kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove reference to v1alpha1 

Kubernetes-commit: 7945ae68d0c7cffb070d60ad4d8bfe6ef585c279
This commit is contained in:
Chao Xu 2017-11-19 13:54:50 -08:00 committed by Kubernetes Publisher
parent 3512a43e44
commit 98e2d6d11f
21 changed files with 460 additions and 400 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

520
Godeps/Godeps.json generated
View File

File diff suppressed because it is too large Load Diff

18
pkg/admission/configuration/mutating_webhook_manager.go
View File

@ -23,14 +23,14 @@ import (
"github.com/golang/glog"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
type MutatingWebhookConfigurationLister interface {
List(opts metav1.ListOptions) (*v1alpha1.MutatingWebhookConfigurationList, error)
List(opts metav1.ListOptions) (*v1beta1.MutatingWebhookConfigurationList, error)
}
// MutatingWebhookConfigurationManager collects the mutating webhook objects so that they can be called.
@ -57,12 +57,12 @@ func NewMutatingWebhookConfigurationManager(c MutatingWebhookConfigurationLister
}
// Webhooks returns the merged MutatingWebhookConfiguration.
func (im *MutatingWebhookConfigurationManager) Webhooks() (*v1alpha1.MutatingWebhookConfiguration, error) {
func (im *MutatingWebhookConfigurationManager) Webhooks() (*v1beta1.MutatingWebhookConfiguration, error) {
configuration, err := im.poller.configuration()
if err != nil {
return nil, err
}
mutatingWebhookConfiguration, ok := configuration.(*v1alpha1.MutatingWebhookConfiguration)
mutatingWebhookConfiguration, ok := configuration.(*v1beta1.MutatingWebhookConfiguration)
if !ok {
return nil, fmt.Errorf("expected type %v, got type %v", reflect.TypeOf(mutatingWebhookConfiguration), reflect.TypeOf(configuration))
}
@ -74,10 +74,10 @@ func (im *MutatingWebhookConfigurationManager) Run(stopCh <-chan struct{}) {
}
func mergeMutatingWebhookConfigurations(
list *v1alpha1.MutatingWebhookConfigurationList,
) *v1alpha1.MutatingWebhookConfiguration {
configurations := append([]v1alpha1.MutatingWebhookConfiguration{}, list.Items...)
var ret v1alpha1.MutatingWebhookConfiguration
list *v1beta1.MutatingWebhookConfigurationList,
) *v1beta1.MutatingWebhookConfiguration {
configurations := append([]v1beta1.MutatingWebhookConfiguration{}, list.Items...)
var ret v1beta1.MutatingWebhookConfiguration
// The internal order of webhooks for each configuration is provided by the user
// but configurations themselves can be in any order. As we are going to run these
// webhooks in serial, they are sorted here to have a deterministic order.
@ -90,7 +90,7 @@ func mergeMutatingWebhookConfigurations(
// byName sorts MutatingWebhookConfiguration by name. These objects are all in
// cluster namespace (aka no namespace) thus they all have unique names.
type byName []v1alpha1.MutatingWebhookConfiguration
type byName []v1beta1.MutatingWebhookConfiguration
func (x byName) Len() int { return len(x) }

4
pkg/admission/configuration/mutating_webhook_manager_test.go
View File

@ -19,7 +19,7 @@ package configuration
import (
"testing"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
@ -27,7 +27,7 @@ import (
type disabledMutatingWebhookConfigLister struct{}
func (l *disabledMutatingWebhookConfigLister) List(options metav1.ListOptions) (*v1alpha1.MutatingWebhookConfigurationList, error) {
func (l *disabledMutatingWebhookConfigLister) List(options metav1.ListOptions) (*v1beta1.MutatingWebhookConfigurationList, error) {
return nil, errors.NewNotFound(schema.GroupResource{Group: "admissionregistration", Resource: "MutatingWebhookConfigurations"}, "")
}
func TestMutatingWebhookConfigDisabled(t *testing.T) {

14
pkg/admission/configuration/validating_webhook_manager.go
View File

@ -22,14 +22,14 @@ import (
"github.com/golang/glog"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
type ValidatingWebhookConfigurationLister interface {
List(opts metav1.ListOptions) (*v1alpha1.ValidatingWebhookConfigurationList, error)
List(opts metav1.ListOptions) (*v1beta1.ValidatingWebhookConfigurationList, error)
}
// ValidatingWebhookConfigurationManager collects the validating webhook objects so that they can be called.
@ -56,12 +56,12 @@ func NewValidatingWebhookConfigurationManager(c ValidatingWebhookConfigurationLi
}
// Webhooks returns the merged ValidatingWebhookConfiguration.
func (im *ValidatingWebhookConfigurationManager) Webhooks() (*v1alpha1.ValidatingWebhookConfiguration, error) {
func (im *ValidatingWebhookConfigurationManager) Webhooks() (*v1beta1.ValidatingWebhookConfiguration, error) {
configuration, err := im.poller.configuration()
if err != nil {
return nil, err
}
validatingWebhookConfiguration, ok := configuration.(*v1alpha1.ValidatingWebhookConfiguration)
validatingWebhookConfiguration, ok := configuration.(*v1beta1.ValidatingWebhookConfiguration)
if !ok {
return nil, fmt.Errorf("expected type %v, got type %v", reflect.TypeOf(validatingWebhookConfiguration), reflect.TypeOf(configuration))
}
@ -73,10 +73,10 @@ func (im *ValidatingWebhookConfigurationManager) Run(stopCh <-chan struct{}) {
}
func mergeValidatingWebhookConfigurations(
list *v1alpha1.ValidatingWebhookConfigurationList,
) *v1alpha1.ValidatingWebhookConfiguration {
list *v1beta1.ValidatingWebhookConfigurationList,
) *v1beta1.ValidatingWebhookConfiguration {
configurations := list.Items
var ret v1alpha1.ValidatingWebhookConfiguration
var ret v1beta1.ValidatingWebhookConfiguration
for _, c := range configurations {
ret.Webhooks = append(ret.Webhooks, c.Webhooks...)
}

4
pkg/admission/configuration/validating_webhook_manager_test.go
View File

@ -19,7 +19,7 @@ package configuration
import (
"testing"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
@ -27,7 +27,7 @@ import (
type disabledValidatingWebhookConfigLister struct{}
func (l *disabledValidatingWebhookConfigLister) List(options metav1.ListOptions) (*v1alpha1.ValidatingWebhookConfigurationList, error) {
func (l *disabledValidatingWebhookConfigLister) List(options metav1.ListOptions) (*v1beta1.ValidatingWebhookConfigurationList, error) {
return nil, errors.NewNotFound(schema.GroupResource{Group: "admissionregistration", Resource: "ValidatingWebhookConfigurations"}, "")
}
func TestWebhookConfigDisabled(t *testing.T) {

2
pkg/admission/plugin/webhook/config/BUILD
View File

@ -12,7 +12,7 @@ go_library(
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/hashicorp/golang-lru:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/yaml:go_default_library",

4
pkg/admission/plugin/webhook/config/client.go
View File

@ -24,7 +24,7 @@ import (
"net/url"
lru "github.com/hashicorp/golang-lru"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/runtime"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors"
@ -101,7 +101,7 @@ func (cm *ClientManager) Validate() error {
// HookClient get a RESTClient from the cache, or constructs one based on the
// webhook configuration.
func (cm *ClientManager) HookClient(h *v1alpha1.Webhook) (*rest.RESTClient, error) {
func (cm *ClientManager) HookClient(h *v1beta1.Webhook) (*rest.RESTClient, error) {
cacheKey, err := json.Marshal(h.ClientConfig)
if err != nil {
return nil, err

8
pkg/admission/plugin/webhook/mutating/BUILD
View File

@ -11,8 +11,8 @@ go_library(
deps = [
"//vendor/github.com/evanphx/json-patch:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
@ -41,8 +41,8 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

24
pkg/admission/plugin/webhook/mutating/admission.go
View File

@ -27,8 +27,8 @@ import (
jsonpatch "github.com/evanphx/json-patch"
"github.com/golang/glog"
admissionv1alpha1 "k8s.io/api/admission/v1alpha1"
"k8s.io/api/admissionregistration/v1alpha1"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -70,7 +70,7 @@ func Register(plugins *admission.Plugins) {
// WebhookSource can list dynamic webhook plugins.
type WebhookSource interface {
Run(stopCh <-chan struct{})
Webhooks() (*v1alpha1.MutatingWebhookConfiguration, error)
Webhooks() (*v1beta1.MutatingWebhookConfiguration, error)
}
// NewMutatingWebhook returns a generic admission webhook plugin.
@ -134,7 +134,7 @@ func (a *MutatingWebhook) SetServiceResolver(sr config.ServiceResolver) {
func (a *MutatingWebhook) SetScheme(scheme *runtime.Scheme) {
if scheme != nil {
a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1alpha1.SchemeGroupVersion),
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
}))
a.convertor.Scheme = scheme
a.jsonSerializer = json.NewSerializer(json.DefaultMetaFactory, scheme, scheme, false)
@ -144,7 +144,7 @@ func (a *MutatingWebhook) SetScheme(scheme *runtime.Scheme) {
// WantsExternalKubeClientSet defines a function which sets external ClientSet for admission plugins that need it
func (a *MutatingWebhook) SetExternalKubeClientSet(client clientset.Interface) {
a.namespaceMatcher.Client = client
a.hookSource = configuration.NewMutatingWebhookConfigurationManager(client.AdmissionregistrationV1alpha1().MutatingWebhookConfigurations())
a.hookSource = configuration.NewMutatingWebhookConfigurationManager(client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations())
}
// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface.
@ -175,11 +175,11 @@ func (a *MutatingWebhook) ValidateInitialization() error {
return nil
}
func (a *MutatingWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.MutatingWebhookConfiguration, error) {
func (a *MutatingWebhook) loadConfiguration(attr admission.Attributes) (*v1beta1.MutatingWebhookConfiguration, error) {
hookConfig, err := a.hookSource.Webhooks()
// if Webhook configuration is disabled, fail open
if err == configuration.ErrDisabled {
return &v1alpha1.MutatingWebhookConfiguration{}, nil
return &v1beta1.MutatingWebhookConfiguration{}, nil
}
if err != nil {
e := apierrors.NewServerTimeout(attr.GetResource().GroupResource(), string(attr.GetOperation()), 1)
@ -203,7 +203,7 @@ func (a *MutatingWebhook) Admit(attr admission.Attributes) error {
hooks := hookConfig.Webhooks
ctx := context.TODO()
var relevantHooks []*v1alpha1.Webhook
var relevantHooks []*v1beta1.Webhook
for i := range hooks {
call, err := a.shouldCallHook(&hooks[i], attr)
if err != nil {
@ -246,7 +246,7 @@ func (a *MutatingWebhook) Admit(attr admission.Attributes) error {
continue
}
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
if callErr, ok := err.(*webhookerrors.ErrCallingWebhook); ok {
if ignoreClientCallFailures {
glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)
@ -263,7 +263,7 @@ func (a *MutatingWebhook) Admit(attr admission.Attributes) error {
}
// TODO: factor into a common place along with the validating webhook version.
func (a *MutatingWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
func (a *MutatingWebhook) shouldCallHook(h *v1beta1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
var matches bool
for _, r := range h.Rules {
m := rules.Matcher{Rule: r, Attr: attr}
@ -280,14 +280,14 @@ func (a *MutatingWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Att
}
// note that callAttrMutatingHook updates attr
func (a *MutatingWebhook) callAttrMutatingHook(ctx context.Context, h *v1alpha1.Webhook, attr versioned.Attributes) error {
func (a *MutatingWebhook) callAttrMutatingHook(ctx context.Context, h *v1beta1.Webhook, attr versioned.Attributes) error {
// Make the webhook request
request := request.CreateAdmissionReview(attr)
client, err := a.clientManager.HookClient(h)
if err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}
response := &admissionv1alpha1.AdmissionReview{}
response := &admissionv1beta1.AdmissionReview{}
if err := client.Post().Context(ctx).Body(&request).Do().Into(response); err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}

92
pkg/admission/plugin/webhook/mutating/admission_test.go
View File

@ -28,8 +28,8 @@ import (
"sync/atomic"
"testing"
"k8s.io/api/admission/v1alpha1"
registrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admission/v1beta1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -44,11 +44,11 @@ import (
)
type fakeHookSource struct {
hooks []registrationv1alpha1.Webhook
hooks []registrationv1beta1.Webhook
err error
}
func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.MutatingWebhookConfiguration, error) {
func (f *fakeHookSource) Webhooks() (*registrationv1beta1.MutatingWebhookConfiguration, error) {
if f.err != nil {
return nil, f.err
}
@ -57,7 +57,7 @@ func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.MutatingWebhookConfig
f.hooks[i].NamespaceSelector = &metav1.LabelSelector{}
}
}
return &registrationv1alpha1.MutatingWebhookConfiguration{Webhooks: f.hooks}, nil
return &registrationv1beta1.MutatingWebhookConfiguration{Webhooks: f.hooks}, nil
}
func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}
@ -90,9 +90,9 @@ func (f fakeNamespaceLister) Get(name string) (*corev1.Namespace, error) {
}
// ccfgSVC returns a client config using the service reference mechanism.
func ccfgSVC(urlPath string) registrationv1alpha1.WebhookClientConfig {
return registrationv1alpha1.WebhookClientConfig{
Service: &registrationv1alpha1.ServiceReference{
func ccfgSVC(urlPath string) registrationv1beta1.WebhookClientConfig {
return registrationv1beta1.WebhookClientConfig{
Service: &registrationv1beta1.ServiceReference{
Name: "webhook-test",
Namespace: "default",
Path: &urlPath,
@ -106,11 +106,11 @@ type urlConfigGenerator struct {
}
// ccfgURL returns a client config using the URL mechanism.
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.WebhookClientConfig {
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1beta1.WebhookClientConfig {
u2 := *c.baseURL
u2.Path = urlPath
urlString := u2.String()
return registrationv1alpha1.WebhookClientConfig{
return registrationv1beta1.WebhookClientConfig{
URL: &urlString,
CABundle: testcerts.CACert,
}
@ -119,7 +119,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook
// TestAdmit tests that MutatingWebhook#Admit works as expected
func TestAdmit(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -192,26 +192,26 @@ func TestAdmit(t *testing.T) {
errorContains string
}
matchEverythingRules := []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
matchEverythingRules := []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},
},
}}
policyFail := registrationv1alpha1.Fail
policyIgnore := registrationv1alpha1.Ignore
policyFail := registrationv1beta1.Fail
policyIgnore := registrationv1beta1.Ignore
table := map[string]test{
"no match": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nomatch",
ClientConfig: ccfgSVC("disallow"),
Rules: []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.Create},
Rules: []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.Create},
}},
}},
},
@ -219,7 +219,7 @@ func TestAdmit(t *testing.T) {
},
"match & allow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgSVC("allow"),
Rules: matchEverythingRules,
@ -229,7 +229,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: matchEverythingRules,
@ -239,7 +239,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallowReason",
ClientConfig: ccfgSVC("disallowReason"),
Rules: matchEverythingRules,
@ -249,7 +249,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -266,7 +266,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -283,7 +283,7 @@ func TestAdmit(t *testing.T) {
},
"match & fail (but allow because fail open)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -304,7 +304,7 @@ func TestAdmit(t *testing.T) {
},
"match & fail (but disallow because fail closed on nil)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -322,7 +322,7 @@ func TestAdmit(t *testing.T) {
},
"match & fail (but fail because fail closed)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -343,7 +343,7 @@ func TestAdmit(t *testing.T) {
},
"match & allow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgURL("allow"),
Rules: matchEverythingRules,
@ -353,7 +353,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgURL("disallow"),
Rules: matchEverythingRules,
@ -391,7 +391,7 @@ func TestAdmit(t *testing.T) {
// TestAdmitCachedClient tests that MutatingWebhook#Admit should cache restClient
func TestAdmitCachedClient(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -459,12 +459,12 @@ func TestAdmitCachedClient(t *testing.T) {
expectCache bool
}
policyIgnore := registrationv1alpha1.Ignore
policyIgnore := registrationv1beta1.Ignore
cases := []test{
{
name: "cache 1",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache1",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -477,7 +477,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 2",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache2",
ClientConfig: ccfgSVC("internalErr"),
Rules: newMatchEverythingRules(),
@ -490,7 +490,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 3",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache3",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -503,7 +503,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 4",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache4",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -516,7 +516,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 5",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache5",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -587,15 +587,15 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("webhook invalid response"))
case "/disallow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
},
})
case "/disallowReason":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
Result: &metav1.Status{
Message: "you shall not pass",
@ -604,8 +604,8 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
})
case "/allow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: true,
},
})
@ -637,10 +637,10 @@ func (c *fakeAuthenticationInfoResolver) ClientConfigFor(server string) (*rest.C
return c.restConfig, nil
}
func newMatchEverythingRules() []registrationv1alpha1.RuleWithOperations {
return []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
func newMatchEverythingRules() []registrationv1beta1.RuleWithOperations {
return []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},

4
pkg/admission/plugin/webhook/namespace/BUILD
View File

@ -9,7 +9,7 @@ go_library(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/namespace",
visibility = ["//visibility:public"],
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/meta:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
@ -27,7 +27,7 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/namespace",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

4
pkg/admission/plugin/webhook/namespace/matcher.go
View File

@ -19,7 +19,7 @@ package namespace
import (
"fmt"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -86,7 +86,7 @@ func (m *Matcher) GetNamespaceLabels(attr admission.Attributes) (map[string]stri
// MatchNamespaceSelector decideds whether the request matches the
// namespaceSelctor of the webhook. Only when they match, the webhook is called.
func (m *Matcher) MatchNamespaceSelector(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
func (m *Matcher) MatchNamespaceSelector(h *v1beta1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
namespaceName := attr.GetNamespace()
if len(namespaceName) == 0 && attr.GetResource().Resource != "namespaces" {
// If the request is about a cluster scoped resource, and it is not a

4
pkg/admission/plugin/webhook/namespace/matcher_test.go
View File

@ -20,7 +20,7 @@ import (
"reflect"
"testing"
registrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -114,7 +114,7 @@ func TestGetNamespaceLabels(t *testing.T) {
}
func TestExemptClusterScopedResource(t *testing.T) {
hook := &registrationv1alpha1.Webhook{
hook := &registrationv1beta1.Webhook{
NamespaceSelector: &metav1.LabelSelector{},
}
attr := admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "mock-name", schema.GroupVersionResource{Version: "v1", Resource: "nodes"}, "", admission.Create, nil)

2
pkg/admission/plugin/webhook/request/BUILD
View File

@ -9,7 +9,7 @@ go_library(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/request",
visibility = ["//visibility:public"],
deps = [
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/authentication/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",

10
pkg/admission/plugin/webhook/request/admissionreview.go
View File

@ -17,7 +17,7 @@ limitations under the License.
package request
import (
admissionv1alpha1 "k8s.io/api/admission/v1alpha1"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
authenticationv1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -26,7 +26,7 @@ import (
)
// CreateAdmissionReview creates an AdmissionReview for the provided admission.Attributes
func CreateAdmissionReview(attr admission.Attributes) admissionv1alpha1.AdmissionReview {
func CreateAdmissionReview(attr admission.Attributes) admissionv1beta1.AdmissionReview {
gvk := attr.GetKind()
gvr := attr.GetResource()
aUserInfo := attr.GetUserInfo()
@ -42,8 +42,8 @@ func CreateAdmissionReview(attr admission.Attributes) admissionv1alpha1.Admissio
userInfo.Extra[key] = authenticationv1.ExtraValue(val)
}
return admissionv1alpha1.AdmissionReview{
Request: &admissionv1alpha1.AdmissionRequest{
return admissionv1beta1.AdmissionReview{
Request: &admissionv1beta1.AdmissionRequest{
UID: uuid.NewUUID(),
Kind: metav1.GroupVersionKind{
Group: gvk.Group,
@ -58,7 +58,7 @@ func CreateAdmissionReview(attr admission.Attributes) admissionv1alpha1.Admissio
SubResource: attr.GetSubresource(),
Name: attr.GetName(),
Namespace: attr.GetNamespace(),
Operation: admissionv1alpha1.Operation(attr.GetOperation()),
Operation: admissionv1beta1.Operation(attr.GetOperation()),
UserInfo: userInfo,
Object: runtime.RawExtension{
Object: attr.GetObject(),

4
pkg/admission/plugin/webhook/rules/BUILD
View File

@ -6,7 +6,7 @@ go_library(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/rules",
visibility = ["//visibility:public"],
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
],
)
@ -17,7 +17,7 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/rules",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
],

8
pkg/admission/plugin/webhook/rules/rules.go
View File

@ -19,13 +19,13 @@ package rules
import (
"strings"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apiserver/pkg/admission"
)
// Matcher determines if the Attr matches the Rule.
type Matcher struct {
Rule v1alpha1.RuleWithOperations
Rule v1beta1.RuleWithOperations
Attr admission.Attributes
}
@ -61,12 +61,12 @@ func (r *Matcher) version() bool {
func (r *Matcher) operation() bool {
attrOp := r.Attr.GetOperation()
for _, op := range r.Rule.Operations {
if op == v1alpha1.OperationAll {
if op == v1beta1.OperationAll {
return true
}
// The constants are the same such that this is a valid cast (and this
// is tested).
if op == v1alpha1.OperationType(attrOp) {
if op == v1beta1.OperationType(attrOp) {
return true
}
}

2
pkg/admission/plugin/webhook/rules/rules_test.go
View File

@ -19,7 +19,7 @@ package rules
import (
"testing"
adreg "k8s.io/api/admissionregistration/v1alpha1"
adreg "k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/admission"
)

8
pkg/admission/plugin/webhook/validating/BUILD
View File

@ -10,8 +10,8 @@ go_library(
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
@ -39,8 +39,8 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/validating",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

26
pkg/admission/plugin/webhook/validating/admission.go
View File

@ -27,8 +27,8 @@ import (
"github.com/golang/glog"
admissionv1alpha1 "k8s.io/api/admission/v1alpha1"
"k8s.io/api/admissionregistration/v1alpha1"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -69,7 +69,7 @@ func Register(plugins *admission.Plugins) {
// WebhookSource can list dynamic webhook plugins.
type WebhookSource interface {
Run(stopCh <-chan struct{})
Webhooks() (*v1alpha1.ValidatingWebhookConfiguration, error)
Webhooks() (*v1beta1.ValidatingWebhookConfiguration, error)
}
// NewValidatingAdmissionWebhook returns a generic admission webhook plugin.
@ -132,7 +132,7 @@ func (a *ValidatingAdmissionWebhook) SetServiceResolver(sr config.ServiceResolve
func (a *ValidatingAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
if scheme != nil {
a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1alpha1.SchemeGroupVersion),
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
}))
a.convertor.Scheme = scheme
}
@ -141,7 +141,7 @@ func (a *ValidatingAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
// WantsExternalKubeClientSet defines a function which sets external ClientSet for admission plugins that need it
func (a *ValidatingAdmissionWebhook) SetExternalKubeClientSet(client clientset.Interface) {
a.namespaceMatcher.Client = client
a.hookSource = configuration.NewValidatingWebhookConfigurationManager(client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations())
a.hookSource = configuration.NewValidatingWebhookConfigurationManager(client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations())
}
// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface.
@ -169,11 +169,11 @@ func (a *ValidatingAdmissionWebhook) ValidateInitialization() error {
return nil
}
func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.ValidatingWebhookConfiguration, error) {
func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1beta1.ValidatingWebhookConfiguration, error) {
hookConfig, err := a.hookSource.Webhooks()
// if Webhook configuration is disabled, fail open
if err == configuration.ErrDisabled {
return &v1alpha1.ValidatingWebhookConfiguration{}, nil
return &v1beta1.ValidatingWebhookConfiguration{}, nil
}
if err != nil {
e := apierrors.NewServerTimeout(attr.GetResource().GroupResource(), string(attr.GetOperation()), 1)
@ -197,7 +197,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
hooks := hookConfig.Webhooks
ctx := context.TODO()
var relevantHooks []*v1alpha1.Webhook
var relevantHooks []*v1beta1.Webhook
for i := range hooks {
call, err := a.shouldCallHook(&hooks[i], attr)
if err != nil {
@ -236,7 +236,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
errCh := make(chan error, len(relevantHooks))
wg.Add(len(relevantHooks))
for i := range relevantHooks {
go func(hook *v1alpha1.Webhook) {
go func(hook *v1beta1.Webhook) {
defer wg.Done()
t := time.Now()
@ -246,7 +246,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
return
}
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
if callErr, ok := err.(*webhookerrors.ErrCallingWebhook); ok {
if ignoreClientCallFailures {
glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)
@ -283,7 +283,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
}
// TODO: factor into a common place along with the validating webhook version.
func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1beta1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
var matches bool
for _, r := range h.Rules {
m := rules.Matcher{Rule: r, Attr: attr}
@ -299,14 +299,14 @@ func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr ad
return a.namespaceMatcher.MatchNamespaceSelector(h, attr)
}
func (a *ValidatingAdmissionWebhook) callHook(ctx context.Context, h *v1alpha1.Webhook, attr admission.Attributes) error {
func (a *ValidatingAdmissionWebhook) callHook(ctx context.Context, h *v1beta1.Webhook, attr admission.Attributes) error {
// Make the webhook request
request := request.CreateAdmissionReview(attr)
client, err := a.clientManager.HookClient(h)
if err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}
response := &admissionv1alpha1.AdmissionReview{}
response := &admissionv1beta1.AdmissionReview{}
if err := client.Post().Context(ctx).Body(&request).Do().Into(response); err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}

98
pkg/admission/plugin/webhook/validating/admission_test.go
View File

@ -28,8 +28,8 @@ import (
"sync/atomic"
"testing"
"k8s.io/api/admission/v1alpha1"
registrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admission/v1beta1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -44,11 +44,11 @@ import (
)
type fakeHookSource struct {
hooks []registrationv1alpha1.Webhook
hooks []registrationv1beta1.Webhook
err error
}
func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.ValidatingWebhookConfiguration, error) {
func (f *fakeHookSource) Webhooks() (*registrationv1beta1.ValidatingWebhookConfiguration, error) {
if f.err != nil {
return nil, f.err
}
@ -57,7 +57,7 @@ func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.ValidatingWebhookConf
f.hooks[i].NamespaceSelector = &metav1.LabelSelector{}
}
}
return &registrationv1alpha1.ValidatingWebhookConfiguration{Webhooks: f.hooks}, nil
return &registrationv1beta1.ValidatingWebhookConfiguration{Webhooks: f.hooks}, nil
}
func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}
@ -90,9 +90,9 @@ func (f fakeNamespaceLister) Get(name string) (*corev1.Namespace, error) {
}
// ccfgSVC returns a client config using the service reference mechanism.
func ccfgSVC(urlPath string) registrationv1alpha1.WebhookClientConfig {
return registrationv1alpha1.WebhookClientConfig{
Service: &registrationv1alpha1.ServiceReference{
func ccfgSVC(urlPath string) registrationv1beta1.WebhookClientConfig {
return registrationv1beta1.WebhookClientConfig{
Service: &registrationv1beta1.ServiceReference{
Name: "webhook-test",
Namespace: "default",
Path: &urlPath,
@ -106,11 +106,11 @@ type urlConfigGenerator struct {
}
// ccfgURL returns a client config using the URL mechanism.
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.WebhookClientConfig {
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1beta1.WebhookClientConfig {
u2 := *c.baseURL
u2.Path = urlPath
urlString := u2.String()
return registrationv1alpha1.WebhookClientConfig{
return registrationv1beta1.WebhookClientConfig{
URL: &urlString,
CABundle: testcerts.CACert,
}
@ -119,7 +119,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook
// TestValidate tests that ValidatingAdmissionWebhook#Validate works as expected
func TestValidate(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -192,26 +192,26 @@ func TestValidate(t *testing.T) {
errorContains string
}
matchEverythingRules := []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
matchEverythingRules := []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},
},
}}
policyFail := registrationv1alpha1.Fail
policyIgnore := registrationv1alpha1.Ignore
policyFail := registrationv1beta1.Fail
policyIgnore := registrationv1beta1.Ignore
table := map[string]test{
"no match": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nomatch",
ClientConfig: ccfgSVC("disallow"),
Rules: []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.Create},
Rules: []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.Create},
}},
}},
},
@ -219,7 +219,7 @@ func TestValidate(t *testing.T) {
},
"match & allow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgSVC("allow"),
Rules: matchEverythingRules,
@ -229,7 +229,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: matchEverythingRules,
@ -239,7 +239,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallowReason",
ClientConfig: ccfgSVC("disallowReason"),
Rules: matchEverythingRules,
@ -249,7 +249,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -266,7 +266,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -283,7 +283,7 @@ func TestValidate(t *testing.T) {
},
"match & fail (but allow because fail open)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -304,7 +304,7 @@ func TestValidate(t *testing.T) {
},
"match & fail (but disallow because fail closed on nil)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -322,7 +322,7 @@ func TestValidate(t *testing.T) {
},
"match & fail (but fail because fail closed)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -343,7 +343,7 @@ func TestValidate(t *testing.T) {
},
"match & allow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgURL("allow"),
Rules: matchEverythingRules,
@ -353,7 +353,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgURL("disallow"),
Rules: matchEverythingRules,
@ -363,7 +363,7 @@ func TestValidate(t *testing.T) {
},
"absent response and fail open": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nilResponse",
ClientConfig: ccfgURL("nilResponse"),
FailurePolicy: &policyIgnore,
@ -374,7 +374,7 @@ func TestValidate(t *testing.T) {
},
"absent response and fail closed": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nilResponse",
ClientConfig: ccfgURL("nilResponse"),
FailurePolicy: &policyFail,
@ -413,7 +413,7 @@ func TestValidate(t *testing.T) {
// TestValidateCachedClient tests that ValidatingAdmissionWebhook#Validate should cache restClient
func TestValidateCachedClient(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -481,12 +481,12 @@ func TestValidateCachedClient(t *testing.T) {
expectCache bool
}
policyIgnore := registrationv1alpha1.Ignore
policyIgnore := registrationv1beta1.Ignore
cases := []test{
{
name: "cache 1",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache1",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -499,7 +499,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 2",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache2",
ClientConfig: ccfgSVC("internalErr"),
Rules: newMatchEverythingRules(),
@ -512,7 +512,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 3",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache3",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -525,7 +525,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 4",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache4",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -538,7 +538,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 5",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache5",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -609,15 +609,15 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("webhook invalid response"))
case "/disallow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
},
})
case "/disallowReason":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
Result: &metav1.Status{
Message: "you shall not pass",
@ -626,14 +626,14 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
})
case "/allow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: true,
},
})
case "/nilResposne":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{})
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{})
default:
http.NotFound(w, r)
}
@ -662,10 +662,10 @@ func (c *fakeAuthenticationInfoResolver) ClientConfigFor(server string) (*rest.C
return c.restConfig, nil
}
func newMatchEverythingRules() []registrationv1alpha1.RuleWithOperations {
return []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
func newMatchEverythingRules() []registrationv1beta1.RuleWithOperations {
return []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},