github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-15 14:26:57 +00:00
Code Issues Projects Releases Wiki Activity

allow fail close webhook admission

Browse Source
This commit is contained in:
David Eads
2017-10-12 15:59:17 -04:00
parent 5adfb24f8f
commit f81b6004de
4 changed files with 91 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/apis/admissionregistration/validation/validation.go
View File

@@ -179,13 +179,17 @@ func validateExternalAdmissionHook(hook *admissionregistration.ExternalAdmission
for i, rule := range hook.Rules {
allErrors = append(allErrors, validateRuleWithOperations(&rule, fldPath.Child("rules").Index(i))...)
}
// TODO: relax the validation rule when admissionregistration is beta.
if hook.FailurePolicy != nil && *hook.FailurePolicy != admissionregistration.Ignore {
allErrors = append(allErrors, field.NotSupported(fldPath.Child("failurePolicy"), *hook.FailurePolicy, []string{string(admissionregistration.Ignore)}))
if hook.FailurePolicy != nil && !supportedFailurePolicies.Has(string(*hook.FailurePolicy)) {
allErrors = append(allErrors, field.NotSupported(fldPath.Child("failurePolicy"), *hook.FailurePolicy, supportedFailurePolicies.List()))
}
return allErrors
}
var supportedFailurePolicies = sets.NewString(
string(admissionregistration.Ignore),
string(admissionregistration.Fail),
)
var supportedOperations = sets.NewString(
string(admissionregistration.OperationAll),
string(admissionregistration.Create),

6
pkg/apis/admissionregistration/validation/validation_test.go
View File

@@ -469,18 +469,18 @@ func TestValidateExternalAdmissionHookConfiguration(t *testing.T) {
expectedError: `externalAdmissionHooks[0].rules[0].resources: Invalid value: []string{"*/*", "a"}: if '*/*' is present, must not specify other resources`,
},
{
name: "FailurePolicy can only be \"Ignore\"",
name: "FailurePolicy can only be \"Ignore\" or \"Fail\"",
config: getExternalAdmissionHookConfiguration(
[]admissionregistration.ExternalAdmissionHook{
{
Name: "webhook.k8s.io",
FailurePolicy: func() *admissionregistration.FailurePolicyType {
r := admissionregistration.Fail
r := admissionregistration.FailurePolicyType("other")
return &r
}(),
},
}),
expectedError: `failurePolicy: Unsupported value: "Fail": supported values: "Ignore"`,
expectedError: `externalAdmissionHooks[0].failurePolicy: Unsupported value: "other": supported values: "Fail", "Ignore"`,
},
}
for _, test := range tests {