apiserver

Commit Graph

Author	SHA1	Message	Date
Jiahui Feng	9eebea091a	add test for authorizer type checking. Kubernetes-commit: 7ccc23178396fb7c50cd59a16a62e7d79ba973a9	2023-06-08 15:51:05 -07:00
Jiahui Feng	c85cef6cc3	add support for authorizer to type checking. Kubernetes-commit: 04fa4184ed349d6ccce5be4daa7561356eebeea3	2023-06-07 10:11:30 -07:00
Ben Luddy	330dca5753	Cache authz decisions within validating policy admission. This avoids the surprise of identical authorization checks within a policy evaluating to different decisions during the same admission pass, and reduces the overhead of repeatedly referencing the same authorization check. Kubernetes-commit: f1700e4b95b404b37312084800ab8022f7069fee	2023-03-09 14:52:09 -05:00
Mskxn	2595ae0416	use stopCh to avoid goroutine leak in tests Kubernetes-commit: 132d477cb7aa323c0eae6dd9a09f9c93fb570b83	2023-07-06 16:24:58 +08:00
Joe Betz	f32e391a45	Introduce CEL EnvSets for managing safe rollout of new CEL features, libraries and expression variables Kubernetes-commit: e740f8340eedc89baccd120329b454a860385e2d	2023-04-28 14:16:56 -04:00
Tim Hockin	6fa34a3ae5	Clean up brace whitespace in */validation_test.go This was making my eyes bleed as I read over code. I used the following in vim. I made them up on the fly, but they seemed to pass manual inspection. :g/},\n\s{$/s//}, {/ :w :g/{$\n\s{$/s//{{/ :w :g/^$\s$},\n\1},$/s//}},/ :w :g/^$\s*$},$\n\1}$/s//}}/ :w Kubernetes-commit: d55b67b349021b6c46fc6ce78f2a36bd4217145f	2023-05-02 00:36:15 -07:00
Tim Hockin	0165503c5a	Replace uses of ObjectReflectDiff with cmp.Diff ObjectReflectDiff is already a shim over cmp.Diff, so no actual output or behavior changes Kubernetes-commit: bc302fa4144d21a338683cd83701661f97be4aba	2023-03-23 11:34:03 -07:00
Ben Luddy	83b0e6192f	Remove vestigal err check from CEL admission controller. Validate no longer returns an error. Kubernetes-commit: 13192176002ae4fd31bdaaff6083deb9e6256880	2023-03-09 16:13:12 -05:00
Max Smythe	41adff8c93	Custom match criteria (#116350 ) * Add custom match conditions for CEL admission This PR is based off of, and dependent on the following PR: https://github.com/kubernetes/kubernetes/pull/116261 Signed-off-by: Max Smythe <smythe@google.com> * run `make update` Signed-off-by: Max Smythe <smythe@google.com> * Fix unit tests Signed-off-by: Max Smythe <smythe@google.com> * Fix unit tests Signed-off-by: Max Smythe <smythe@google.com> * Update compatibility test data Signed-off-by: Max Smythe <smythe@google.com> * Revert "Update compatibility test data" This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28. * Allow params during validation; make match conditions optional Signed-off-by: Max Smythe <smythe@google.com> * Add conditional ignoring of matcher CEL expression validation on update Signed-off-by: Max Smythe <smythe@google.com> * Run codegen Signed-off-by: Max Smythe <smythe@google.com> * Add more validation tests Signed-off-by: Max Smythe <smythe@google.com> * Short-circuit CEL matcher when no matchers specified Signed-off-by: Max Smythe <smythe@google.com> * Run codegen Signed-off-by: Max Smythe <smythe@google.com> * Address review comments Signed-off-by: Max Smythe <smythe@google.com> --------- Signed-off-by: Max Smythe <smythe@google.com> Kubernetes-commit: e5fd204c33e90a7e8f5a0ee70242f1296a5ec7af	2023-03-16 04:20:31 +00:00
Igor Velichkovich	05d2078e68	Matchconditions admission webhooks alpha implementation for kep-3716 (#116261 ) * api changes adding match conditions * feature gate and registry strategy to drop fields * matchConditions logic for admission webhooks * feedback * update test * import order * bears.com * update fail policy ignore behavior * update docs and matcher to hold fail policy as non-pointer * update matcher error aggregation, fix early fail failpolicy ignore, update docs * final cleanup * openapi gen Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58	2023-03-15 07:36:02 +00:00
Jiahui Feng	fc16fc2926	implmementing type checking with multi-type support. Kubernetes-commit: feb18b3f5f9d443c27dd8cccb6358f271f887744	2023-03-07 15:49:19 -08:00
Jiahui Feng	52ca13e6fc	implement message expression. Kubernetes-commit: d8be7aa9ca99070e42cdef37b8c4af07b754520e	2023-03-08 17:36:11 -08:00
Igor Velichkovich	9608de14c4	migrate versionedattr to avoid circular dependency Kubernetes-commit: 64c426a90232e34853d9b9cfdaad5409371c191a	2023-03-03 14:04:29 -06:00
Cici Huang	19b3ccef1c	Rebase changes. Kubernetes-commit: 1445e0371f83895c19b740bead95d1cd1c81f5a2	2023-03-07 06:50:33 +00:00
Joe Betz	0670e5fe76	Add test for context cancellation. Kubernetes-commit: 92e5b09471933bcdd6836c725939896c1d0cc0e6	2023-03-06 23:32:29 +00:00
Cici Huang	f58819aa69	Apply context cancellation to ValidatingAdmissionPolicy. Kubernetes-commit: c400002facd01a8b0fc10ca4f5a66c8b8abd94c4	2023-03-03 00:18:47 +00:00
Joe Betz	265820879d	Implement validationActions and auditAnnotations Kubernetes-commit: d221ddb89a5dde5a6f55674dc38aa71cc842d481	2023-03-06 17:29:28 -05:00
Cici Huang	e7c00895a3	Fix CI Kubernetes-commit: 6d082116520ad96a4406f90383513551b7caaa68	2023-03-06 22:37:52 +00:00
Cici Huang	c4a92f1b65	Apply resource constraints to ValidatingAdmissionPolicy. Kubernetes-commit: 244c63a2e6c8d859be8f4c6c23fbe1263dbfab0a	2023-02-14 06:37:57 +00:00
Jiahui Feng	e0113f0429	skip reconcile for unchanged Spec for ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Kubernetes-commit: bb0070754826e8073820752c3e9ba51fab11155b	2023-03-06 09:29:57 -08:00
Joe Betz	f094db0dd5	Implement secondary authz Kubernetes-commit: 7bbda746fee7ae4e50647099b72c02327525ef7a	2023-03-06 12:08:14 -05:00
Patrick Ohly	190d08cb5d	staging: fix "go vet" issues These issues were not found earlier because "make vet" ignored staging. Some of these fixes are stylistic and/or don't matter in practice, but all of the loopclosure issues seem to be real: those tests didn't run as intended. Here's the full error report: staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_discovery_controller.go:304:11: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersion struct literal uses unkeyed fields (govet) gv := schema.GroupVersion{crd.Spec.Group, v.Name} ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler_test.go:790:119: composites: k8s.io/apimachinery/pkg/runtime/serializer/json.SerializerOptions struct literal uses unkeyed fields (govet) delegate := serializerjson.NewSerializerWithOptions(serializerjson.DefaultMetaFactory, unstructuredCreator{}, nil, serializerjson.SerializerOptions{tc.yaml, false, tc.strictDecoding}) ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/compilation.go:171:30: composites: k8s.io/apiserver/pkg/cel.Error struct literal uses unkeyed fields (govet) compilationResult.Error = &apiservercel.Error{apiservercel.ErrorTypeInvalid, "compilation failed: " + issues.String()} ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/compilation.go:175:30: composites: k8s.io/apiserver/pkg/cel.Error struct literal uses unkeyed fields (govet) compilationResult.Error = &apiservercel.Error{apiservercel.ErrorTypeInvalid, "cel expression must evaluate to a bool"} ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/compilation.go:182:30: composites: k8s.io/apiserver/pkg/cel.Error struct literal uses unkeyed fields (govet) compilationResult.Error = &apiservercel.Error{apiservercel.ErrorTypeInternal, "unexpected compilation error: " + err.Error()} ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/compilation.go:201:30: composites: k8s.io/apiserver/pkg/cel.Error struct literal uses unkeyed fields (govet) compilationResult.Error = &apiservercel.Error{apiservercel.ErrorTypeInvalid, "program instantiation failed: " + err.Error()} ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/compilation.go:206:30: composites: k8s.io/apiserver/pkg/cel.Error struct literal uses unkeyed fields (govet) compilationResult.Error = &apiservercel.Error{apiservercel.ErrorTypeInternal, "cost estimation failed: " + err.Error()} ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:38:14: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"foo"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:44:15: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"foo"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:53:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:58:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"B"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:63:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"C"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:76:19: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:81:19: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"B"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:91:18: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"N"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:96:18: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"O"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:108:21: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"alpha"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:113:21: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"beta"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:123:16: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"bar"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:133:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:147:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:159:15: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:169:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:179:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:190:18: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/algorithm_test.go:202:18: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/prunenulls_test.go:38:14: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"foo"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/prunenulls_test.go:47:17: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"A"}, ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting/prunenulls_test.go:57:18: composites: k8s.io/apiextensions-apiserver/pkg/apiserver/schema.JSON struct literal uses unkeyed fields (govet) Default: structuralschema.JSON{"C"}, ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/defaulting_test.go:289:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/listtype_test.go:140:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/objectmeta_test.go:453:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go:214:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go:266:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go:377:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go:418:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go:471:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go:556:38: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) fooClient := dynamicClient.Resource(schema.GroupVersionResource{crd.Spec.Group, crd.Spec.Versions[0].Name, crd.Spec.Names.Plural}) ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/celcoststability_test.go:1096:32: loopclosure: loop variable validRule captured by func literal (govet) s := withRule(tt.schema, validRule) ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/celcoststability_test.go:1107:19: loopclosure: loop variable expectedCost captured by func literal (govet) if rtCost != expectedCost { ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/celcoststability_test.go:1108:83: loopclosure: loop variable expectedCost captured by func literal (govet) t.Fatalf("runtime cost %d does not match expected runtime cost %d", rtCost, expectedCost) ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go:2009:30: loopclosure: loop variable tt captured by func literal (govet) celValidator := validator(tt.schema, true, model.SchemaDeclType(tt.schema, true), PerCallLimit) ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go:2013:65: loopclosure: loop variable tt captured by func literal (govet) errs, _ := celValidator.Validate(ctx, field.NewPath("root"), tt.schema, tt.obj, tt.oldObj, math.MaxInt) ^ staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go:2015:22: loopclosure: loop variable tt captured by func literal (govet) for _, e := range tt.errors { ^ staging/src/k8s.io/apimachinery/pkg/runtime/mapper_test.go:28:67: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) gvr := func(g, v, r string) schema.GroupVersionResource { return schema.GroupVersionResource{g, v, r} } ^ staging/src/k8s.io/apimachinery/pkg/runtime/mapper_test.go:30:63: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) gvk := func(g, v, k string) schema.GroupVersionKind { return schema.GroupVersionKind{g, v, k} } ^ staging/src/k8s.io/apimachinery/pkg/runtime/serializer/versioning/versioning.go:150:35: composites: k8s.io/apimachinery/pkg/runtime.WithoutVersionDecoder struct literal uses unkeyed fields (govet) if err := d.DecodeNestedObjects(runtime.WithoutVersionDecoder{c.decoder}); err != nil { ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go:119:18: composites: k8s.io/apimachinery/pkg/api/errors.StatusError struct literal uses unkeyed fields (govet) return false, &apierrors.StatusError{status.Status()} ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testing/testcase.go:300:17: composites: k8s.io/api/admissionregistration/v1.MutatingWebhook struct literal uses unkeyed fields (govet) mutating[i] = registrationv1.MutatingWebhook{h.Name, h.ClientConfig, h.Rules, h.FailurePolicy, h.MatchPolicy, h.NamespaceSelector, h.ObjectSelector, h.SideEffects, h.TimeoutSeconds, h.AdmissionReviewVersions, nil} ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:70:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"extensions", "v1beta1", "deployments"}, "", schema.GroupVersionKind{"extensions", "v1beta1", "Deployment"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:71:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1", "deployments"}, "", schema.GroupVersionKind{"apps", "v1", "Deployment"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:72:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1beta1", "deployments"}, "", schema.GroupVersionKind{"apps", "v1beta1", "Deployment"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:73:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1alpha1", "deployments"}, "", schema.GroupVersionKind{"apps", "v1alpha1", "Deployment"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:75:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"extensions", "v1beta1", "deployments"}, "scale", schema.GroupVersionKind{"extensions", "v1beta1", "Scale"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:76:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", schema.GroupVersionKind{"autoscaling", "v1", "Scale"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:77:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1beta1", "deployments"}, "scale", schema.GroupVersionKind{"apps", "v1beta1", "Scale"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:78:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1alpha1", "deployments"}, "scale", schema.GroupVersionKind{"apps", "v1alpha1", "Scale"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:81:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"example.com", "v1", "widgets"}, "", schema.GroupVersionKind{"", "", ""}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:82:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"example.com", "v2", "widgets"}, "", schema.GroupVersionKind{"", "", ""}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go💯59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:114:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:116:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"apps", "v1", "Deployment"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:139:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:141:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"apps", "v1", "Deployment"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:159:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:179:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:199:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:201:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"extensions", "v1beta1", "Deployment"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:220:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:222:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"apps", "v1beta1", "Deployment"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:246:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:248:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:266:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:286:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:306:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:308:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"extensions", "v1beta1", "Scale"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:327:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:329:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"apps", "v1beta1", "Scale"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:343:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:345:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:359:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:375:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"extensions", "v1beta1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:377:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:392:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"extensions", "v1beta1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:413:61: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:415:22: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectMatchKind: &schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:435:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"extensions", "v1beta1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:450:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:460:59: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:475:70: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(&example.Pod{}, nil, schema.GroupVersionKind{"example.apiserver.k8s.io", "v1", "Pod"}, "ns", "name", schema.GroupVersionResource{"example.apiserver.k8s.io", "v1", "pods"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:491:70: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(&example.Pod{}, nil, schema.GroupVersionKind{"example.apiserver.k8s.io", "v1", "Pod"}, "ns", "name", schema.GroupVersionResource{"example.apiserver.k8s.io", "v1", "pods"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:507:70: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(&example.Pod{}, nil, schema.GroupVersionKind{"example.apiserver.k8s.io", "v1", "Pod"}, "ns", "name", schema.GroupVersionResource{"example.apiserver.k8s.io", "v1", "pods"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:523:70: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) attrs: admission.NewAttributesRecord(&example.Pod{}, nil, schema.GroupVersionKind{"example.apiserver.k8s.io", "v1", "Pod"}, "ns", "name", schema.GroupVersionResource{"example.apiserver.k8s.io", "v1", "pods"}, "", admission.Create, &metav1.CreateOptions{}, false, nil), ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:591:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"extensions", "v1beta1", "deployments"}, "", schema.GroupVersionKind{"extensions", "v1beta1", "Deployment"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:592:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1", "deployments"}, "", schema.GroupVersionKind{"apps", "v1", "Deployment"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:593:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1beta1", "deployments"}, "", schema.GroupVersionKind{"apps", "v1beta1", "Deployment"}) ^ staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching_test.go:594:25: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionResource struct literal uses unkeyed fields (govet) mapper.RegisterKindFor(schema.GroupVersionResource{"apps", "v1alpha1", "deployments"}, "", schema.GroupVersionKind{"apps", "v1alpha1", "Deployment"}) ^ staging/src/k8s.io/client-go/tools/leaderelection/resourcelock/leaselock.go:120:19: composites: k8s.io/apimachinery/pkg/apis/meta/v1.Time struct literal uses unkeyed fields (govet) r.AcquireTime = metav1.Time{spec.AcquireTime.Time} ^ staging/src/k8s.io/client-go/tools/leaderelection/resourcelock/leaselock.go:123:17: composites: k8s.io/apimachinery/pkg/apis/meta/v1.Time struct literal uses unkeyed fields (govet) r.RenewTime = metav1.Time{spec.RenewTime.Time} ^ staging/src/k8s.io/client-go/tools/leaderelection/resourcelock/leaselock.go:135:26: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) AcquireTime: &metav1.MicroTime{ler.AcquireTime.Time}, ^ staging/src/k8s.io/client-go/tools/leaderelection/resourcelock/leaselock.go:136:26: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) RenewTime: &metav1.MicroTime{ler.RenewTime.Time}, ^ staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec_test.go:1088:28: composites: k8s.io/apimachinery/pkg/apis/meta/v1.Time struct literal uses unkeyed fields (govet) ExpirationTimestamp: &v1.Time{now.Add(time.Hour)}, ^ staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec_test.go:1100:28: composites: k8s.io/apimachinery/pkg/apis/meta/v1.Time struct literal uses unkeyed fields (govet) ExpirationTimestamp: &v1.Time{now.Add(time.Hour)}, ^ staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec_test.go:1110:28: composites: k8s.io/apimachinery/pkg/apis/meta/v1.Time struct literal uses unkeyed fields (govet) ExpirationTimestamp: &v1.Time{now.Add(time.Hour)}, ^ staging/src/k8s.io/client-go/tools/events/event_recorder.go:44:15: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) timestamp := metav1.MicroTime{time.Now()} ^ staging/src/k8s.io/client-go/tools/events/eventseries_test.go:95:24: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) EventTime: metav1.MicroTime{time.Now()}, ^ staging/src/k8s.io/client-go/tools/events/eventseries_test.go:299:56: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) cachedEvent := recorder.makeEvent(regarding, related, metav1.MicroTime{time.Now()}, v1.EventTypeNormal, "test", "some verbose message: 1", "eventTest", "eventTest-"+hostname, "started") ^ staging/src/k8s.io/client-go/tools/events/eventseries_test.go:385:57: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) cachedEvent := recorder.makeEvent(regarding, related, metav1.MicroTime{time.Now()}, v1.EventTypeNormal, "test", "some verbose message: 1", "eventTest", "eventTest-"+hostname, "started") ^ staging/src/k8s.io/client-go/tools/leaderelection/leaderelection_test.go:365:26: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) AcquireTime: &metav1.MicroTime{time.Now()}, ^ staging/src/k8s.io/client-go/tools/leaderelection/leaderelection_test.go:366:26: composites: k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime struct literal uses unkeyed fields (govet) RenewTime: &metav1.MicroTime{time.Now()}, ^ staging/src/k8s.io/client-go/tools/auth/exec/types_test.go:40:53: loopclosure: loop variable cluster captured by func literal (govet) testClientAuthenticationClusterTypesAreSynced(t, cluster) ^ staging/src/k8s.io/cli-runtime/pkg/resource/scheme_test.go:44:16: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectGVK: &schema.GroupVersionKind{"", "v1", "Status"}, ^ staging/src/k8s.io/cli-runtime/pkg/resource/scheme_test.go:50:16: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectGVK: &schema.GroupVersionKind{"meta.k8s.io", "v1", "Status"}, ^ staging/src/k8s.io/cli-runtime/pkg/resource/scheme_test.go:56:16: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectGVK: &schema.GroupVersionKind{"example.com", "v1", "Status"}, ^ staging/src/k8s.io/cli-runtime/pkg/resource/scheme_test.go:62:16: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) expectGVK: &schema.GroupVersionKind{"example.com", "v1", "Foo"}, ^ staging/src/k8s.io/cli-runtime/pkg/resource/builder_example_test.go:77:1: tests: ExampleLocalBuilder refers to unknown identifier: LocalBuilder (govet) func ExampleLocalBuilder() { ^ staging/src/k8s.io/component-base/metrics/desc_test.go:159:26: copylocks: call of reflect.DeepEqual copies lock value: k8s.io/component-base/metrics.Desc contains sync.RWMutex (govet) if !reflect.DeepEqual(descA, descB) { ^ staging/src/k8s.io/component-base/logs/json/json_benchmark_test.go:46:6: structtag: struct field secret has json tag but is not exported (govet) secret string `json:"secret"` ^ staging/src/k8s.io/component-base/logs/json/json_benchmark_test.go:76:6: structtag: struct field secret has json tag but is not exported (govet) secret string `json:"secret"` ^ staging/src/k8s.io/component-base/logs/json/json_benchmark_test.go:105:6: structtag: struct field secret has json tag but is not exported (govet) secret string `json:"secret"` ^ staging/src/k8s.io/csi-translation-lib/plugins/vsphere_volume_test.go:31:26: composites: k8s.io/api/core/v1.TopologySelectorTerm struct literal uses unkeyed fields (govet) topologySelectorTerm := v1.TopologySelectorTerm{[]v1.TopologySelectorLabelRequirement{ ^ staging/src/k8s.io/csi-translation-lib/plugins/vsphere_volume_test.go:37:40: composites: k8s.io/api/core/v1.TopologySelectorTerm struct literal uses unkeyed fields (govet) topologySelectorTermWithBetaLabels := v1.TopologySelectorTerm{[]v1.TopologySelectorLabelRequirement{ ^ staging/src/k8s.io/csi-translation-lib/plugins/vsphere_volume_test.go:43:34: composites: k8s.io/api/core/v1.TopologySelectorTerm struct literal uses unkeyed fields (govet) expectedTopologySelectorTerm := v1.TopologySelectorTerm{[]v1.TopologySelectorLabelRequirement{ ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:506:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() error = %v", err) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:509:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() annotations = %v, want %v", resp.Annotations, encLocalKEK) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:539:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() error = %v", err) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:542:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() annotations = %v, want %v", resp.Annotations, lk.encKEK) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:589:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() error = %v", err) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:592:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() annotations = %v, want %v", resp.Annotations, encLocalKEK) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:627:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() error = %v", err) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:630:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() annotations = %v, want %v", resp.Annotations, lk.encKEK) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:677:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() error = %v", err) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:680:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() annotations = %v, want %v", resp.Annotations, encLocalKEK) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:717:5: testinggoroutine: call to (T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() error = %v", err) ^ staging/src/k8s.io/kms/pkg/hierarchy/hierarchy_test.go:720:5: testinggoroutine: call to (*T).Fatalf from a non-test goroutine (govet) t.Fatalf("Encrypt() annotations = %v, want %v", resp.Annotations, lk.encKEK) ^ staging/src/k8s.io/kubectl/pkg/cmd/debug/debug_test.go:451:25: composites: k8s.io/apimachinery/pkg/apis/meta/v1.Time struct literal uses unkeyed fields (govet) CreationTimestamp: metav1.Time{time.Now()}, ^ staging/src/k8s.io/kubectl/pkg/cmd/util/helpers_test.go:341:5: composites: k8s.io/apimachinery/pkg/api/errors.StatusError struct literal uses unkeyed fields (govet) &errors.StatusError{metav1.Status{ ^ staging/src/k8s.io/kubectl/pkg/cmd/util/helpers_test.go:352:5: composites: k8s.io/apimachinery/pkg/api/errors.StatusError struct literal uses unkeyed fields (govet) &errors.StatusError{metav1.Status{ ^ staging/src/k8s.io/kubectl/pkg/cmd/util/helpers_test.go:364:5: composites: k8s.io/apimachinery/pkg/api/errors.StatusError struct literal uses unkeyed fields (govet) &errors.StatusError{metav1.Status{ ^ staging/src/k8s.io/kubectl/pkg/cmd/util/helpers_test.go:374:5: composites: k8s.io/apimachinery/pkg/api/errors.StatusError struct literal uses unkeyed fields (govet) &errors.StatusError{metav1.Status{ ^ staging/src/k8s.io/kubectl/pkg/cmd/util/helpers_test.go:385:50: composites: k8s.io/apimachinery/pkg/api/errors.StatusError struct literal uses unkeyed fields (govet) AddSourceToErr("creating", "configmap.yaml", &errors.StatusError{metav1.Status{ ^ staging/src/k8s.io/kubectl/pkg/cmd/util/helpers_test.go:395:5: composites: k8s.io/apimachinery/pkg/api/errors.StatusError struct literal uses unkeyed fields (govet) &errors.StatusError{metav1.Status{ ^ staging/src/k8s.io/kubectl/pkg/explain/v2/funcs_test.go:204:15: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) "needle": schema.GroupVersionKind{"testgroup.k8s.io", "v1", "Kind"}, ^ staging/src/k8s.io/kubectl/pkg/explain/v2/funcs_test.go:206:6: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) {"randomgroup.k8s.io", "v1", "OtherKind"}, ^ staging/src/k8s.io/kubectl/pkg/explain/v2/funcs_test.go:207:6: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) {"testgroup.k8s.io", "v1", "OtherKind"}, ^ staging/src/k8s.io/kubectl/pkg/explain/v2/funcs_test.go:208:6: composites: k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind struct literal uses unkeyed fields (govet) {"testgroup.k8s.io", "v1", "Kind"}, ^ staging/src/k8s.io/kubectl/pkg/polymorphichelpers/history_test.go:95:46: composites: k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference struct literal uses unkeyed fields (govet) OwnerReferences: []metav1.OwnerReference{{"apps/v1", "Deployment", deployment.Name, deployment.UID, &trueVar, nil}}, ^ staging/src/k8s.io/kubectl/pkg/polymorphichelpers/history_test.go:222:46: composites: k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference struct literal uses unkeyed fields (govet) OwnerReferences: []metav1.OwnerReference{{"apps/v1", "StatefulSet", "moons", "1993", &trueVar, nil}}, ^ staging/src/k8s.io/kubectl/pkg/polymorphichelpers/history_test.go:326:46: composites: k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference struct literal uses unkeyed fields (govet) OwnerReferences: []metav1.OwnerReference{{"apps/v1", "DaemonSet", "moons", "1993", &trueVar, nil}}, ^ staging/src/k8s.io/kubectl/pkg/util/i18n/i18n_test.go:143:31: loopclosure: loop variable envVar captured by func literal (govet) defer func() { os.Setenv(envVar, envVarValue) }() ^ staging/src/k8s.io/legacy-cloud-providers/aws/aws_assumerole_provider_test.go:95:9: copylocks: range var tt copies lock: struct{name string; fields k8s.io/legacy-cloud-providers/aws.fields; want github.com/aws/aws-sdk-go/aws/credentials.Value; wantProviderCalled bool; sleepBeforeCallingProvider time.Duration; wantErr bool; wantErrString string} contains k8s.io/legacy-cloud-providers/aws.fields contains sync.RWMutex (govet) for _, tt := range tests { ^ staging/src/k8s.io/legacy-cloud-providers/vsphere/nodemanager.go:190:5: lostcancel: the cancel function is not used on all paths (possible context leak) (govet) ctx, cancel := context.WithCancel(context.Background()) ^ staging/src/k8s.io/legacy-cloud-providers/vsphere/nodemanager.go:236:3: lostcancel: this return statement may be reached without using the cancel var defined on line 190 (govet) }() ^ staging/src/k8s.io/pod-security-admission/policy/registry_test.go:152:35: composites: k8s.io/pod-security-admission/api.LevelVersion struct literal uses unkeyed fields (govet) results := registry.EvaluatePod(api.LevelVersion{tc.level, versionOrPanic(tc.version)}, nil, nil) ^ staging/src/k8s.io/sample-apiserver/pkg/registry/wardle/fischer/etcd.go:50:10: composites: k8s.io/sample-apiserver/pkg/registry.REST struct literal uses unkeyed fields (govet) return &registry.REST{store}, nil ^ staging/src/k8s.io/sample-apiserver/pkg/registry/wardle/flunder/etcd.go:50:10: composites: k8s.io/sample-apiserver/pkg/registry.REST struct literal uses unkeyed fields (govet) return &registry.REST{store}, nil ^ Kubernetes-commit: a58eb1b3da870b2b568fcf0ffd42332d6a0fd667	2023-02-28 21:22:40 +01:00
Igor Velichkovich	0b1f199d07	refactor admission cel validator and compiler to be reusable Kubernetes-commit: e96ef311872ee6429a54e4580528717238a6816b	2023-02-15 16:08:59 -06:00
Vinay Kulkarni	14aef0c739	In-place Pod Vertical Scaling - API changes 1. Define ContainerResizePolicy and add it to Container struct. 2. Add ResourcesAllocated and Resources fields to ContainerStatus struct. 3. Define ResourcesResizeStatus and add it to PodStatus struct. 4. Add InPlacePodVerticalScaling feature gate and drop disabled fields. 5. ResizePolicy validation & defaulting and Resources mutability for CPU/Memory. 6. Various fixes from code review feedback (originally committed on Apr 12, 2022) KEP: /enhancements/keps/sig-node/1287-in-place-update-pod-resources Kubernetes-commit: 76962b0fa7862727e93ef591f4b0822c8d80534b	2021-11-03 15:43:43 -07:00
Dipankar Das	ee11899e67	changes to the fatal message generated Signed-off-by: Dipankar Das <dipankardas0115@gmail.com> Kubernetes-commit: 50bc46bd8fdc687811b3e4bba6a3d8d0706c8d59	2023-01-11 08:08:25 +05:30
Dipankar Das	41fdf0ebe7	Added fatalf for error handling Signed-off-by: Dipankar Das <dipankardas0115@gmail.com> Kubernetes-commit: 526b4b4ce226349b1e0587db14d1321d0b27bbff	2023-01-07 15:45:45 +05:30
Max Smythe	19d202d87c	make CEL admission controller code consumable (#115412 ) * Make policy decision object public Signed-off-by: Max Smythe <smythe@google.com> * Separate version conversion from validation Signed-off-by: Max Smythe <smythe@google.com> * Address review comments Signed-off-by: Max Smythe <smythe@google.com> * Fix variable name Signed-off-by: Max Smythe <smythe@google.com> --------- Signed-off-by: Max Smythe <smythe@google.com> Kubernetes-commit: 0ed74145fb00626ce0e900812a54ca3de5406f2e	2023-02-01 17:29:30 -08:00
Alexander Zielenski	d2e96d0915	use transformer to set gvk back Kubernetes-commit: 24fb6b89812ac86622a536dba861729ed5a20b74	2023-01-26 12:14:14 -08:00
Alexander Zielenski	721045969b	add unfortunate deepcopy Kubernetes-commit: 65513eac3ab67f08745197d8af469532284b797e	2023-01-24 14:46:35 -08:00
Alexander Zielenski	f77de04c6a	fix integration test by working around #3030 test uses kind field which is not populated for native types Kubernetes-commit: 1554e50be43660bc9f03d97cc26b235ad4f94d6c	2023-01-24 12:00:05 -08:00
Alexander Zielenski	1b8963b016	use typedinformer if available reduces memory and cpu when things like configmap are used as a param cannot be shared due to limitatoins of sharedinformerfactory Kubernetes-commit: b969dfec9fd33f8bfff47e54f2995a4865839ea6	2023-01-19 10:04:52 -08:00
Alexander Zielenski	2ea5662b05	use namespacedName for keys in fakeCompiler Kubernetes-commit: 0c495cb429e54a6d25e9252aca3e32fd9f0aef6b	2023-01-19 10:04:46 -08:00
Alexander Zielenski	73db86feab	fix bug with param controllers being removed if used by more than one policy Kubernetes-commit: ecd267d097ec7cd26fa5a6343622c3772f66486f	2023-01-17 15:27:45 -08:00
Alexander Zielenski	9be70531b4	refactor admission controller to avoid contention refresh admission policies up to once per second based upon last known good data Kubernetes-commit: 5f59f449832e5206fe9b5fd7d9a43721c4c9ae44	2022-12-15 16:30:52 -08:00
Alexander Zielenski	3fe59ceb77	defer Done call safer in case of panic Kubernetes-commit: 517df8f3051b5b0a9eb57a5bad1d6bc16fb61985	2022-12-15 13:09:11 -08:00
Daniel Smith	d053de6ca3	Enable propagration of HasSynced * Add tracker types and tests * Modify ResourceEventHandler interface's OnAdd member * Add additional ResourceEventHandlerDetailedFuncs struct * Fix SharedInformer to let users track HasSynced for their handlers * Fix in-tree controllers which weren't computing HasSynced correctly * Deprecate the cache.Pop function Kubernetes-commit: 8100efc7b3122ad119ee8fa4bbbedef3b90f2e0d	2022-11-18 00:12:50 +00:00
Cici Huang	47687312f4	Rename FG to `ValidatingAdmissionPolicy` Kubernetes-commit: 29737124860b1414affa07ed6db30fccdbae3b55	2022-11-09 17:27:20 +00:00
Cici Huang	55bc692e10	Rename admission cel package to validatingadmissionpolicy Kubernetes-commit: 40c21dafcdb7d4f7ee85c652b362632f3b620861	2022-11-08 14:18:26 +00:00
Alexander Zielenski	806e2feeca	add test for error when informers are not ready Kubernetes-commit: acf571fcbed6e762a2a654bfbe6c415e668dfed3	2022-11-09 15:28:37 -08:00
Alexander Zielenski	2167932c69	use existing admissionHandler readyfunc to wait for sync is what other plugins do, and should decrease verbosity in logs Kubernetes-commit: df315f347c911c5cc189d14f6dc70a23da52e57d	2022-11-08 13:07:42 -08:00
Kermit Alexander II	8884260fa6	Add metrics integration. Kubernetes-commit: 99494e67779d0db5a1bf304256e7df273070bf95	2022-10-31 19:22:35 +00:00
Alexander Zielenski	7c2a6f0ee8	fix possible race in admission test of listwatch Kubernetes-commit: 4e217159cfc1441f3c3234059fc6fca0eb13a66d	2022-11-07 12:01:44 -08:00
Joe Betz	0e28c0c81f	Fix params to be null instead of an empty map if paramRef is null Kubernetes-commit: 65460b14d2b9ea20aaf2c6fece191af53ae57249	2022-11-08 13:49:50 -05:00
Cici Huang	81aeb1b5e9	Integrate cel admission with API. Co-authored-by: Alexander Zielenski <zielenski@google.com> Co-authored-by: Joe Betz <jpbetz@google.com> Kubernetes-commit: e7d83a1fb7b3e4f6a75ed73bc6e410946e12ad9f	2022-11-07 21:38:55 +00:00
Cici Huang	58f75bc06a	Add match check for policy and binding. Co-authored-by: Max Smythe <smythe@google.com> Kubernetes-commit: 46f97d4662d5b403badd29675d79d0c74875b9f0	2022-11-07 21:33:17 +00:00
Cici Huang	9f6b13b337	Update admission initializers. Moved RestMapper and add DynamicClient Kubernetes-commit: c8a089de4692ef94ec25fc5874906640d0ec9a28	2022-11-07 21:24:46 +00:00
Cici Huang	464de72d97	Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control Kubernetes-commit: 0486e062618f2181857ae7b235dcd4b8be0964e4	2022-10-04 04:46:55 +00:00
Max Smythe	95fe36122a	Fix canonical imports Signed-off-by: Max Smythe <smythe@google.com> Kubernetes-commit: 003fbae25bf4c76b8b71d56206b51e1ee6e80812	2022-10-25 20:40:27 -07:00
Max Smythe	73e7490c2b	Make interface for webhook predicates more specific Signed-off-by: Max Smythe <smythe@google.com> Kubernetes-commit: 00ebe0bf623295dc589e43e8c299003f9e939f65	2022-10-25 16:34:06 -07:00
Max Smythe	3dc8d71b8a	Move webhook scoping rules into a predicates directory Signed-off-by: Max Smythe <smythe@google.com> Kubernetes-commit: b4ee0c0574932b99a9e877c84d880a5f00fdd3cc	2022-10-25 16:28:16 -07:00
David Ashpole	aa161f2fc0	migrate apiserver utiltrace usage to component-base/tracing Kubernetes-commit: de26b9023f2872c5cd7e15fad5dd5ab649222c13	2022-10-20 18:15:38 +00:00
Alexander Zielenski	ee983a05da	fix flaky admission tests would fllake .04% of the time on my machine. In tests waiting for objects to be reconciled, would erroneously treat the "Not Found" case as an error rather than waiting a bit. also add some more context to test errors to improve debuggability Kubernetes-commit: bfbc1f3479423b5c53231cfec58895746ef2de69	2022-10-21 09:47:18 -07:00
Alexander Zielenski	e25b9399a5	add cel admission controller tests 84% coverage Kubernetes-commit: 8b74e73e3825e725d05376de717ad96506a52eec	2022-10-12 18:03:44 -07:00
Alexander Zielenski	cd8f0b6cf7	add cel admission plugin and initializer Kubernetes-commit: a41a536dbdb72877fa48f85272e479eb628e68f8	2022-10-12 10:21:31 -07:00
Alexander Zielenski	b154760894	add generics tests 84.1% coverage Kubernetes-commit: 74b103cd52da3b0149aa9e50a569a89bdd46e1db	2022-10-13 13:44:03 -07:00
Alexander Zielenski	b1196b949c	add cel admission controller Kubernetes-commit: 2286501e227ead064e95880a6f28904526f887a6	2022-10-12 10:21:08 -07:00
Alexander Zielenski	bf7388424e	add OWNERS Kubernetes-commit: c52fae186a60f0d480f26628c55656c76c7ccac0	2022-10-12 16:11:11 -07:00
qmloong	a32e26b98a	fix: remove redundant error log print Kubernetes-commit: 45ed5ba9939c581d0633772ea3177780fae95db0	2022-09-26 14:52:25 +08:00
Davanum Srinivas	7e94033a61	Generate and format files - Run hack/update-codegen.sh - Run hack/update-generated-device-plugin.sh - Run hack/update-generated-protobuf.sh - Run hack/update-generated-runtime.sh - Run hack/update-generated-swagger-docs.sh - Run hack/update-openapi-spec.sh - Run hack/update-gofmt.sh Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f	2022-07-19 20:54:13 -04:00
HaoJie Liu	4c5e4623d3	cleanup: use append other than for loop Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com> Kubernetes-commit: 29b5cd04bd2c7e2676687d3b613c9b065b128e54	2022-07-21 15:29:30 +08:00
ialidzhikov	057c272d7b	Fix a typo Signed-off-by: ialidzhikov <i.alidjikov@gmail.com> Kubernetes-commit: b2fc44f3f064f56fd9d772f8ecc192614ed79c69	2022-05-18 13:18:47 +03:00
Wojciech Tyczyński	2428ade32a	Fix leaking goroutines in QuotaEvaluator Kubernetes-commit: 9d974e6e89285e3e0cb7ff928407a3350b224084	2022-05-26 21:10:10 +02:00
Wojciech Tyczyński	5ab2c69c4c	Fix ResourceQuota admission shutdown Kubernetes-commit: f8211d7e447cc6c29139ebf3422f0752278d6da1	2022-05-18 19:30:23 +02:00
David Eads	25c5c2ccf3	Handle panic during validating admission webhook admission Validating admission webhook evaluation can fail, if uncaught this crashes a kube-apiserver. Add handling to catch panic while preserving the behavior of "must not fail". Kubernetes-commit: d412bf92b3b02bda93707c6aaba945f28bf60c72	2022-03-16 13:47:32 -04:00
Steve Kuznetsov	80256820ce	storage: move the APIObjectVersioner definition to storage The means by which we extract and parse the version of an API object is not specific to etcd3. In order to allow for a generic suite of tests against any storage.Interface imlpementation, we need this logic to live outside of the etcd3 package, or import cycles will exist. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> Kubernetes-commit: 3939f3003e9605c06f65e64d1fc6f94b294f9d97	2022-05-11 07:44:21 -07:00
Abu Kashem	72aa2c42fc	refactor: rename webhook duration tracker Kubernetes-commit: 4a9b9028153c6984b9cf69067cc0a1aa12a00e73	2022-02-01 15:44:59 -05:00
Luigi Tagliamonte	dccc77dd13	add failopen metric Kubernetes-commit: 6542f4bb993ebec23ec2198aaba89b629e3ec831	2021-12-21 14:11:12 -08:00
Davanum Srinivas	56a3a30ae1	Check in OWNERS modified by update-yamlfmt.sh Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d	2021-12-09 21:31:26 -05:00
Paweł Banaszewski	78c055e084	Added requestSloLatencies metric Kubernetes-commit: 0afa569499d480df4977568454a50790891860f5	2021-10-25 22:19:24 +00:00
Jordan Liggitt	18b69ef17d	Switch from json-iterator to utiljson Kubernetes-commit: bba877d3a6d0e6498d5e43a54939d5e4e8baee1a	2021-09-14 17:54:37 -04:00
wojtekt	b898581360	Migrate to k8s.io/utils/clock in apiserver Kubernetes-commit: 859a98c0358610e2c127cd2fba1be601ca975188	2021-09-14 20:36:07 +02:00
Stephen Augustus	771ffe6475	generated: Run hack/update-gofmt.sh Signed-off-by: Stephen Augustus <foo@auggie.dev> Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540	2021-08-12 17:13:11 -04:00
Ryan Moriarty	0741f109f6	Add a new webhook metric tracking request totals. Also add a 1.0s bucket boundary to the webhook latency metric. Kubernetes-commit: 8ed1628a6e75f4029853502dbac44fdb0edac5fc	2021-06-22 22:32:47 +00:00
Sergiusz Urbaniak	2402d951d2	Revert "Add a namespace label to admission metrics and expand histogram range to 0-10s" Kubernetes-commit: 1a87ae19a62d0c61afa6b381a54c6798effa49eb	2021-07-30 14:34:45 +02:00
Davanum Srinivas	fe1610f3fe	switch from golang-lru to the one in k8s.io/utils Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 79d0c6cdc10293c9bfe644ce31dc186a936579b0	2021-07-07 13:45:07 -04:00
Dinghua Li	7edb7c1c1e	Add attr to the argument list of ObserveWebhookRejection, and remove operation, as it is included in attr. Kubernetes-commit: fb23e449ab680bc53fc1aae826e377c1153d51e4	2021-05-18 17:42:02 +00:00
Xiaojun Hu	f9b4d95442	add fail-open audit logs to validating and mutating admission webhook Kubernetes-commit: 9fe7c8955bcb1edbb5aa4fe6bfb8bb6d93d381de	2021-05-18 13:31:03 -04:00
Steve Kuznetsov	8c01d7fe18	apiserver: wrap errors in admission with context When the API server encounters an error during admission webhook handling, lower-level errors are bubbled up without any additional context added. This leads to fairly opaque and unintelligible errors. It is not clear to users if the API server itself is having an error (for instance, fetching the REST client) or if the request to the webhook failed in some way. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> Kubernetes-commit: ae9e71ba68cb1dd00bb5ed2635bac9aab2abbafe	2021-04-27 11:19:01 -07:00
lala123912	887895128f	staging/src/k8s.io/apiserver/pkg/admission: migrate to structured logs Kubernetes-commit: 2dc8cadd00962512fa90c460b9fa86a175ca73fc	2021-01-18 17:19:32 +08:00
yoyinzyc	4c292300d7	add context to metrics in apiserver admission webhook Kubernetes-commit: b3aeaa4ed7bf8d419a96b4456a97bdf4c29e4330	2020-12-09 16:46:15 -08:00
pacoxu	ee05a4663e	bugfix: check Spec.AllocateLoadBalancerNodePorts for nodeport and skip zero usage in delta evaluator Signed-off-by: pacoxu <paco.xu@daocloud.io> When Spec.AllocateLoadBalancerNodePorts is "false" NodePort shall not be included when computing quota for type:LoadBalancer. Co-authored-by: uablrek Kubernetes-commit: 15867d9e8a1faf007f6df563c26a9b5e8744b2a1	2020-12-22 19:19:15 +08:00
Ken Sipe	5d58b175c8	fix S1021 var declaration Signed-off-by: Ken Sipe <kensipe@gmail.com> Kubernetes-commit: 6c49299739a9819c3672248517ab3d6636d1d8c6	2020-06-25 17:10:34 -05:00
Marcio Caroso	8e88bf25dd	Fix go lint on folder apimachinery/pkg/runtime/serializer/json Kubernetes-commit: 4b8b9c92bfc4bffe2fbaca3c5a5f731b77dc8915	2020-11-06 20:20:57 -03:00
Andrea Nodari	618f4b129a	Make the creation of namespace using POST and PATCH consistent PATCH verb is used when creating a namespace using server-side apply, while POST verb is used when creating a namespace using client-side apply. The difference in path between the two ways to create a namespace led to an inconsistency when calling webhooks. When server-side apply is used, the request sent to webhooks has the field "namespace" populated with the name of namespace being created. On the other hand, when using client-side apply the "namespace" field is omitted. This commit aims to make the behaviour consistent and populates the "namespace" field when creating a namespace using POST verb (i.e. client-side apply). Kubernetes-commit: 3cb510e33eecbdc37aad14f121396ccfbf5268cb	2020-09-21 12:13:12 +02:00
Haowei Cai	8622b05104	fix duplicate testcase names Kubernetes-commit: c3f71ad5487844e4cdd01702d4df3ac8606ca397	2020-09-17 17:15:05 -07:00
Tim Usner	db03041f4b	Add more tests for LRU cache lookup Kubernetes-commit: cc0b86fa3c5d83ab8023f9403feee3928794f85a	2020-08-04 14:57:45 +02:00
Tim Usner	50305ec465	Move ResourceQuota admission to k8s.io/apiserver Kubernetes-commit: 70d440bc7e3ec31b3f193b85f265b39d629aa3bb	2020-07-29 10:34:39 +02:00
gongguan	ada9fc3d08	extend ShouldCallHook benchmark to verify performance imporvement Kubernetes-commit: 850a913ea98a070e26cc62cbf95508084e8cc66b	2020-07-28 10:09:37 +08:00
gongguan	7e3b5e44da	skip mismatched webhookAccessor and object Kubernetes-commit: c1d78f2619b69585713597e4ffdaeef12b6c20ec	2020-07-01 23:57:04 +08:00
Joe Betz	97937c66f2	Revert nested trace PR#88936 Kubernetes-commit: 02cf58102a61b6d1e021e256381ff750573ce55d	2020-07-20 09:55:05 -07:00
Joe Betz	7a467399ac	Enable nested tracing, add request filter chain tracing incl. authn/authz tracing Kubernetes-commit: b12ac0abc64adb71d97fbde12f373b1424631f20	2020-03-06 16:11:21 -08:00
Jordan Liggitt	ff5372c83d	Add warnings capability for admission webhooks Kubernetes-commit: 5eef60a00aeb18eda4238dbd8f6dc96930a6a05a	2020-06-30 16:27:56 -04:00
Davanum Srinivas	5879417a28	switch over k/k to use klog v2 Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5	2020-04-17 15:25:06 -04:00
Mike Danese	337d7943db	generated: run refactor Kubernetes-commit: 3aa59f7f3077642592dc8a864fcef8ba98699894	2020-02-07 18:16:47 -08:00
Mike Danese	f7c2e26715	cleanup req.Context() and ResponseWrapper Kubernetes-commit: 968adfa99362f733ef82f4aabb34a59dbbd6e56a	2020-01-27 18:52:27 -08:00
Mike Danese	5737088b7f	refactor Kubernetes-commit: d55d6175f8e2cfdab0b79aac72046a652c2eb515	2020-01-27 18:19:44 -08:00
Jordan Liggitt	b858bded65	Promote WebhookAdmissionConfiguration to v1 Kubernetes-commit: 71fad812caf6be07be3c5eabe9fdc39c29f7b2a9	2019-11-12 09:43:35 -05:00
David Eads	331894196f	add featuregate inspection as admission plugin initializer Kubernetes-commit: 675c2fb924e82091f7ce4601e48daf4cc7030e72	2019-11-05 14:28:40 -05:00
Clayton Coleman	3d42d38e70	namespace: Provide a special status cause when a namespace is terminating Clients should be able to identify when a namespace is being terminated and take special action such as backing off or giving up. Add a helper for getting the cause of an error and then add a special cause to the forbidden error that namespace lifecycle admission returns. We can't change the forbidden reason without potentially breaking older clients and so cause is the appropriate tool. Add `StatusCause` and `HasStatusCause` to the errors package to make checking for causes simpler. Add `NamespaceTerminatingCause` to the v1 API as a constant. Kubernetes-commit: a62c5b282fda7c0832d329cde45e5e0a836924e8	2019-10-19 22:57:21 -04:00
Jordan Liggitt	c51b9411f6	Switch admission webhook config manager to v1 Kubernetes-commit: f247e75980061d7cf83c63c0fb1f12c7060c599f	2019-08-01 21:57:39 -04:00

1 2 3 4 5 ...

290 Commits