Remove temporary logic to allow shared paths in webhook. (#943)

* Remove temporary logic to allow shared paths in webhook.

* Update webhook/webhook.go

Co-Authored-By: Victor Agababov <vagababov@gmail.com>

webhook/resourcesemantics/validation/validation.go

@@ -223,8 +223,6 @@ func (ac *reconciler) validate(ctx context.Context, req *admissionv1beta1.Admiss
 
 	// Set up the context for defaulting and validation
 	if oldObj != nil {
-		// TODO(mattmoor): Remove this after 0.11 cuts.
-		oldObj.SetDefaults(ctx)
 		if req.SubResource == "" {
 			ctx = apis.WithinUpdate(ctx, oldObj)
 		} else {
@@ -240,9 +238,6 @@ func (ac *reconciler) validate(ctx context.Context, req *admissionv1beta1.Admiss
 		return errMissingNewObject
 	}
 
-	// TODO(mattmoor): Remove this after 0.11 cuts.
-	newObj.SetDefaults(ctx)
-
 	if err := validate(ctx, newObj); err != nil {
 		logger.Errorw("Failed the resource specific validation", zap.Error(err))
 		// Return the error message as-is to give the validation callback

webhook/webhook.go

@@ -69,8 +69,6 @@ type AdmissionController interface {
 	Path() string
 
 	// Admit is the callback which is invoked when an HTTPS request comes in on Path().
-	// TODO(mattmoor): This will need to be different for Conversion webhooks, which is something
-	// to start thinking about.
 	Admit(context.Context, *admissionv1beta1.AdmissionRequest) *admissionv1beta1.AdmissionResponse
 }
 
@@ -80,7 +78,7 @@ type Webhook struct {
 	Client               kubernetes.Interface
 	Options              Options
 	Logger               *zap.SugaredLogger
-	admissionControllers map[string][]AdmissionController
+	admissionControllers map[string]AdmissionController
 	secretlister         corelisters.SecretLister
 }
 
@@ -114,9 +112,12 @@ func New(
 	}
 
 	// Build up a map of paths to admission controllers for routing handlers.
-	acs := map[string][]AdmissionController{}
+	acs := make(map[string]AdmissionController, len(admissionControllers))
 	for _, ac := range admissionControllers {
-		acs[ac.Path()] = append(acs[ac.Path()], ac)
+		if _, ok := acs[ac.Path()]; ok {
+			return nil, fmt.Errorf("duplicate webhook for path: %v", ac.Path())
+		}
+		acs[ac.Path()] = ac
 	}
 
 	return &Webhook{
@@ -209,31 +210,21 @@ func (ac *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		zap.String(logkey.UserInfo, fmt.Sprint(review.Request.UserInfo)))
 	ctx := logging.WithLogger(r.Context(), logger)
 
-	cs, ok := ac.admissionControllers[r.URL.Path]
+	c, ok := ac.admissionControllers[r.URL.Path]
 	if !ok {
 		http.Error(w, fmt.Sprintf("no admission controller registered for: %s", r.URL.Path), http.StatusBadRequest)
 		return
 	}
 
-	// TODO(mattmoor): Remove support for multiple AdmissionControllers at
-	// the same path after 0.11 cuts.
-	// We only TEMPORARILY support multiple AdmissionControllers at the same path because of
-	// the issue described here: https://github.com/knative/serving/pull/5947
-	// So we only support a single AdmissionController per path returning Patches.
 	var response admissionv1beta1.AdmissionReview
-	for _, c := range cs {
-		reviewResponse := c.Admit(ctx, review.Request)
-		logger.Infof("AdmissionReview for %#v: %s/%s response=%#v",
-			review.Request.Kind, review.Request.Namespace, review.Request.Name, reviewResponse)
+	reviewResponse := c.Admit(ctx, review.Request)
+	logger.Infof("AdmissionReview for %#v: %s/%s response=%#v",
+		review.Request.Kind, review.Request.Namespace, review.Request.Name, reviewResponse)
 
-		if !reviewResponse.Allowed {
-			response.Response = reviewResponse
-			break
-		}
-
-		if reviewResponse.PatchType != nil || response.Response == nil {
-			response.Response = reviewResponse
-		}
+	if !reviewResponse.Allowed {
+		response.Response = reviewResponse
+	} else if reviewResponse.PatchType != nil || response.Response == nil {
+		response.Response = reviewResponse
 	}
 	response.Response.UID = review.Request.UID