Adding test case for the webhook behavior change
Authored-by: Jordan Liggitt <liggitt@google.com> Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 3be3051fb77be1a1ad250c04a68efe8c6bf61940
This commit is contained in:
Davanum Srinivas
Kubernetes Publisher
parent
0f91510ab0
commit
71463feb30
|
|
@ -38,6 +38,7 @@ import (
|
||||||
"k8s.io/client-go/informers"
|
"k8s.io/client-go/informers"
|
||||||
"k8s.io/client-go/kubernetes"
|
"k8s.io/client-go/kubernetes"
|
||||||
fakeclientset "k8s.io/client-go/kubernetes/fake"
|
fakeclientset "k8s.io/client-go/kubernetes/fake"
|
||||||
|
"k8s.io/utils/ptr"
|
||||||
)
|
)
|
||||||
|
|
||||||
var matchEverythingRules = []registrationv1.RuleWithOperations{{
|
var matchEverythingRules = []registrationv1.RuleWithOperations{{
|
||||||
|
|
@ -897,6 +898,40 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
|
||||||
"mutation.webhook.admission.k8s.io/round_0_index_0": mutationAnnotationValue(configurationName, "invalidMutation", false),
|
"mutation.webhook.admission.k8s.io/round_0_index_0": mutationAnnotationValue(configurationName, "invalidMutation", false),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "match & invalid patch",
|
||||||
|
Webhooks: []registrationv1.MutatingWebhook{{
|
||||||
|
Name: "invalidPatch",
|
||||||
|
ClientConfig: ccfgSVC("invalidPatch"),
|
||||||
|
Rules: matchEverythingRules,
|
||||||
|
NamespaceSelector: &metav1.LabelSelector{},
|
||||||
|
ObjectSelector: &metav1.LabelSelector{},
|
||||||
|
AdmissionReviewVersions: []string{"v1beta1"},
|
||||||
|
}},
|
||||||
|
ExpectStatusCode: http.StatusInternalServerError,
|
||||||
|
ErrorContains: "unexpected end of JSON input",
|
||||||
|
ExpectAnnotations: map[string]string{
|
||||||
|
"mutation.webhook.admission.k8s.io/round_0_index_0": mutationAnnotationValue(configurationName, "invalidPatch", false),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "match & invalid patch fail open",
|
||||||
|
Webhooks: []registrationv1.MutatingWebhook{{
|
||||||
|
Name: "invalidPatch",
|
||||||
|
ClientConfig: ccfgSVC("invalidPatch"),
|
||||||
|
Rules: matchEverythingRules,
|
||||||
|
NamespaceSelector: &metav1.LabelSelector{},
|
||||||
|
ObjectSelector: &metav1.LabelSelector{},
|
||||||
|
AdmissionReviewVersions: []string{"v1beta1"},
|
||||||
|
FailurePolicy: ptr.To(registrationv1.Ignore),
|
||||||
|
}},
|
||||||
|
ExpectAllow: true,
|
||||||
|
ExpectStatusCode: http.StatusOK,
|
||||||
|
ExpectAnnotations: map[string]string{
|
||||||
|
"failed-open.mutation.webhook.admission.k8s.io/round_0_index_0": "invalidPatch",
|
||||||
|
"mutation.webhook.admission.k8s.io/round_0_index_0": mutationAnnotationValue(configurationName, "invalidPatch", false),
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "match & remove label dry run unsupported",
|
Name: "match & remove label dry run unsupported",
|
||||||
Webhooks: []registrationv1.MutatingWebhook{{
|
Webhooks: []registrationv1.MutatingWebhook{{
|
||||||
|
|
|
||||||
|
|
@ -137,6 +137,16 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
Patch: []byte(`[{"op": "add", "path": "/metadata/labels/added", "value": "test"}]`),
|
Patch: []byte(`[{"op": "add", "path": "/metadata/labels/added", "value": "test"}]`),
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
case "/invalidPatch":
|
||||||
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
pt := v1beta1.PatchTypeJSONPatch
|
||||||
|
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
|
||||||
|
Response: &v1beta1.AdmissionResponse{
|
||||||
|
Allowed: true,
|
||||||
|
PatchType: &pt,
|
||||||
|
Patch: []byte(`[{`),
|
||||||
|
},
|
||||||
|
})
|
||||||
case "/invalidMutation":
|
case "/invalidMutation":
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
pt := v1beta1.PatchTypeJSONPatch
|
pt := v1beta1.PatchTypeJSONPatch
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue