-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
webhook integration tests for non persistent resources #76959
webhook integration tests for non persistent resources #76959
Conversation
/cc @liggitt |
/release-note-none |
@@ -108,5 +108,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
tokenReview.Status.Audiences = resp.Audiences | |||
} | |||
|
|||
if createValidation != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do this on line 70, after we've validated but before we take action based on the review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -75,5 +75,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
localSubjectAccessReview.Status.EvaluationError = evaluationErr.Error() | |||
} | |||
|
|||
if createValidation != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move to line 65, after validation, before action
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -78,5 +78,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
selfSAR.Status.EvaluationError = evaluationErr.Error() | |||
} | |||
|
|||
if createValidation != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move to line 62
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -79,6 +79,12 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
ret.Status.EvaluationError = err.Error() | |||
} | |||
|
|||
if createValidation != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move to line 68
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -67,5 +67,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
subjectAccessReview.Status.EvaluationError = evaluationErr.Error() | |||
} | |||
|
|||
if createValidation != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move to line 57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -852,6 +926,25 @@ func createOrGetResource(client dynamic.Interface, gvr schema.GroupVersionResour | |||
return client.Resource(gvr).Namespace(ns).Create(stubObj, metav1.CreateOptions{}) | |||
} | |||
|
|||
func createOrGetNonPersistentResource(client dynamic.Interface, gvr schema.GroupVersionResource, resource metav1.APIResource) (*unstructured.Unstructured, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this function isn't used, remove?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
gvr("", "v1", "namespaces"): {"delete": testNamespaceDelete}, | ||
gvr("apps", "v1beta1", "deployments/rollback"): {"create": testDeploymentRollback}, | ||
gvr("extensions", "v1beta1", "deployments/rollback"): {"create": testDeploymentRollback}, | ||
gvr("authentication.k8s.io", "v1", "tokenreviews"): {"create": testNonPersistentResourceCreate}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, add a blank line here to group all the types that use testNonPersistentResourceCreate
(will need to be rebased anyway)
@@ -128,18 +129,52 @@ var ( | |||
parentResources = map[schema.GroupVersionResource]schema.GroupVersionResource{ | |||
gvr("extensions", "v1beta1", "replicationcontrollers/scale"): gvr("", "v1", "replicationcontrollers"), | |||
} | |||
|
|||
nonPersistentObjects = map[schema.GroupVersionResource]etcd.StorageData{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: nonPersistentReviewObjects
(to distinguish between this and other non-persistent subresources)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
simplify this to map[schema.GroupVersionResource]string
, no need to nest the Stub field
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer to keep the same name nonPersistentObjects
in case GetStubObject can be used as a generic func to get stubs either from persistent or a non persistent data sources. If Reviews specific name is used then adding other non persistent type of object would require change of func..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
@@ -833,6 +894,19 @@ func getStubObj(gvr schema.GroupVersionResource, resource metav1.APIResource) (* | |||
return stubObj, nil | |||
} | |||
|
|||
func getNonPersistentStubObj(gvr schema.GroupVersionResource, resource metav1.APIResource) (*unstructured.Unstructured, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
inline this into testNonPersistentResourceCreate, we have no other callers
looks good, thanks for helping knock these out a few comments, and will need a rebase once #76911 merges |
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
} | ||
// excludedResources lists resources / verb combinations that are not yet tested. this set should trend to zero. | ||
excludedResources = map[schema.GroupVersionResource]sets.String{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
go ahead and delete excludedResources
and drop the code that checks it. 100% coverage 🎉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, will do.. but we do not want to keep it as a place holder in case it is needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't want a convenient way for people to skip this test :)
if we really need it in the future for some unforeseen reason, we can add it back
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
/lgtm |
/test pull-kubernetes-kubemark-e2e-gce-big |
@liggitt Could you approve it please.. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, sbezverk The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/priority important-soon |
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
Adds integration tests for webhook admission for:
non persistent resources
Which issue(s) this PR fixes:
xref #76907
Does this PR introduce a user-facing change?: