kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #66391 from jennybuckley/dry-run-admission 

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Support dry run in admission plugins

**What this PR does / why we need it**:
Adds support for dry run to admission controllers as outlined by https://github.com/kubernetes/community/pull/2387

- [x] add IsDryRun() to admission.Attributes interface
- [x] add dry run support to NamespaceAutoProvision
- [x] add dry run support to ResourceQuota
- [x] add dry run support to EventRateLimit

The following is being done in a follow up PR:
- [x] add DryRun to ```admission.k8s.io/v1beta1.AdmissionReview```
- [x] add DryRunnable to ```admissionregistration.k8s.io/v1beta1.(Valid|Mut)atingWebhookConfiguration```
- [x] add dry run support to (Valid|Mut)atingAdmissionWebhook

/sig api-machinery

**Release note**:
```release-note
In clusters where the DryRun feature is enabled, dry-run requests will go through the normal admission chain. Because of this, ImagePolicyWebhook authors should especially make sure that their webhooks do not rely on side effects.
```

Here is a list of the admission controllers that were considered when making this PR:
- AlwaysAdmit: No side effects
- AlwaysPullImages: No side effects
- LimitPodHardAntiAffinityTopology: No side effects
- DefaultTolerationSeconds: No side effects
- AlwaysDeny: No side effects
- EventRateLimit: Has side possible effect of affecting the rate, skipping this entire plugin in dry-run case since it won't correspond to an actual write to etcd anyway
- DenyEscalatingExec: No side effects
- DenyExecOnPrivileged: Deprecated, and has no side effects
- ExtendedResourceToleration: No side effects
- OwnerReferencesPermissionEnforcement: No side effects
- ImagePolicyWebhook: No side effects* (*this uses a webhook but it is very specialized. It only sees pod container images, for the purpose of accepting or rejecting certain image sources, so it is very unlikely that it would rely on side effects.)
- LimitRanger: No side effects
- NamespaceAutoProvision: Has possible side effect of creating a namespace, skipping the create in the dry-run case
- NamespaceExists: No side effects
- NodeRestriction: No side effects
- PodNodeSelector: No side effects
- PodPreset: No side effects
- PodTolerationRestriction: No side effects
- Priority: No side effects
- ResourceQuota: Has side possible effect of taking up quota, will only check quota but skip changing quota in the dry-run case
- PodSecurityPolicy: No side effects
- SecurityContextDeny: No side effects
- ServiceAccount: No side effects
- PersistentVolumeLabel: No side effects
- PersistentVolumeClaimResize: No side effects
- DefaultStorageClass: No side effects
- StorageObjectInUseProtection: No side effects
- Initializers: No side effects
- NamespaceLifecycle: No side effects
- MutatingAdmissionWebhook: Same as below
- ValidatingAdmissionWebhook: Has possible side effects depending on if webhook authors depend on side effects and a reconciliation mechanism. To fix this we will expose whether or not a request is dry-run to webhooks through AdmissionReview, and require that all called webhooks understand the field by checking if DryRunnable true is specified in the webhook config. This will be done in a separate PR because it requires an api-change

Kubernetes-commit: 6fe7f9f4b70fce08050e8211af6dee09517baef7
This commit is contained in:
Kubernetes Publisher 2018-08-06 17:51:21 -07:00
parent 2db6bcbcfe 91278157f6
commit d41fc60dee
20 changed files with 241 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

318
Godeps/Godeps.json generated
View File

@ -1188,639 +1188,639 @@
},
{
"ImportPath": "k8s.io/client-go/discovery",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/discovery/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/admissionregistration",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/admissionregistration/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/admissionregistration/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/apps",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/apps/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/apps/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/apps/v1beta2",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/autoscaling",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/autoscaling/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/autoscaling/v2beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/batch",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/batch/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/batch/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/batch/v2alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/certificates",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/certificates/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/coordination",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/coordination/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/core",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/core/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/events",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/events/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/extensions",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/extensions/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/internalinterfaces",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/networking",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/networking/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/policy",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/policy/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/rbac",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/rbac/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/rbac/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/rbac/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/scheduling",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/scheduling/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/scheduling/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/settings",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/settings/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/storage",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/storage/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/storage/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/informers/storage/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/scheme",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/apps/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/apps/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/apps/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/apps/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/apps/v1beta2",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/apps/v1beta2/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authentication/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authentication/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authentication/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authentication/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authorization/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authorization/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authorization/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/authorization/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/autoscaling/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/autoscaling/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/batch/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/batch/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/batch/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/batch/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/batch/v2alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/batch/v2alpha1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/certificates/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/certificates/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/coordination/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/coordination/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/core/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/core/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/events/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/events/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/extensions/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/extensions/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/networking/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/networking/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/policy/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/policy/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/rbac/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/rbac/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/rbac/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/rbac/v1alpha1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/rbac/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/rbac/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/scheduling/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/scheduling/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/settings/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/settings/v1alpha1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/storage/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/storage/v1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/storage/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/storage/v1alpha1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/storage/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/kubernetes/typed/storage/v1beta1/fake",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/admissionregistration/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/admissionregistration/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/apps/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/apps/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/apps/v1beta2",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/autoscaling/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/autoscaling/v2beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/batch/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/batch/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/batch/v2alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/certificates/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/coordination/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/core/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/events/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/extensions/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/networking/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/policy/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/rbac/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/rbac/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/rbac/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/scheduling/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/scheduling/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/settings/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/storage/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/storage/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/listers/storage/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/pkg/apis/clientauthentication",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/pkg/version",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/plugin/pkg/client/auth/exec",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/rest",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/rest/watch",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/testing",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/auth",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/cache",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/clientcmd",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/clientcmd/api",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/clientcmd/api/latest",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/clientcmd/api/v1",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/metrics",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/pager",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/tools/reference",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/transport",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/util/buffer",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/util/cert",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/util/connrotation",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/util/flowcontrol",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/util/homedir",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/util/integer",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/client-go/util/retry",
"Rev": "02384dbe123ff097a279965297f327a72ebefb72"
"Rev": "bdfc4cfc125f556bfe46fff68207767a605b64ed"
},
{
"ImportPath": "k8s.io/kube-openapi/pkg/builder",

8
pkg/admission/attributes.go
View File

@ -34,6 +34,7 @@ type attributesRecord struct {
resource schema.GroupVersionResource
subresource string
operation Operation
dryRun bool
object runtime.Object
oldObject runtime.Object
userInfo user.Info
@ -44,7 +45,7 @@ type attributesRecord struct {
annotationsLock sync.RWMutex
}
func NewAttributesRecord(object runtime.Object, oldObject runtime.Object, kind schema.GroupVersionKind, namespace, name string, resource schema.GroupVersionResource, subresource string, operation Operation, userInfo user.Info) Attributes {
func NewAttributesRecord(object runtime.Object, oldObject runtime.Object, kind schema.GroupVersionKind, namespace, name string, resource schema.GroupVersionResource, subresource string, operation Operation, dryRun bool, userInfo user.Info) Attributes {
return &attributesRecord{
kind: kind,
namespace: namespace,
@ -52,6 +53,7 @@ func NewAttributesRecord(object runtime.Object, oldObject runtime.Object, kind s
resource: resource,
subresource: subresource,
operation: operation,
dryRun: dryRun,
object: object,
oldObject: oldObject,
userInfo: userInfo,
@ -82,6 +84,10 @@ func (record *attributesRecord) GetOperation() Operation {
return record.operation
}
func (record *attributesRecord) IsDryRun() bool {
return record.dryRun
}
func (record *attributesRecord) GetObject() runtime.Object {
return record.object
}

2
pkg/admission/audit_test.go
View File

@ -64,7 +64,7 @@ func (h fakeHandler) Handles(o Operation) bool {
}
func attributes() Attributes {
return NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", "", nil)
return NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", "", false, nil)
}
func TestWithAudit(t *testing.T) {

4
pkg/admission/chain_test.go
View File

@ -119,7 +119,7 @@ func TestAdmitAndValidate(t *testing.T) {
for _, test := range tests {
t.Logf("testcase = %s", test.name)
// call admit and check that validate was not called at all
err := test.chain.Admit(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, nil))
err := test.chain.Admit(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil))
accepted := (err == nil)
if accepted != test.accept {
t.Errorf("unexpected result of admit call: %v", accepted)
@ -140,7 +140,7 @@ func TestAdmitAndValidate(t *testing.T) {
}
// call validate and check that admit was not called at all
err = test.chain.Validate(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, nil))
err = test.chain.Validate(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil))
accepted = (err == nil)
if accepted != test.accept {
t.Errorf("unexpected result of validate call: %v\n", accepted)

1
pkg/admission/errors_test.go
View File

@ -36,6 +36,7 @@ func TestNewForbidden(t *testing.T) {
schema.GroupVersionResource{Group: "foo", Version: "bar", Resource: "baz"},
"",
Create,
false,
nil)
err := errors.New("some error")
expectedErr := `baz.foo "Unknown/errorGettingName" is forbidden: some error`

5
pkg/admission/interfaces.go
View File

@ -41,6 +41,11 @@ type Attributes interface {
GetSubresource() string
// GetOperation is the operation being performed
GetOperation() Operation
// IsDryRun indicates that modifications will definitely not be persisted for this request. This is to prevent
// admission controllers with side effects and a method of reconciliation from being overwhelmed.
// However, a value of false for this does not mean that the modification will be persisted, because it
// could still be rejected by a subsequent validation step.
IsDryRun() bool
// GetObject is the object from the incoming request prior to default values being applied
GetObject() runtime.Object
// GetOldObject is the existing object. Only populated for UPDATE requests.

6
pkg/admission/metrics/metrics_test.go
View File

@ -28,7 +28,7 @@ import (
var (
kind = schema.GroupVersionKind{Group: "kgroup", Version: "kversion", Kind: "kind"}
resource = schema.GroupVersionResource{Group: "rgroup", Version: "rversion", Resource: "resource"}
attr = admission.NewAttributesRecord(nil, nil, kind, "ns", "name", resource, "subresource", admission.Create, nil)
attr = admission.NewAttributesRecord(nil, nil, kind, "ns", "name", resource, "subresource", admission.Create, false, nil)
)
func TestObserveAdmissionStep(t *testing.T) {
@ -156,7 +156,7 @@ func TestWithMetrics(t *testing.T) {
h := WithMetrics(test.handler, Metrics.ObserveAdmissionController, test.name)
// test mutation
err := h.(admission.MutationInterface).Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, nil))
err := h.(admission.MutationInterface).Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil))
if test.admit && err != nil {
t.Errorf("expected admit to succeed, but failed: %v", err)
continue
@ -181,7 +181,7 @@ func TestWithMetrics(t *testing.T) {
}
// test validation
err = h.(admission.ValidationInterface).Validate(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, nil))
err = h.(admission.ValidationInterface).Validate(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil))
if test.validate && err != nil {
t.Errorf("expected admit to succeed, but failed: %v", err)
continue

2
pkg/admission/plugin/initialization/initialization_test.go
View File

@ -179,7 +179,7 @@ func TestAdmitUpdate(t *testing.T) {
oldObj.Initializers = tc.oldInitializers
newObj := &v1.Pod{}
newObj.Initializers = tc.newInitializers
a := admission.NewAttributesRecord(newObj, oldObj, schema.GroupVersionKind{}, "", "foo", schema.GroupVersionResource{}, "", admission.Update, nil)
a := admission.NewAttributesRecord(newObj, oldObj, schema.GroupVersionKind{}, "", "foo", schema.GroupVersionResource{}, "", admission.Update, false, nil)
err := plugin.Admit(a)
switch {
case tc.err == "" && err != nil:

32
pkg/admission/plugin/namespace/lifecycle/admission_test.go
View File

@ -104,7 +104,7 @@ func TestAccessReviewCheckOnMissingNamespace(t *testing.T) {
}
informerFactory.Start(wait.NeverStop)
err = handler.Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{Group: "authorization.k8s.io", Version: "v1", Kind: "LocalSubjectAccesReview"}, namespace, "", schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1", Resource: "localsubjectaccessreviews"}, "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{Group: "authorization.k8s.io", Version: "v1", Kind: "LocalSubjectAccesReview"}, namespace, "", schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1", Resource: "localsubjectaccessreviews"}, "", admission.Create, false, nil))
if err != nil {
t.Error(err)
}
@ -124,7 +124,7 @@ func TestAdmissionNamespaceDoesNotExist(t *testing.T) {
informerFactory.Start(wait.NeverStop)
pod := newPod(namespace)
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if err == nil {
actions := ""
for _, action := range mockClient.Actions() {
@ -134,19 +134,19 @@ func TestAdmissionNamespaceDoesNotExist(t *testing.T) {
}
// verify create operations in the namespace cause an error
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if err == nil {
t.Errorf("Expected error rejecting creates in a namespace when it is missing")
}
// verify update operations in the namespace cause an error
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, false, nil))
if err == nil {
t.Errorf("Expected error rejecting updates in a namespace when it is missing")
}
// verify delete operations in the namespace can proceed
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, nil))
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, false, nil))
if err != nil {
t.Errorf("Unexpected error returned from admission handler: %v", err)
}
@ -166,7 +166,7 @@ func TestAdmissionNamespaceActive(t *testing.T) {
informerFactory.Start(wait.NeverStop)
pod := newPod(namespace)
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if err != nil {
t.Errorf("unexpected error returned from admission handler")
}
@ -187,31 +187,31 @@ func TestAdmissionNamespaceTerminating(t *testing.T) {
pod := newPod(namespace)
// verify create operations in the namespace cause an error
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if err == nil {
t.Errorf("Expected error rejecting creates in a namespace when it is terminating")
}
// verify update operations in the namespace can proceed
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, false, nil))
if err != nil {
t.Errorf("Unexpected error returned from admission handler: %v", err)
}
// verify delete operations in the namespace can proceed
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, nil))
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, false, nil))
if err != nil {
t.Errorf("Unexpected error returned from admission handler: %v", err)
}
// verify delete of namespace default can never proceed
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", metav1.NamespaceDefault, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, nil))
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", metav1.NamespaceDefault, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, false, nil))
if err == nil {
t.Errorf("Expected an error that this namespace can never be deleted")
}
// verify delete of namespace other than default can proceed
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", "other", v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, nil))
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", "other", v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, false, nil))
if err != nil {
t.Errorf("Did not expect an error %v", err)
}
@ -238,7 +238,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
pod := newPod(namespace)
// verify create operations in the namespace is allowed
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if err != nil {
t.Errorf("Unexpected error rejecting creates in an active namespace")
}
@ -248,7 +248,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
getCalls = 0
// verify delete of namespace can proceed
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), namespace, namespace, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, nil))
err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), namespace, namespace, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, false, nil))
if err != nil {
t.Errorf("Expected namespace deletion to be allowed")
}
@ -261,7 +261,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
phases[namespace] = v1.NamespaceTerminating
// verify create operations in the namespace cause an error
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if err == nil {
t.Errorf("Expected error rejecting creates in a namespace right after deleting it")
}
@ -274,7 +274,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
fakeClock.Step(forceLiveLookupTTL)
// verify create operations in the namespace cause an error
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if err == nil {
t.Errorf("Expected error rejecting creates in a namespace right after deleting it")
}
@ -287,7 +287,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
fakeClock.Step(time.Millisecond)
// verify create operations in the namespace don't force a live lookup after the timeout
handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, nil))
handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil))
if getCalls != 0 {
t.Errorf("Expected no live lookup of the namespace at t=forceLiveLookupTTL+1ms, got %d", getCalls)
}

2
pkg/admission/plugin/webhook/mutating/dispatcher_test.go
View File

@ -123,7 +123,7 @@ func TestDispatch(t *testing.T) {
},
}
attr := generic.VersionedAttributes{
Attributes: admission.NewAttributesRecord(test.out, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", admission.Operation(""), nil),
Attributes: admission.NewAttributesRecord(test.out, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", admission.Operation(""), false, nil),
VersionedOldObject: nil,
VersionedObject: test.in,
}

12
pkg/admission/plugin/webhook/namespace/matcher_test.go
View File

@ -75,27 +75,27 @@ func TestGetNamespaceLabels(t *testing.T) {
}{
{
name: "request is for creating namespace, the labels should be from the object itself",
attr: admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, "", namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Create, nil),
attr: admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, "", namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Create, false, nil),
expectedLabels: namespace2Labels,
},
{
name: "request is for updating namespace, the labels should be from the new object",
attr: admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace2.Name, namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Update, nil),
attr: admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace2.Name, namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Update, false, nil),
expectedLabels: namespace2Labels,
},
{
name: "request is for deleting namespace, the labels should be from the cache",
attr: admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace1.Name, namespace1.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Delete, nil),
attr: admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace1.Name, namespace1.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Delete, false, nil),
expectedLabels: namespace1Labels,
},
{
name: "request is for namespace/finalizer",
attr: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "namespaces"}, "finalizers", admission.Create, nil),
attr: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "namespaces"}, "finalizers", admission.Create, false, nil),
expectedLabels: namespace1Labels,
},
{
name: "request is for pod",
attr: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "pods"}, "", admission.Create, nil),
attr: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "pods"}, "", admission.Create, false, nil),
expectedLabels: namespace1Labels,
},
}
@ -117,7 +117,7 @@ func TestNotExemptClusterScopedResource(t *testing.T) {
hook := &registrationv1beta1.Webhook{
NamespaceSelector: &metav1.LabelSelector{},
}
attr := admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "mock-name", schema.GroupVersionResource{Version: "v1", Resource: "nodes"}, "", admission.Create, nil)
attr := admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "mock-name", schema.GroupVersionResource{Version: "v1", Resource: "nodes"}, "", admission.Create, false, nil)
matcher := Matcher{}
matches, err := matcher.MatchNamespaceSelector(hook, attr)
if err != nil {

1
pkg/admission/plugin/webhook/rules/rules_test.go
View File

@ -38,6 +38,7 @@ func a(group, version, resource, subresource, name string, operation admission.O
"ns", name,
schema.GroupVersionResource{Group: group, Version: version, Resource: resource}, subresource,
operation,
false,
nil,
)
}

2
pkg/admission/plugin/webhook/testing/testcase.go
View File

@ -95,7 +95,7 @@ func newAttributesRecord(object metav1.Object, oldObject metav1.Object, kind sch
UID: "webhook-test",
}
return admission.NewAttributesRecord(object.(runtime.Object), oldObject.(runtime.Object), kind, namespace, name, gvr, subResource, admission.Update, &userInfo)
return admission.NewAttributesRecord(object.(runtime.Object), oldObject.(runtime.Object), kind, namespace, name, gvr, subResource, admission.Update, false, &userInfo)
}
// NewAttribute returns static admission Attributes for testing.

3
pkg/endpoints/handlers/create.go
View File

@ -34,6 +34,7 @@ import (
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/apiserver/pkg/registry/rest"
"k8s.io/apiserver/pkg/util/dryrun"
utiltrace "k8s.io/apiserver/pkg/util/trace"
)
@ -116,7 +117,7 @@ func createHandler(r rest.NamedCreater, scope RequestScope, admit admission.Inte
audit.LogRequestObject(ae, obj, scope.Resource, scope.Subresource, scope.Serializer)
userInfo, _ := request.UserFrom(ctx)
admissionAttributes := admission.NewAttributesRecord(obj, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, userInfo)
admissionAttributes := admission.NewAttributesRecord(obj, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, dryrun.IsDryRun(options.DryRun), userInfo)
if mutatingAdmission, ok := admit.(admission.MutationInterface); ok && mutatingAdmission.Handles(admission.Create) {
err = mutatingAdmission.Admit(admissionAttributes)
if err != nil {

45
pkg/endpoints/handlers/delete.go
View File

@ -32,6 +32,7 @@ import (
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/apiserver/pkg/registry/rest"
"k8s.io/apiserver/pkg/util/dryrun"
utiltrace "k8s.io/apiserver/pkg/util/trace"
)
@ -108,7 +109,7 @@ func DeleteResource(r rest.GracefulDeleter, allowsOptions bool, scope RequestSco
trace.Step("About to check admission control")
if admit != nil && admit.Handles(admission.Delete) {
userInfo, _ := request.UserFrom(ctx)
attrs := admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Delete, userInfo)
attrs := admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Delete, dryrun.IsDryRun(options.DryRun), userInfo)
if mutatingAdmission, ok := admit.(admission.MutationInterface); ok {
if err := mutatingAdmission.Admit(attrs); err != nil {
scope.err(err, w, req)
@ -196,27 +197,6 @@ func DeleteCollection(r rest.CollectionDeleter, checkBody bool, scope RequestSco
ctx := req.Context()
ctx = request.WithNamespace(ctx, namespace)
ae := request.AuditEventFrom(ctx)
admit = admission.WithAudit(admit, ae)
if admit != nil && admit.Handles(admission.Delete) {
userInfo, _ := request.UserFrom(ctx)
attrs := admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, "", scope.Resource, scope.Subresource, admission.Delete, userInfo)
if mutatingAdmission, ok := admit.(admission.MutationInterface); ok {
err = mutatingAdmission.Admit(attrs)
if err != nil {
scope.err(err, w, req)
return
}
}
if validatingAdmission, ok := admit.(admission.ValidationInterface); ok {
err = validatingAdmission.Validate(attrs)
if err != nil {
scope.err(err, w, req)
return
}
}
}
listOptions := metainternalversion.ListOptions{}
if err := metainternalversion.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, &listOptions); err != nil {
@ -279,6 +259,27 @@ func DeleteCollection(r rest.CollectionDeleter, checkBody bool, scope RequestSco
return
}
admit = admission.WithAudit(admit, ae)
if admit != nil && admit.Handles(admission.Delete) {
userInfo, _ := request.UserFrom(ctx)
attrs := admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, "", scope.Resource, scope.Subresource, admission.Delete, dryrun.IsDryRun(options.DryRun), userInfo)
if mutatingAdmission, ok := admit.(admission.MutationInterface); ok {
err = mutatingAdmission.Admit(attrs)
if err != nil {
scope.err(err, w, req)
return
}
}
if validatingAdmission, ok := admit.(admission.ValidationInterface); ok {
err = validatingAdmission.Validate(attrs)
if err != nil {
scope.err(err, w, req)
return
}
}
}
result, err := finishRequest(timeout, func() (runtime.Object, error) {
return r.DeleteCollection(ctx, options, &listOptions)
})

3
pkg/endpoints/handlers/patch.go
View File

@ -41,6 +41,7 @@ import (
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/apiserver/pkg/registry/rest"
"k8s.io/apiserver/pkg/util/dryrun"
utiltrace "k8s.io/apiserver/pkg/util/trace"
)
@ -130,6 +131,7 @@ func PatchResource(r rest.Patcher, scope RequestScope, admit admission.Interface
scope.Resource,
scope.Subresource,
admission.Update,
dryrun.IsDryRun(options.DryRun),
userInfo,
)
admissionCheck := func(updatedObject runtime.Object, currentObject runtime.Object) error {
@ -144,6 +146,7 @@ func PatchResource(r rest.Patcher, scope RequestScope, admit admission.Interface
scope.Resource,
scope.Subresource,
admission.Update,
dryrun.IsDryRun(options.DryRun),
userInfo,
))
}

4
pkg/endpoints/handlers/rest.go
View File

@ -123,14 +123,14 @@ func ConnectResource(connecter rest.Connecter, scope RequestScope, admit admissi
userInfo, _ := request.UserFrom(ctx)
// TODO: remove the mutating admission here as soon as we have ported all plugin that handle CONNECT
if mutatingAdmission, ok := admit.(admission.MutationInterface); ok {
err = mutatingAdmission.Admit(admission.NewAttributesRecord(connectRequest, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Connect, userInfo))
err = mutatingAdmission.Admit(admission.NewAttributesRecord(connectRequest, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Connect, false, userInfo))
if err != nil {
scope.err(err, w, req)
return
}
}
if validatingAdmission, ok := admit.(admission.ValidationInterface); ok {
err = validatingAdmission.Validate(admission.NewAttributesRecord(connectRequest, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Connect, userInfo))
err = validatingAdmission.Validate(admission.NewAttributesRecord(connectRequest, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Connect, false, userInfo))
if err != nil {
scope.err(err, w, req)
return

9
pkg/endpoints/handlers/update.go
View File

@ -35,6 +35,7 @@ import (
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/apiserver/pkg/registry/rest"
"k8s.io/apiserver/pkg/util/dryrun"
utiltrace "k8s.io/apiserver/pkg/util/trace"
)
@ -119,11 +120,11 @@ func UpdateResource(r rest.Updater, scope RequestScope, admit admission.Interfac
return nil, fmt.Errorf("unexpected error when extracting UID from oldObj: %v", err.Error())
} else if !isNotZeroObject {
if mutatingAdmission.Handles(admission.Create) {
return newObj, mutatingAdmission.Admit(admission.NewAttributesRecord(newObj, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, userInfo))
return newObj, mutatingAdmission.Admit(admission.NewAttributesRecord(newObj, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, dryrun.IsDryRun(options.DryRun), userInfo))
}
} else {
if mutatingAdmission.Handles(admission.Update) {
return newObj, mutatingAdmission.Admit(admission.NewAttributesRecord(newObj, oldObj, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, userInfo))
return newObj, mutatingAdmission.Admit(admission.NewAttributesRecord(newObj, oldObj, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, dryrun.IsDryRun(options.DryRun), userInfo))
}
}
return newObj, nil
@ -153,11 +154,11 @@ func UpdateResource(r rest.Updater, scope RequestScope, admit admission.Interfac
rest.DefaultUpdatedObjectInfo(obj, transformers...),
withAuthorization(rest.AdmissionToValidateObjectFunc(
admit,
admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, userInfo)),
admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, dryrun.IsDryRun(options.DryRun), userInfo)),
scope.Authorizer, createAuthorizerAttributes),
rest.AdmissionToValidateObjectUpdateFunc(
admit,
admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, userInfo)),
admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, dryrun.IsDryRun(options.DryRun), userInfo)),
false,
options,
)

1
pkg/registry/rest/create.go
View File

@ -170,6 +170,7 @@ func AdmissionToValidateObjectFunc(admit admission.Interface, staticAttributes a
staticAttributes.GetResource(),
staticAttributes.GetSubresource(),
staticAttributes.GetOperation(),
staticAttributes.IsDryRun(),
staticAttributes.GetUserInfo(),
)
if !validatingAdmission.Handles(finalAttributes.GetOperation()) {

1
pkg/registry/rest/update.go
View File

@ -263,6 +263,7 @@ func AdmissionToValidateObjectUpdateFunc(admit admission.Interface, staticAttrib
staticAttributes.GetResource(),
staticAttributes.GetSubresource(),
staticAttributes.GetOperation(),
staticAttributes.IsDryRun(),
staticAttributes.GetUserInfo(),
)
if !validatingAdmission.Handles(finalAttributes.GetOperation()) {