Go 1.17 introduced a new handy API for setting env vars scoped for
a single test so we can avoid the hard to read set and reset env
loops.
Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
When the admission request is for a resource with an empty string as
group, which happens on core resources, the `creator` or `lastModifier`
annotations are invalid since they become `/creator` or
`/lastModifier`.
This patch removes the `/` when group = `""`.
Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
* Add support for callback defaults
Signed-off-by: Pierangelo Di Pilato <pdipilat@redhat.com>
* Put unstr object in ctx and set user info
Signed-off-by: Pierangelo Di Pilato <pdipilat@redhat.com>
* Move get callback at the top
Signed-off-by: Pierangelo Di Pilato <pdipilat@redhat.com>
* Panic when using delete verb
Signed-off-by: Pierangelo Di Pilato <pdipilat@redhat.com>
* Split tests and add callback ctx tests
Signed-off-by: Pierangelo Di Pilato <pdipilat@redhat.com>
* Set user info annotations
Signed-off-by: Pierangelo Di Pilato <pdipilat@redhat.com>
* Register Webhook Rules from callbacks
Signed-off-by: Pierangelo Di Pilato <pdipilat@redhat.com>
* Adapt unstructured objects to apis.HasSpec
Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
* Change json tag name to match struct field name
Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
Today, we can use `Path()` of `/foo/` (trailing slash) to support prefix-matched webhooks, but unfortunately the request context is lost when `Admit()` or `Convert()` is called.
This ensures that information flows through associated with context for anyone who would like this metadata for additional processing.
* Introduce `NewContext`, deprecate `NewImplFull`.
Our generated `NewImpl` methods have long taken `context.Context`, but despite many iterations the forms we expose from our `controller` package never have. This change contains several elements:
1. Expose a new `NewContext` method that takes `context.Context` in addition to the current `NewImplFull` signature.
2. Call `NewContext` instead of the deprecated `NewImpl` from our generated controller code.
3. Call `NewContext` from all our webhook reconcilers.
* Add a Tracker to controller.Impl to cut down on downstream boilerplate.
* bump k8s deps to v1.20.7
* fix migrator test pkg
* dynamicclient now expects List types to be declare either via a scheme or manually
* fix error message comparison
* drop excess vendor licenses
* Using the injection fake dynamic client will preserve pre-1.20 behaviour
This is accomplished by preprocessing the scheme/fixtures and declaring
a custom scheme were we map our types & lists to unstructured.* types
* revert webhook factory changes
* ensure objects to the dynamic client are unstructured
* seed the default dynamic client with k8s scheme
* include duckv1 types in default fake dynamic client scheme
* use default k8s scheme
looks like eventing adds to this scheme but we should import the correct one vs the one from the fake package
* drop duckv1 from default scheme
* set APIVersion/Kind if empty
* refactor ToUnstructured helper to a new package
* Switch to ed25519 and change the timeout of the certificate to seven days.
* Update comments to reflect the new grace period.
* Use oneWeek constant.
This change introduces a new `controller.NewSkipKey` method to designate certain reconciliations as "skipped".
The primary motivation for this is to squelch useless logging on non-leader replicas, which currently report success with trivial latency.
I have plumbed this through existing reconcilers and the code-gen so most things downstream should get this for free. In places where a key is observed, I do not mark the reconcile as skipped as the reconciler did some processing for which the awareness of side-effects and reported latency may be interesting.
* Add smart handling of selectors in webhooks
This is an alternative fix for #1590. Instead of arbitrarily adding a label from a different project to avoid the reconcilers racing, this adds "smart" handling of the selectors in that labels not inside the knative.dev domain are plainly ignored and our own selectors are added additively.
* Fix formatting
* Fix missing variable usage
* Factor index out of Reconciler
Applying multiple Bindings to the same subject makes the reconciler more
complex, so split out the index handling.
* unexport contents of index.go
* Apply multiple bindings to the same subject
The affected files are actually copyright 2019-2020,
but boilerplate-check fails if this is used. See:
https://github.com/mattmoor/boilerplate-check/issues/22
Fixes https://github.com/knative/pkg/issues/1786
* Enable golint and exclude some other generated or additional dirs
Also remove `test` ignore, since it's covered by path ignore rule.
* meh
* fixes
* more
* progressing
* further
* like a boss
Common use cases for this webhook involve using Kubernetes's
generateName API to randomise resource names (this is a good
idea in Tekton pipelines, for example, where there are uniqueness
constraints. That means that the webhook metrics here end up with
very high cardinality, which makes Prometheus fall over. Even
without generateName, it is possible to shoot oneself in the foot.
This commit just removes the resource_name label altogether.
* Remove patch detail for webhook being logged on info
It might contain the sensitive data so print it to debug log
* Pass admission review info to the fields in structured logging
* Remove knative namespace from admission webhook logkey
* Use loosely-typed key-value pairs for suggered logger in admission wb
* Move admission specific logkey to local package
* Print patch type with patch body on debug log
We still see users frequently struggle with this and the error message seemingly doesn't help them. This gives a more explicit description of what the user can do to fix the situation.
Pierangelo Di Pilato
Todd
Pierangelo Di Pilato
knative-automation
Matt Moore
Dave Protasowski
Markus Thömmes
NovaHe
Evan Anderson
Jason Hall
Adam Harwayne
Matt Moore
Glyn Normington
Arghya Sadhu
Victor Agababov
Lionel Villard
Josh Soref
tianfeiyu
James Turley
Riccardo Piccoli
Tsubasa Nagasawa
Zbynek Roubalik