kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Require match condition version only if matchConditions are specified 

Kubernetes-commit: a000af25ff3bcc79fe7d8da299225ad252c9894a
This commit is contained in:
Jordan Liggitt 2023-11-02 13:54:39 -04:00 committed by Kubernetes Publisher
parent 798e645af6
commit 374f72b704
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/apis/apiserver/validation/validation.go
View File

@ -512,7 +512,9 @@ func ValidateWebhookConfiguration(fldPath *field.Path, c *api.WebhookConfigurati
switch c.MatchConditionSubjectAccessReviewVersion {
case "":
allErrs = append(allErrs, field.Required(fldPath.Child("matchConditionSubjectAccessReviewVersion"), ""))
if len(c.MatchConditions) > 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("matchConditionSubjectAccessReviewVersion"), "required if match conditions are specified"))
}
case "v1":
_ = &v1.SubjectAccessReview{}
default:

1
pkg/apis/apiserver/validation/validation_test.go
View File

@ -1438,6 +1438,7 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
ConnectionInfo: api.WebhookConnectionInfo{
Type: "InClusterConfig",
},
MatchConditions: []api.WebhookMatchCondition{{Expression: "true"}},
},
},
},