Merge pull request #49656 from deads2k/server-36-admit-error

Automatic merge from submit-queue (batch tested with PRs 49237, 49656, 49980, 49841, 49899) make admission tolerate object without objectmeta for errors Not all object have ObjectMeta (see SARs for instance). Admission should tolerate this condition without giving meaningless errors. @derekwaynecarr ptal @php-coder fyi Kubernetes-commit: 093883433bb2199654b6341f47e10e7166d22214
2017-08-02 19:11:11 -07:00 · 2017-08-02 19:11:11 -07:00 · e057ae1d55
parent 719e9e372f f3aa141adb
commit e057ae1d55
3 changed files with 72 additions and 2 deletions
--- a/pkg/admission/BUILD
+++ b/pkg/admission/BUILD
@ -13,10 +13,12 @@ go_test(
    srcs = [
        "chain_test.go",
        "config_test.go",
+        "errors_test.go",
    ],
    library = ":go_default_library",
    tags = ["automanaged"],
    deps = [
+        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/apis/apiserver:go_default_library",
    ],
--- a/pkg/admission/errors.go
+++ b/pkg/admission/errors.go
@ -24,13 +24,19 @@ import (
 )

 func extractResourceName(a Attributes) (name string, resource schema.GroupResource, err error) {
-	name = "Unknown"
 	resource = a.GetResource().GroupResource()
+
+	if len(a.GetName()) > 0 {
+		return a.GetName(), resource, nil
+	}
+
+	name = "Unknown"
 	obj := a.GetObject()
 	if obj != nil {
 		accessor, err := meta.Accessor(obj)
 		if err != nil {
-			return "", schema.GroupResource{}, err
+			// not all object have ObjectMeta.  If we don't, return a name with a slash (always illegal)
+			return "Unknown/errorGettingName", resource, nil
 		}

 		// this is necessary because name object name generation has not occurred yet
--- a/pkg/admission/errors_test.go
+++ b/pkg/admission/errors_test.go
@ -0,0 +1,62 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package admission
+
+import (
+	"errors"
+	"testing"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// makes sure that we never get:
+// Internal error occurred: [some error, object does not implement the Object interfaces]
+func TestNewForbidden(t *testing.T) {
+	attributes := NewAttributesRecord(
+		&fakeObj{},
+		nil,
+		schema.GroupVersionKind{Group: "foo", Version: "bar", Kind: "Baz"},
+		"",
+		"",
+		schema.GroupVersionResource{Group: "foo", Version: "bar", Resource: "baz"},
+		"",
+		Create,
+		nil)
+	err := errors.New("some error")
+	expectedErr := `baz.foo "Unknown/errorGettingName" is forbidden: some error`
+
+	actualErr := NewForbidden(attributes, err)
+	if actualErr.Error() != expectedErr {
+		t.Errorf("expected %v, got %v", expectedErr, actualErr)
+	}
+}
+
+type fakeObj struct{}
+type fakeObjKind struct{}
+
+func (f *fakeObj) GetObjectKind() schema.ObjectKind {
+	return &fakeObjKind{}
+}
+func (f *fakeObj) DeepCopyObject() runtime.Object {
+	return f
+}
+
+func (f *fakeObjKind) SetGroupVersionKind(kind schema.GroupVersionKind) {}
+func (f *fakeObjKind) GroupVersionKind() schema.GroupVersionKind {
+	return schema.GroupVersionKind{Group: "foo", Version: "bar", Kind: "Baz"}
+}