Commit Graph

53 Commits

Author SHA1 Message Date
Jiahui Feng
54283a1d38 exempt validatingadmissionpolicies/status
because admission control object does not apply to themselves.
2023-03-07 15:48:21 -08:00
Maksim Nabokikh
c1431af4f8
KEP-3325: Promote SelfSubjectReview to Beta (#116274)
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-03-08 15:42:33 -08:00
Cici Huang
e7d83a1fb7 Integrate cel admission with API.
Co-authored-by: Alexander Zielenski <zielenski@google.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
2022-11-07 21:38:55 +00:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-09-14 18:00:26 +02:00
Kubernetes Prow Robot
cf2800b812
Merge pull request #111402 from verb/111030-ec-ga
Promote EphemeralContainers feature to GA
2022-07-29 19:29:20 -07:00
Davanum Srinivas
a9593d634c
Generate and format files
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:05 -04:00
Lee Verberne
d238e67ba6 Remove EphemeralContainers feature-gate checks 2022-07-26 02:55:30 +02:00
Abirdcfly
00b9ead02c cleanup: remove duplicate import
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
2022-07-14 11:25:19 +08:00
ahrtr
fe95aa614c io/ioutil has already been deprecated in golang 1.16, so replace all ioutil with io and os 2022-02-03 05:32:12 +08:00
Jordan Liggitt
2979c3325e Switch to go.etcd.io/etcd/client/v3 2021-06-15 09:53:06 -04:00
Shihang Zhang
925900317e allow multiple of --service-account-issuer 2021-04-19 09:54:11 -07:00
Jordan Liggitt
33ad842480 allow evictions subresource to accept policy/v1 and policy/v1beta1 2021-04-13 21:22:25 -04:00
David Eads
a473ef6c0a use direct etcd creation to verify migrated v1beta1 admissionwebhooks 2021-03-03 17:33:27 -05:00
Kubernetes Prow Robot
5549a0d9bb
Merge pull request #95012 from nodo/add-namespace-to-post-based-namespace-creation
Make the creation of namespace using POST and PATCH consistent
2020-10-01 17:37:20 -07:00
Andrea Nodari
3cb510e33e Make the creation of namespace using POST and PATCH consistent
PATCH verb is used when creating a namespace using server-side apply,
while POST verb is used when creating a namespace using client-side
apply.

The difference in path between the two ways to create a namespace led to
an inconsistency when calling webhooks. When server-side apply is used,
the request sent to webhooks has the field "namespace" populated with
the name of namespace being created. On the other hand, when using
client-side apply the "namespace" field is omitted.

This commit aims to make the behaviour consistent and populates the
"namespace" field when creating a namespace using POST verb (i.e.
client-side apply).
2020-10-01 18:05:49 +02:00
Lee Verberne
bf0a33d1de Use EphemeralContainers for storage validation
When updating ephemeral containers, convert Pod to EphemeralContainers
in storage validation. This resolves a bug where admission webhook
validation fails for ephemeral container updates because the webhook
client cannot perform the conversion.

Also enable the EphemeralContainers feature gate for the admission
control integration test, which would have caught this bug.
2020-09-10 17:24:52 +02:00
Jordan Liggitt
5eef60a00a Add warnings capability for admission webhooks 2020-07-01 12:14:06 -04:00
Jordan Liggitt
b7c2faf26c client-go dynamic client: add context to callers 2020-03-06 10:56:23 -05:00
Jordan Liggitt
b19dc3a474 client-go dynamic client: update DeleteOptions callers 2020-03-06 10:21:23 -05:00
Mike Danese
76f8594378 more artisanal fixes
Most of these could have been refactored automatically but it wouldn't
have been uglier. The unsophisticated tooling left lots of unnecessary
struct -> pointer -> struct transitions.
2020-03-05 14:59:47 -08:00
Mike Danese
25651408ae generated: run refactor 2020-02-08 12:30:21 -05:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Mike Danese
d55d6175f8 refactor 2020-01-29 08:50:45 -08:00
danielqsj
6596a14d39 add missing alias of api errors under test 2019-12-26 17:29:38 +08:00
Jordan Liggitt
18ba6f9482 Remove references to unserved types 2019-12-13 12:21:33 -05:00
tanjunchen
06c5901769 fix staticcheck in test/integration/apiserver 2019-12-06 23:05:20 +08:00
Jordan Liggitt
d620493b74 Ensure webhook backend requests are not artificially rate-limited 2019-12-02 12:01:51 -05:00
Rob Scott
0fa9981e01
Splitting IP address type into IPv4 and IPv6 for EndpointSlices 2019-11-12 09:03:53 -08:00
Rob Scott
f80cee9280
Adding discovery/v1alpha1 API for EndpointSlices 2019-08-26 14:50:00 -07:00
Di Xu
2771503626 drop unused check 2019-08-22 11:46:12 +08:00
Kubernetes Prow Robot
44c0f64411
Merge pull request #80801 from SataQiu/fix-cert-length
Follow up #80734: update RSA keys to 2048 bits
2019-08-14 21:44:44 -07:00
Jordan Liggitt
38ec458703 Test webhooks with and without watch cache enabled 2019-08-07 00:45:25 -04:00
Jordan Liggitt
dda9bcb082 AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 2019-08-01 17:17:42 -04:00
SataQiu
b5d5e7a9b4 update RSA keys to 2048 bits 2019-07-31 17:48:35 +08:00
Jordan Liggitt
e24377f190 Install/register v1 admission registration types 2019-07-08 09:49:29 -04:00
Joe Betz
55ecc45455 split admissionregistration.v1beta1/Webhook into MutatingWebhook and ValidatingWebhook 2019-05-30 14:31:09 -07:00
Jordan Liggitt
8c194ea615 Add webhook admission conversion test 2019-05-28 14:30:20 -04:00
Jordan Liggitt
0b88095a17 Switch admission webhook test to work with shared etcd 2019-05-17 09:54:14 -07:00
Chao Xu
7bb4a3bace Run deleteValidation at the storage layer so that it will be retried on
conflict.

Adding unit test verify that deleteValidation is retried.

adding e2e test verifying the webhook can intercept configmap and custom
resource deletion, and the existing object is sent via the
admissionreview.OldObject.

update the admission integration test to verify that the existing object
is passed to the deletion admission webhook as oldObject, in case of an
immediate deletion and in case of an update-on-delete.
2019-05-17 09:54:11 -07:00
Kubernetes Prow Robot
3193e78a2f
Merge pull request #77333 from sttts/sttts-structural-crd-pruning
apiextensions: implement structural schema CRD pruning
2019-05-17 05:38:05 -07:00
Dr. Stefan Schimanski
c6712455bd apiextensions: add pruning e2e & integration tests for admission webhooks 2019-05-17 09:35:10 +02:00
Jordan Liggitt
fba885a0d2 Handle updates removing remaining finalizers on deleted objects 2019-05-15 17:17:39 -04:00
Kubernetes Prow Robot
0b6ad8bc3f
Merge pull request #77563 from jpbetz/admission-webhook-options
Pass {Operation}Options to Webhooks
2019-05-14 15:34:19 -07:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Dr. Stefan Schimanski
28f88c91ee integration: Start{RealMasterOrDie->TestServer} in admissionwebhook tests 2019-05-14 10:10:55 +02:00
Joe Betz
b0aab03209 Fix admission webhook integration tests to filter out controller requests 2019-05-09 17:34:33 -07:00
Daniel (Shijun) Qian
5268f69405 fix duplicated imports of k8s code (#77484)
* fix duplicated imports of api/core/v1

* fix duplicated imports of client-go/kubernetes

* fix duplicated imports of rest code

* change import name to more reasonable
2019-05-08 10:12:47 -07:00
Serguei Bezverkhi
6fe28ee957 Adding non persistent review test
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-04-23 18:02:40 -04:00
Serguei Bezverkhi
cc7700ae31 no admission logic
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-04-23 16:27:55 -04:00
Jordan Liggitt
a4576ec5a6 Fix binding and eviction admission 2019-04-23 10:31:34 -04:00