webhook integration tests for non persistent resources #76959
Conversation
k8s-ci-robot
added
kind/cleanup
k8s-ci-robot
added
area/test
sig/auth
|
/cc @liggitt |
|
/release-note-none |
k8s-ci-robot
added
release-note-none
| @@ -108,5 +108,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
| tokenReview.Status.Audiences = resp.Audiences | |||
| } | |||
|
|
|||
| if createValidation != nil { | |||
There was a problem hiding this comment.
do this on line 70, after we've validated but before we take action based on the review
| @@ -75,5 +75,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
| localSubjectAccessReview.Status.EvaluationError = evaluationErr.Error() | |||
| } | |||
|
|
|||
| if createValidation != nil { | |||
There was a problem hiding this comment.
move to line 65, after validation, before action
| @@ -78,5 +78,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
| selfSAR.Status.EvaluationError = evaluationErr.Error() | |||
| } | |||
|
|
|||
| if createValidation != nil { | |||
| @@ -79,6 +79,12 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
| ret.Status.EvaluationError = err.Error() | |||
| } | |||
|
|
|||
| if createValidation != nil { | |||
| @@ -67,5 +67,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
| subjectAccessReview.Status.EvaluationError = evaluationErr.Error() | |||
| } | |||
|
|
|||
| if createValidation != nil { | |||
| @@ -852,6 +926,25 @@ func createOrGetResource(client dynamic.Interface, gvr schema.GroupVersionResour | |||
| return client.Resource(gvr).Namespace(ns).Create(stubObj, metav1.CreateOptions{}) | |||
| } | |||
|
|
|||
| func createOrGetNonPersistentResource(client dynamic.Interface, gvr schema.GroupVersionResource, resource metav1.APIResource) (*unstructured.Unstructured, error) { | |||
There was a problem hiding this comment.
this function isn't used, remove?
| gvr("", "v1", "namespaces"): {"delete": testNamespaceDelete}, | ||
| gvr("apps", "v1beta1", "deployments/rollback"): {"create": testDeploymentRollback}, | ||
| gvr("extensions", "v1beta1", "deployments/rollback"): {"create": testDeploymentRollback}, | ||
| gvr("authentication.k8s.io", "v1", "tokenreviews"): {"create": testNonPersistentResourceCreate}, |
There was a problem hiding this comment.
nit, add a blank line here to group all the types that use testNonPersistentResourceCreate (will need to be rebased anyway)
| @@ -128,18 +129,52 @@ var ( | |||
| parentResources = map[schema.GroupVersionResource]schema.GroupVersionResource{ | |||
| gvr("extensions", "v1beta1", "replicationcontrollers/scale"): gvr("", "v1", "replicationcontrollers"), | |||
| } | |||
|
|
|||
| nonPersistentObjects = map[schema.GroupVersionResource]etcd.StorageData{ | |||
There was a problem hiding this comment.
nit: nonPersistentReviewObjects (to distinguish between this and other non-persistent subresources)
There was a problem hiding this comment.
simplify this to map[schema.GroupVersionResource]string, no need to nest the Stub field
There was a problem hiding this comment.
I would prefer to keep the same name nonPersistentObjects in case GetStubObject can be used as a generic func to get stubs either from persistent or a non persistent data sources. If Reviews specific name is used then adding other non persistent type of object would require change of func..
| @@ -833,6 +894,19 @@ func getStubObj(gvr schema.GroupVersionResource, resource metav1.APIResource) (* | |||
| return stubObj, nil | |||
| } | |||
|
|
|||
| func getNonPersistentStubObj(gvr schema.GroupVersionResource, resource metav1.APIResource) (*unstructured.Unstructured, error) { | |||
There was a problem hiding this comment.
inline this into testNonPersistentResourceCreate, we have no other callers
|
looks good, thanks for helping knock these out a few comments, and will need a rebase once #76911 merges |
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
| } | ||
| // excludedResources lists resources / verb combinations that are not yet tested. this set should trend to zero. | ||
| excludedResources = map[schema.GroupVersionResource]sets.String{} |
There was a problem hiding this comment.
go ahead and delete excludedResources and drop the code that checks it. 100% coverage 🎉
There was a problem hiding this comment.
ok, will do.. but we do not want to keep it as a place holder in case it is needed?
There was a problem hiding this comment.
I don't want a convenient way for people to skip this test :)
if we really need it in the future for some unforeseen reason, we can add it back
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/test pull-kubernetes-kubemark-e2e-gce-big |
|
@liggitt Could you approve it please.. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, sbezverk The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/priority important-soon |
k8s-ci-robot
added
priority/important-soon
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
Adds integration tests for webhook admission for:
non persistent resources
Which issue(s) this PR fixes:
xref #76907
Does this PR introduce a user-facing change?: