhook struct { type testWebhook struct {
path string path string
policy *registrationv1beta1.ReinvocationPolicyType policy *admissionregistrationv1.ReinvocationPolicyType
objectSelector *metav1.LabelSelector objectSelector *metav1.LabelSelector
} }
@ -339,46 +338,48 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
webhooks := []admissionv1beta1.MutatingWebhook{} webhooks := []admissionregistrationv1.MutatingWebhook{}
for j, webhook := range tt.webhooks { for j, webhook := range tt.webhooks {
endpoint := webhookServer.URL + webhook.path endpoint := webhookServer.URL + webhook.path
name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.TrimPrefix(webhook.path, "/")) name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.TrimPrefix(webhook.path, "/"))
webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{
Name: name, Name: name,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
ObjectSelector: webhook.objectSelector, ObjectSelector: webhook.objectSelector,
NamespaceSelector: &metav1.LabelSelector{MatchLabels: nsLabels}, NamespaceSelector: &metav1.LabelSelector{MatchLabels: nsLabels},
FailurePolicy: &fail, FailurePolicy: &fail,
ReinvocationPolicy: webhook.policy, ReinvocationPolicy: webhook.policy,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
} }
// Register a marker checking webhook with each set of webhook configurations // Register a marker checking webhook with each set of webhook configurations
markerEndpoint := webhookServer.URL + "/marker" markerEndpoint := webhookServer.URL + "/marker"
webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{
Name: "admission.integration.test.marker", Name: "admission.integration.test.marker",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &markerEndpoint, URL: &markerEndpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
NamespaceSelector: &metav1.LabelSelector{MatchLabels: markerNsLabels}, NamespaceSelector: &metav1.LabelSelector{MatchLabels: markerNsLabels},
ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"marker": "true"}}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"marker": "true"}},
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
cfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ cfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)},
Webhooks: webhooks, Webhooks: webhooks,
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
@ -386,7 +387,7 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

64
test/integration/apiserver/admissionwebhook/timeout_test.go
View File

@ -32,7 +32,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -69,7 +69,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
type testWebhook struct { type testWebhook struct {
path string path string
timeoutSeconds int32 timeoutSeconds int32
policy admissionv1beta1.FailurePolicyType policy admissionregistrationv1.FailurePolicyType
objectSelector *metav1.LabelSelector objectSelector *metav1.LabelSelector
} }
@ -86,12 +86,12 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
name: "minimum of request timeout or webhook timeout propagated", name: "minimum of request timeout or webhook timeout propagated",
timeoutSeconds: 10, timeoutSeconds: 10,
mutatingWebhooks: []testWebhook{ mutatingWebhooks: []testWebhook{
{path: "/mutating/1/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/mutating/1/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
{path: "/mutating/2/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/mutating/2/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
}, },
validatingWebhooks: []testWebhook{ validatingWebhooks: []testWebhook{
{path: "/validating/3/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/validating/3/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
{path: "/validating/4/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/validating/4/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
}, },
expectInvocations: []invocation{ expectInvocations: []invocation{
{path: "/mutating/1/0s", timeoutSeconds: 10}, // from request {path: "/mutating/1/0s", timeoutSeconds: 10}, // from request
@ -104,14 +104,14 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
name: "webhooks consume client timeout available, not webhook timeout", name: "webhooks consume client timeout available, not webhook timeout",
timeoutSeconds: 10, timeoutSeconds: 10,
mutatingWebhooks: []testWebhook{ mutatingWebhooks: []testWebhook{
{path: "/mutating/1/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/mutating/1/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
{path: "/mutating/2/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/mutating/2/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
{path: "/mutating/3/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/mutating/3/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
}, },
validatingWebhooks: []testWebhook{ validatingWebhooks: []testWebhook{
{path: "/validating/4/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/validating/4/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
{path: "/validating/5/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 10}, {path: "/validating/5/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 10},
{path: "/validating/6/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/validating/6/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
}, },
expectInvocations: []invocation{ expectInvocations: []invocation{
{path: "/mutating/1/1s", timeoutSeconds: 10}, // from request {path: "/mutating/1/1s", timeoutSeconds: 10}, // from request
@ -126,9 +126,9 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
name: "timed out client requests skip later mutating webhooks (regardless of failure policy) and fail", name: "timed out client requests skip later mutating webhooks (regardless of failure policy) and fail",
timeoutSeconds: 3, timeoutSeconds: 3,
mutatingWebhooks: []testWebhook{ mutatingWebhooks: []testWebhook{
{path: "/mutating/1/5s", policy: admissionv1beta1.Ignore, timeoutSeconds: 4}, {path: "/mutating/1/5s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 4},
{path: "/mutating/2/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, {path: "/mutating/2/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5},
{path: "/mutating/3/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, {path: "/mutating/3/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5},
}, },
expectInvocations: []invocation{ expectInvocations: []invocation{
{path: "/mutating/1/5s", timeoutSeconds: 3}, // from request {path: "/mutating/1/5s", timeoutSeconds: 3}, // from request
@ -190,27 +190,28 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
mutatingWebhooks := []admissionv1beta1.MutatingWebhook{} mutatingWebhooks := []admissionregistrationv1.MutatingWebhook{}
for j, webhook := range tt.mutatingWebhooks { for j, webhook := range tt.mutatingWebhooks {
name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1))
endpoint := webhookServer.URL + webhook.path endpoint := webhookServer.URL + webhook.path
mutatingWebhooks = append(mutatingWebhooks, admissionv1beta1.MutatingWebhook{ mutatingWebhooks = append(mutatingWebhooks, admissionregistrationv1.MutatingWebhook{
Name: name, Name: name,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
ObjectSelector: webhook.objectSelector, ObjectSelector: webhook.objectSelector,
FailurePolicy: &tt.mutatingWebhooks[j].policy, FailurePolicy: &tt.mutatingWebhooks[j].policy,
TimeoutSeconds: &tt.mutatingWebhooks[j].timeoutSeconds, TimeoutSeconds: &tt.mutatingWebhooks[j].timeoutSeconds,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
} }
mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)},
Webhooks: mutatingWebhooks, Webhooks: mutatingWebhooks,
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
@ -218,33 +219,34 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
}() }()
validatingWebhooks := []admissionv1beta1.ValidatingWebhook{} validatingWebhooks := []admissionregistrationv1.ValidatingWebhook{}
for j, webhook := range tt.validatingWebhooks { for j, webhook := range tt.validatingWebhooks {
name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1))
endpoint := webhookServer.URL + webhook.path endpoint := webhookServer.URL + webhook.path
validatingWebhooks = append(validatingWebhooks, admissionv1beta1.ValidatingWebhook{ validatingWebhooks = append(validatingWebhooks, admissionregistrationv1.ValidatingWebhook{
Name: name, Name: name,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
ObjectSelector: webhook.objectSelector, ObjectSelector: webhook.objectSelector,
FailurePolicy: &tt.validatingWebhooks[j].policy, FailurePolicy: &tt.validatingWebhooks[j].policy,
TimeoutSeconds: &tt.validatingWebhooks[j].timeoutSeconds, TimeoutSeconds: &tt.validatingWebhooks[j].timeoutSeconds,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
} }
validatingCfg, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.ValidatingWebhookConfiguration{ validatingCfg, err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)},
Webhooks: validatingWebhooks, Webhooks: validatingWebhooks,
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
@ -252,7 +254,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

22
test/integration/examples/webhook_test.go
View File

@ -22,7 +22,8 @@ import (
"testing" "testing"
"time" "time"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
@ -63,19 +64,22 @@ func TestWebhookLoopback(t *testing.T) {
}, },
}) })
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ noSideEffects := admissionregistrationv1.SideEffectClassNone
_, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "webhooktest.example.com"}, ObjectMeta: metav1.ObjectMeta{Name: "webhooktest.example.com"},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: "webhooktest.example.com", Name: "webhooktest.example.com",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
Service: &admissionv1beta1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath}, Service: &admissionregistrationv1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath},
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}},
}}, }},
FailurePolicy: &fail, FailurePolicy: &fail,
SideEffects: &noSideEffects,
AdmissionReviewVersions: []string{"v1"},
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
if err != nil { if err != nil {

22
test/integration/master/audit_test.go
View File

@ -28,7 +28,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
apiv1 "k8s.io/api/core/v1" apiv1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -243,7 +243,7 @@ func runTestWithVersion(t *testing.T, version string) {
t.Fatalf("Unexpected error: %v", err) t.Fatalf("Unexpected error: %v", err)
} }
if err := createV1beta1MutationWebhook(kubeclient, url+"/mutation"); err != nil { if err := createMutationWebhook(kubeclient, url+"/mutation"); err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -452,24 +452,26 @@ func admitFunc(review *v1beta1.AdmissionReview) error {
return nil return nil
} }
func createV1beta1MutationWebhook(client clientset.Interface, endpoint string) error { func createMutationWebhook(client clientset.Interface, endpoint string) error {
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
noSideEffects := admissionregistrationv1.SideEffectClassNone
// Attaching Mutation webhook to API server // Attaching Mutation webhook to API server
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: testWebhookConfigurationName}, ObjectMeta: metav1.ObjectMeta{Name: testWebhookConfigurationName},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: testWebhookName, Name: testWebhookName,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: utils.LocalhostCert, CABundle: utils.LocalhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.Create, admissionv1beta1.Update}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update},
Rule: admissionv1beta1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}},
}}, }},
ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"admission": "true"}}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"admission": "true"}},
FailurePolicy: &fail, FailurePolicy: &fail,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
return err return err