Update tests for: Pass {Operation}Option to Webhooks

Kubernetes-commit: 900d652a9ac11e53293950b3d191295c21430215

pkg/admission/audit_test.go

@@ -64,7 +64,7 @@ func (h fakeHandler) Handles(o Operation) bool {
 }
 
 func attributes() Attributes {
-	return NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", "", false, nil)
+	return NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", "", nil, false, nil)
 }
 
 func TestWithAudit(t *testing.T) {

pkg/admission/chain_test.go

@@ -21,6 +21,7 @@ import (
 	"testing"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
@@ -63,6 +64,7 @@ func TestAdmitAndValidate(t *testing.T) {
 		name      string
 		ns        string
 		operation Operation
+		options   runtime.Object
 		chain     chainAdmissionHandler
 		accept    bool
 		calls     map[string]bool
@@ -71,6 +73,7 @@ func TestAdmitAndValidate(t *testing.T) {
 			name:      "all accept",
 			ns:        sysns,
 			operation: Create,
+			options:   &metav1.CreateOptions{},
 			chain: []Interface{
 				makeHandler("a", true, Update, Delete, Create),
 				makeHandler("b", true, Delete, Create),
@@ -83,6 +86,7 @@ func TestAdmitAndValidate(t *testing.T) {
 			name:      "ignore handler",
 			ns:        otherns,
 			operation: Create,
+			options:   &metav1.CreateOptions{},
 			chain: []Interface{
 				makeHandler("a", true, Update, Delete, Create),
 				makeHandler("b", false, Delete),
@@ -95,6 +99,7 @@ func TestAdmitAndValidate(t *testing.T) {
 			name:      "ignore all",
 			ns:        sysns,
 			operation: Connect,
+			options:   nil,
 			chain: []Interface{
 				makeHandler("a", true, Update, Delete, Create),
 				makeHandler("b", false, Delete),
@@ -107,6 +112,7 @@ func TestAdmitAndValidate(t *testing.T) {
 			name:      "reject one",
 			ns:        otherns,
 			operation: Delete,
+			options:   &metav1.DeleteOptions{},
 			chain: []Interface{
 				makeHandler("a", true, Update, Delete, Create),
 				makeHandler("b", false, Delete),
@@ -119,7 +125,7 @@ func TestAdmitAndValidate(t *testing.T) {
 	for _, test := range tests {
 		t.Logf("testcase = %s", test.name)
 		// call admit and check that validate was not called at all
-		err := test.chain.Admit(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil), nil)
+		err := test.chain.Admit(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, test.options, false, nil), nil)
 		accepted := (err == nil)
 		if accepted != test.accept {
 			t.Errorf("unexpected result of admit call: %v", accepted)
@@ -140,7 +146,7 @@ func TestAdmitAndValidate(t *testing.T) {
 		}
 
 		// call validate and check that admit was not called at all
-		err = test.chain.Validate(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil), nil)
+		err = test.chain.Validate(NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, test.options, false, nil), nil)
 		accepted = (err == nil)
 		if accepted != test.accept {
 			t.Errorf("unexpected result of validate call: %v\n", accepted)

pkg/admission/errors_test.go

@@ -36,6 +36,7 @@ func TestNewForbidden(t *testing.T) {
 		schema.GroupVersionResource{Group: "foo", Version: "bar", Resource: "baz"},
 		"",
 		Create,
+		nil,
 		false,
 		nil)
 	err := errors.New("some error")

pkg/admission/metrics/metrics_test.go

@@ -21,6 +21,8 @@ import (
 	"testing"
 	"time"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/admission"
 )
@@ -28,7 +30,7 @@ import (
 var (
 	kind     = schema.GroupVersionKind{Group: "kgroup", Version: "kversion", Kind: "kind"}
 	resource = schema.GroupVersionResource{Group: "rgroup", Version: "rversion", Resource: "resource"}
-	attr     = admission.NewAttributesRecord(nil, nil, kind, "ns", "name", resource, "subresource", admission.Create, false, nil)
+	attr     = admission.NewAttributesRecord(nil, nil, kind, "ns", "name", resource, "subresource", admission.Create, &metav1.CreateOptions{}, false, nil)
 )
 
 func TestObserveAdmissionStep(t *testing.T) {
@@ -85,6 +87,7 @@ func TestWithMetrics(t *testing.T) {
 		name            string
 		ns              string
 		operation       admission.Operation
+		options         runtime.Object
 		handler         admission.Interface
 		admit, validate bool
 	}
@@ -93,6 +96,7 @@ func TestWithMetrics(t *testing.T) {
 			"both-interfaces-admit-and-validate",
 			"some-ns",
 			admission.Create,
+			&metav1.CreateOptions{},
 			&mutatingAndValidatingFakeHandler{admission.NewHandler(admission.Create, admission.Update), true, true},
 			true, true,
 		},
@@ -100,6 +104,7 @@ func TestWithMetrics(t *testing.T) {
 			"both-interfaces-dont-admit",
 			"some-ns",
 			admission.Create,
+			&metav1.CreateOptions{},
 			&mutatingAndValidatingFakeHandler{admission.NewHandler(admission.Create, admission.Update), false, true},
 			false, true,
 		},
@@ -107,6 +112,7 @@ func TestWithMetrics(t *testing.T) {
 			"both-interfaces-admit-dont-validate",
 			"some-ns",
 			admission.Create,
+			&metav1.CreateOptions{},
 			&mutatingAndValidatingFakeHandler{admission.NewHandler(admission.Create, admission.Update), true, false},
 			true, false,
 		},
@@ -114,6 +120,7 @@ func TestWithMetrics(t *testing.T) {
 			"validate-interfaces-validate",
 			"some-ns",
 			admission.Create,
+			&metav1.CreateOptions{},
 			&validatingFakeHandler{admission.NewHandler(admission.Create, admission.Update), true},
 			true, true,
 		},
@@ -121,6 +128,7 @@ func TestWithMetrics(t *testing.T) {
 			"validate-interfaces-dont-validate",
 			"some-ns",
 			admission.Create,
+			&metav1.CreateOptions{},
 			&validatingFakeHandler{admission.NewHandler(admission.Create, admission.Update), false},
 			true, false,
 		},
@@ -128,6 +136,7 @@ func TestWithMetrics(t *testing.T) {
 			"mutating-interfaces-admit",
 			"some-ns",
 			admission.Create,
+			&metav1.CreateOptions{},
 			&mutatingFakeHandler{admission.NewHandler(admission.Create, admission.Update), true},
 			true, true,
 		},
@@ -135,6 +144,7 @@ func TestWithMetrics(t *testing.T) {
 			"mutating-interfaces-dont-admit",
 			"some-ns",
 			admission.Create,
+			&metav1.CreateOptions{},
 			&mutatingFakeHandler{admission.NewHandler(admission.Create, admission.Update), false},
 			false, true,
 		},
@@ -144,7 +154,7 @@ func TestWithMetrics(t *testing.T) {
 		h := WithMetrics(test.handler, Metrics.ObserveAdmissionController, test.name)
 
 		// test mutation
-		err := h.(admission.MutationInterface).Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil), nil)
+		err := h.(admission.MutationInterface).Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, test.options, false, nil), nil)
 		if test.admit && err != nil {
 			t.Errorf("expected admit to succeed, but failed: %v", err)
 			continue
@@ -169,7 +179,7 @@ func TestWithMetrics(t *testing.T) {
 		}
 
 		// test validation
-		err = h.(admission.ValidationInterface).Validate(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, false, nil), nil)
+		err = h.(admission.ValidationInterface).Validate(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, test.ns, "", schema.GroupVersionResource{}, "", test.operation, test.options, false, nil), nil)
 		if test.validate && err != nil {
 			t.Errorf("expected admit to succeed, but failed: %v", err)
 			continue

pkg/admission/plugin/namespace/lifecycle/admission_test.go

@@ -21,7 +21,7 @@ import (
 	"testing"
 	"time"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -104,7 +104,7 @@ func TestAccessReviewCheckOnMissingNamespace(t *testing.T) {
 	}
 	informerFactory.Start(wait.NeverStop)
 
-	err = handler.Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{Group: "authorization.k8s.io", Version: "v1", Kind: "LocalSubjectAccesReview"}, namespace, "", schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1", Resource: "localsubjectaccessreviews"}, "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{Group: "authorization.k8s.io", Version: "v1", Kind: "LocalSubjectAccesReview"}, namespace, "", schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1", Resource: "localsubjectaccessreviews"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err != nil {
 		t.Error(err)
 	}
@@ -124,7 +124,7 @@ func TestAdmissionNamespaceDoesNotExist(t *testing.T) {
 	informerFactory.Start(wait.NeverStop)
 
 	pod := newPod(namespace)
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err == nil {
 		actions := ""
 		for _, action := range mockClient.Actions() {
@@ -134,19 +134,19 @@ func TestAdmissionNamespaceDoesNotExist(t *testing.T) {
 	}
 
 	// verify create operations in the namespace cause an error
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err == nil {
 		t.Errorf("Expected error rejecting creates in a namespace when it is missing")
 	}
 
 	// verify update operations in the namespace cause an error
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, &metav1.UpdateOptions{}, false, nil), nil)
 	if err == nil {
 		t.Errorf("Expected error rejecting updates in a namespace when it is missing")
 	}
 
 	// verify delete operations in the namespace can proceed
-	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, &metav1.DeleteOptions{}, false, nil), nil)
 	if err != nil {
 		t.Errorf("Unexpected error returned from admission handler: %v", err)
 	}
@@ -166,7 +166,7 @@ func TestAdmissionNamespaceActive(t *testing.T) {
 	informerFactory.Start(wait.NeverStop)
 
 	pod := newPod(namespace)
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err != nil {
 		t.Errorf("unexpected error returned from admission handler")
 	}
@@ -187,31 +187,31 @@ func TestAdmissionNamespaceTerminating(t *testing.T) {
 
 	pod := newPod(namespace)
 	// verify create operations in the namespace cause an error
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err == nil {
 		t.Errorf("Expected error rejecting creates in a namespace when it is terminating")
 	}
 
 	// verify update operations in the namespace can proceed
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Update, &metav1.UpdateOptions{}, false, nil), nil)
 	if err != nil {
 		t.Errorf("Unexpected error returned from admission handler: %v", err)
 	}
 
 	// verify delete operations in the namespace can proceed
-	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Delete, &metav1.DeleteOptions{}, false, nil), nil)
 	if err != nil {
 		t.Errorf("Unexpected error returned from admission handler: %v", err)
 	}
 
 	// verify delete of namespace default can never proceed
-	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", metav1.NamespaceDefault, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", metav1.NamespaceDefault, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, &metav1.DeleteOptions{}, false, nil), nil)
 	if err == nil {
 		t.Errorf("Expected an error that this namespace can never be deleted")
 	}
 
 	// verify delete of namespace other than default can proceed
-	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", "other", v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), "", "other", v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, &metav1.DeleteOptions{}, false, nil), nil)
 	if err != nil {
 		t.Errorf("Did not expect an error %v", err)
 	}
@@ -238,7 +238,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
 
 	pod := newPod(namespace)
 	// verify create operations in the namespace is allowed
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err != nil {
 		t.Errorf("Unexpected error rejecting creates in an active namespace")
 	}
@@ -248,7 +248,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
 	getCalls = 0
 
 	// verify delete of namespace can proceed
-	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), namespace, namespace, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(nil, nil, v1.SchemeGroupVersion.WithKind("Namespace").GroupKind().WithVersion("version"), namespace, namespace, v1.Resource("namespaces").WithVersion("version"), "", admission.Delete, &metav1.DeleteOptions{}, false, nil), nil)
 	if err != nil {
 		t.Errorf("Expected namespace deletion to be allowed")
 	}
@@ -261,7 +261,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
 	phases[namespace] = v1.NamespaceTerminating
 
 	// verify create operations in the namespace cause an error
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err == nil {
 		t.Errorf("Expected error rejecting creates in a namespace right after deleting it")
 	}
@@ -274,7 +274,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
 	fakeClock.Step(forceLiveLookupTTL)
 
 	// verify create operations in the namespace cause an error
-	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	err = handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if err == nil {
 		t.Errorf("Expected error rejecting creates in a namespace right after deleting it")
 	}
@@ -287,7 +287,7 @@ func TestAdmissionNamespaceForceLiveLookup(t *testing.T) {
 	fakeClock.Step(time.Millisecond)
 
 	// verify create operations in the namespace don't force a live lookup after the timeout
-	handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, false, nil), nil)
+	handler.Admit(admission.NewAttributesRecord(&pod, nil, v1.SchemeGroupVersion.WithKind("Pod").GroupKind().WithVersion("version"), pod.Namespace, pod.Name, v1.Resource("pods").WithVersion("version"), "", admission.Create, &metav1.CreateOptions{}, false, nil), nil)
 	if getCalls != 0 {
 		t.Errorf("Expected no live lookup of the namespace at t=forceLiveLookupTTL+1ms, got %d", getCalls)
 	}

pkg/admission/plugin/webhook/mutating/dispatcher_test.go

@@ -122,7 +122,7 @@ func TestDispatch(t *testing.T) {
 				plugin: &Plugin{},
 			}
 			attr := generic.VersionedAttributes{
-				Attributes:         admission.NewAttributesRecord(test.out, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", admission.Operation(""), false, nil),
+				Attributes:         admission.NewAttributesRecord(test.out, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", admission.Operation(""), nil, false, nil),
 				VersionedOldObject: nil,
 				VersionedObject:    test.in,
 			}

pkg/admission/plugin/webhook/namespace/matcher_test.go

@@ -75,27 +75,27 @@ func TestGetNamespaceLabels(t *testing.T) {
 	}{
 		{
 			name:           "request is for creating namespace, the labels should be from the object itself",
-			attr:           admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, "", namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Create, false, nil),
+			attr:           admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, "", namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectedLabels: namespace2Labels,
 		},
 		{
 			name:           "request is for updating namespace, the labels should be from the new object",
-			attr:           admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace2.Name, namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Update, false, nil),
+			attr:           admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace2.Name, namespace2.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Update, &metav1.UpdateOptions{}, false, nil),
 			expectedLabels: namespace2Labels,
 		},
 		{
 			name:           "request is for deleting namespace, the labels should be from the cache",
-			attr:           admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace1.Name, namespace1.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Delete, false, nil),
+			attr:           admission.NewAttributesRecord(&namespace2, nil, schema.GroupVersionKind{}, namespace1.Name, namespace1.Name, schema.GroupVersionResource{Resource: "namespaces"}, "", admission.Delete, &metav1.DeleteOptions{}, false, nil),
 			expectedLabels: namespace1Labels,
 		},
 		{
 			name:           "request is for namespace/finalizer",
-			attr:           admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "namespaces"}, "finalizers", admission.Create, false, nil),
+			attr:           admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "namespaces"}, "finalizers", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectedLabels: namespace1Labels,
 		},
 		{
 			name:           "request is for pod",
-			attr:           admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "pods"}, "", admission.Create, false, nil),
+			attr:           admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, namespace1.Name, "mock-name", schema.GroupVersionResource{Resource: "pods"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectedLabels: namespace1Labels,
 		},
 	}
@@ -117,7 +117,7 @@ func TestNotExemptClusterScopedResource(t *testing.T) {
 	hook := &registrationv1beta1.Webhook{
 		NamespaceSelector: &metav1.LabelSelector{},
 	}
-	attr := admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "mock-name", schema.GroupVersionResource{Version: "v1", Resource: "nodes"}, "", admission.Create, false, nil)
+	attr := admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "mock-name", schema.GroupVersionResource{Version: "v1", Resource: "nodes"}, "", admission.Create, &metav1.CreateOptions{}, false, nil)
 	matcher := Matcher{}
 	matches, err := matcher.MatchNamespaceSelector(hook, attr)
 	if err != nil {

pkg/admission/plugin/webhook/rules/rules_test.go

@@ -21,6 +21,8 @@ import (
 	"testing"
 
 	adreg "k8s.io/api/admissionregistration/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apiserver/pkg/admission"
@@ -33,37 +35,40 @@ type ruleTest struct {
 }
 type tests map[string]ruleTest
 
-func a(group, version, resource, subresource, name string, operation admission.Operation) admission.Attributes {
+func a(group, version, resource, subresource, name string, operation admission.Operation, operationOptions runtime.Object) admission.Attributes {
 	return admission.NewAttributesRecord(
 		nil, nil,
 		schema.GroupVersionKind{Group: group, Version: version, Kind: "k" + resource},
 		"ns", name,
 		schema.GroupVersionResource{Group: group, Version: version, Resource: resource}, subresource,
 		operation,
+		operationOptions,
 		false,
 		nil,
 	)
 }
 
-func namespacedAttributes(group, version, resource, subresource, name string, operation admission.Operation) admission.Attributes {
+func namespacedAttributes(group, version, resource, subresource, name string, operation admission.Operation, operationOptions runtime.Object) admission.Attributes {
 	return admission.NewAttributesRecord(
 		nil, nil,
 		schema.GroupVersionKind{Group: group, Version: version, Kind: "k" + resource},
 		"ns", name,
 		schema.GroupVersionResource{Group: group, Version: version, Resource: resource}, subresource,
 		operation,
+		operationOptions,
 		false,
 		nil,
 	)
 }
 
-func clusterScopedAttributes(group, version, resource, subresource, name string, operation admission.Operation) admission.Attributes {
+func clusterScopedAttributes(group, version, resource, subresource, name string, operation admission.Operation, operationOptions runtime.Object) admission.Attributes {
 	return admission.NewAttributesRecord(
 		nil, nil,
 		schema.GroupVersionKind{Group: group, Version: version, Kind: "k" + resource},
 		"", name,
 		schema.GroupVersionResource{Group: group, Version: version, Resource: resource}, subresource,
 		operation,
+		operationOptions,
 		false,
 		nil,
 	)
@@ -82,7 +87,7 @@ func TestGroup(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 		"exact": {
@@ -92,12 +97,12 @@ func TestGroup(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g1", "v", "r", "", "name", admission.Create),
+				a("g1", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g2", "v2", "r3", "", "name", admission.Create),
+				a("g2", "v2", "r3", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				a("g3", "v", "r", "", "name", admission.Create),
+				a("g3", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g4", "v", "r", "", "name", admission.Create),
+				a("g4", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 	}
@@ -127,7 +132,7 @@ func TestVersion(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 		"exact": {
@@ -137,12 +142,12 @@ func TestVersion(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g1", "v1", "r", "", "name", admission.Create),
+				a("g1", "v1", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g2", "v2", "r", "", "name", admission.Create),
+				a("g2", "v2", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				a("g1", "v3", "r", "", "name", admission.Create),
+				a("g1", "v3", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g2", "v4", "r", "", "name", admission.Create),
+				a("g2", "v4", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 	}
@@ -167,65 +172,65 @@ func TestOperation(t *testing.T) {
 		"wildcard": {
 			rule: adreg.RuleWithOperations{Operations: []adreg.OperationType{adreg.OperationAll}},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g", "v", "r", "", "name", admission.Update),
+				a("g", "v", "r", "", "name", admission.Update, &metav1.UpdateOptions{}),
-				a("g", "v", "r", "", "name", admission.Delete),
+				a("g", "v", "r", "", "name", admission.Delete, &metav1.DeleteOptions{}),
-				a("g", "v", "r", "", "name", admission.Connect),
+				a("g", "v", "r", "", "name", admission.Connect, nil),
 			),
 		},
 		"create": {
 			rule: adreg.RuleWithOperations{Operations: []adreg.OperationType{adreg.Create}},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				a("g", "v", "r", "", "name", admission.Update),
+				a("g", "v", "r", "", "name", admission.Update, &metav1.UpdateOptions{}),
-				a("g", "v", "r", "", "name", admission.Delete),
+				a("g", "v", "r", "", "name", admission.Delete, &metav1.DeleteOptions{}),
-				a("g", "v", "r", "", "name", admission.Connect),
+				a("g", "v", "r", "", "name", admission.Connect, nil),
 			),
 		},
 		"update": {
 			rule: adreg.RuleWithOperations{Operations: []adreg.OperationType{adreg.Update}},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Update),
+				a("g", "v", "r", "", "name", admission.Update, &metav1.UpdateOptions{}),
 			),
 			noMatch: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g", "v", "r", "", "name", admission.Delete),
+				a("g", "v", "r", "", "name", admission.Delete, &metav1.DeleteOptions{}),
-				a("g", "v", "r", "", "name", admission.Connect),
+				a("g", "v", "r", "", "name", admission.Connect, nil),
 			),
 		},
 		"delete": {
 			rule: adreg.RuleWithOperations{Operations: []adreg.OperationType{adreg.Delete}},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Delete),
+				a("g", "v", "r", "", "name", admission.Delete, &metav1.DeleteOptions{}),
 			),
 			noMatch: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g", "v", "r", "", "name", admission.Update),
+				a("g", "v", "r", "", "name", admission.Update, &metav1.UpdateOptions{}),
-				a("g", "v", "r", "", "name", admission.Connect),
+				a("g", "v", "r", "", "name", admission.Connect, nil),
 			),
 		},
 		"connect": {
 			rule: adreg.RuleWithOperations{Operations: []adreg.OperationType{adreg.Connect}},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Connect),
+				a("g", "v", "r", "", "name", admission.Connect, nil),
 			),
 			noMatch: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g", "v", "r", "", "name", admission.Update),
+				a("g", "v", "r", "", "name", admission.Update, &metav1.UpdateOptions{}),
-				a("g", "v", "r", "", "name", admission.Delete),
+				a("g", "v", "r", "", "name", admission.Delete, &metav1.DeleteOptions{}),
 			),
 		},
 		"multiple": {
 			rule: adreg.RuleWithOperations{Operations: []adreg.OperationType{adreg.Update, adreg.Delete}},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Update),
+				a("g", "v", "r", "", "name", admission.Update, &metav1.UpdateOptions{}),
-				a("g", "v", "r", "", "name", admission.Delete),
+				a("g", "v", "r", "", "name", admission.Delete, &metav1.DeleteOptions{}),
 			),
 			noMatch: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g", "v", "r", "", "name", admission.Connect),
+				a("g", "v", "r", "", "name", admission.Connect, nil),
 			),
 		},
 	}
@@ -254,12 +259,12 @@ func TestResource(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r2", "", "name", admission.Create),
+				a("2", "v", "r2", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				a("g", "v", "r", "exec", "name", admission.Create),
+				a("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r2", "proxy", "name", admission.Create),
+				a("2", "v", "r2", "proxy", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 		"r & subresources": {
@@ -269,12 +274,12 @@ func TestResource(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g", "v", "r", "exec", "name", admission.Create),
+				a("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				a("2", "v", "r2", "", "name", admission.Create),
+				a("2", "v", "r2", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r2", "proxy", "name", admission.Create),
+				a("2", "v", "r2", "proxy", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 		"r & subresources or r2": {
@@ -284,12 +289,12 @@ func TestResource(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("g", "v", "r", "exec", "name", admission.Create),
+				a("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r2", "", "name", admission.Create),
+				a("2", "v", "r2", "", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				a("2", "v", "r2", "proxy", "name", admission.Create),
+				a("2", "v", "r2", "proxy", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 		"proxy or exec": {
@@ -299,14 +304,14 @@ func TestResource(t *testing.T) {
 				},
 			},
 			match: attrList(
-				a("g", "v", "r", "exec", "name", admission.Create),
+				a("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r2", "proxy", "name", admission.Create),
+				a("2", "v", "r2", "proxy", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r3", "proxy", "name", admission.Create),
+				a("2", "v", "r3", "proxy", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				a("g", "v", "r", "", "name", admission.Create),
+				a("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r2", "", "name", admission.Create),
+				a("2", "v", "r2", "", "name", admission.Create, &metav1.CreateOptions{}),
-				a("2", "v", "r4", "scale", "name", admission.Create),
+				a("2", "v", "r4", "scale", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 	}
@@ -339,16 +344,16 @@ func TestScope(t *testing.T) {
 				},
 			},
 			match: attrList(
-				clusterScopedAttributes("g", "v", "r", "", "name", admission.Create),
+				clusterScopedAttributes("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("g", "v", "r", "exec", "name", admission.Create),
+				clusterScopedAttributes("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("", "v1", "namespaces", "", "ns", admission.Create),
+				clusterScopedAttributes("", "v1", "namespaces", "", "ns", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create),
+				clusterScopedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("", "v1", "namespaces", "", "ns", admission.Create),
+				namespacedAttributes("", "v1", "namespaces", "", "ns", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create),
+				namespacedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				namespacedAttributes("g", "v", "r", "", "name", admission.Create),
+				namespacedAttributes("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("g", "v", "r", "exec", "name", admission.Create),
+				namespacedAttributes("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 		"namespace scope": {
@@ -359,16 +364,16 @@ func TestScope(t *testing.T) {
 				},
 			},
 			match: attrList(
-				namespacedAttributes("g", "v", "r", "", "name", admission.Create),
+				namespacedAttributes("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("g", "v", "r", "exec", "name", admission.Create),
+				namespacedAttributes("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(
-				clusterScopedAttributes("", "v1", "namespaces", "", "ns", admission.Create),
+				clusterScopedAttributes("", "v1", "namespaces", "", "ns", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create),
+				clusterScopedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("", "v1", "namespaces", "", "ns", admission.Create),
+				namespacedAttributes("", "v1", "namespaces", "", "ns", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create),
+				namespacedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("g", "v", "r", "", "name", admission.Create),
+				clusterScopedAttributes("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("g", "v", "r", "exec", "name", admission.Create),
+				clusterScopedAttributes("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
 			),
 		},
 		"all scopes": {
@@ -379,14 +384,14 @@ func TestScope(t *testing.T) {
 				},
 			},
 			match: attrList(
-				namespacedAttributes("g", "v", "r", "", "name", admission.Create),
+				namespacedAttributes("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("g", "v", "r", "exec", "name", admission.Create),
+				namespacedAttributes("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("g", "v", "r", "", "name", admission.Create),
+				clusterScopedAttributes("g", "v", "r", "", "name", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("g", "v", "r", "exec", "name", admission.Create),
+				clusterScopedAttributes("g", "v", "r", "exec", "name", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("", "v1", "namespaces", "", "ns", admission.Create),
+				clusterScopedAttributes("", "v1", "namespaces", "", "ns", admission.Create, &metav1.CreateOptions{}),
-				clusterScopedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create),
+				clusterScopedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("", "v1", "namespaces", "", "ns", admission.Create),
+				namespacedAttributes("", "v1", "namespaces", "", "ns", admission.Create, &metav1.CreateOptions{}),
-				namespacedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create),
+				namespacedAttributes("", "v1", "namespaces", "finalize", "ns", admission.Create, &metav1.CreateOptions{}),
 			),
 			noMatch: attrList(),
 		},

pkg/admission/plugin/webhook/testing/testcase.go

@@ -101,9 +101,10 @@ func newAttributesRecord(object metav1.Object, oldObject metav1.Object, kind sch
 		Name: "webhook-test",
 		UID:  "webhook-test",
 	}
+	options := &metav1.UpdateOptions{}
 
 	return &FakeAttributes{
-		Attributes: admission.NewAttributesRecord(object.(runtime.Object), oldObject.(runtime.Object), kind, namespace, name, gvr, subResource, admission.Update, dryRun, &userInfo),
+		Attributes: admission.NewAttributesRecord(object.(runtime.Object), oldObject.(runtime.Object), kind, namespace, name, gvr, subResource, admission.Update, options, dryRun, &userInfo),
 	}
 }