Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test cases for ValidatingAdmissionPolicy #119409

Merged
merged 3 commits into from Jul 24, 2023
Merged

Add test cases for ValidatingAdmissionPolicy #119409

merged 3 commits into from Jul 24, 2023

Conversation

alexzielenski
Copy link
Contributor

@alexzielenski alexzielenski commented Jul 18, 2023
edited by cici37

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

  • Adds integration test to show ValidatingAdmissionPolicy intercepts all resources
  • Fixes bug with AdmissionRequest construction using the wrong resource during equivalent match
  • This is the last remaining item to address before ValidatingAdmissionPolicy can graduate to beta

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Promoted the feature gate `ValidtaingAdmissionPolicy` to beta and it is turned off by default.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/cici37/enhancements/blob/d83909e5f8683f38ef38dc3276c2d9f667d65290/keps/sig-api-machinery/3488-cel-admission-control/README.md

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note-none Denotes a PR that doesn't merit a release note. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jul 18, 2023
@alexzielenski
Copy link
Contributor Author

/sig api-machinery

@k8s-ci-robot k8s-ci-robot added do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/apiserver and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jul 18, 2023
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 18, 2023
@alexzielenski
Copy link
Contributor Author

/sig api-machinery
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 18, 2023
@alexzielenski alexzielenski mentioned this pull request Jul 20, 2023
Merged
43 tasks
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 21, 2023
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 21, 2023
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jul 21, 2023
edited

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. area/code-generation area/release-eng Issues or PRs related to the Release Engineering subproject area/test kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jul 21, 2023
@cici37
Copy link
Contributor

cici37 commented Jul 24, 2023

/milestone v1.28
Since we got exception on the KEP 3488, and this will be the last PR required for 1.28. Thank you!

@k8s-ci-robot k8s-ci-robot added this to the v1.28 milestone Jul 24, 2023
jpbetz
jpbetz approved these changes Jul 24, 2023
View reviewed changes
Copy link
Contributor

@jpbetz jpbetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 24, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: d76b7870d2bfc66460edbcf6bd2215b09ceb987b

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alexzielenski, deads2k, jpbetz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@alexzielenski
add admission policy integration test all resources
3b9af47 
duplicates a lot of existing webhook integration test code
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 24, 2023
@k8s-ci-robot k8s-ci-robot requested a review from jpbetz July 24, 2023 17:58
@cici37
Copy link
Contributor

cici37 commented Jul 24, 2023

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 24, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 27ac0cd370189f3e212af6eb59e5eec5a9f35e98

@alexzielenski
Copy link
Contributor Author

/retest

1 similar comment
@alexzielenski
Copy link
Contributor Author

/retest

@cici37
Copy link
Contributor

cici37 commented Jul 24, 2023
edited

Note: pull-kubernetes-e2e-gce-cos-alpha-features is accidentally turned on in this PR which is not used/touched by the current PR(We are using pull-kubernetes-e2e-kind-alpha-features for the ValidatingAdmissionPolicy related e2e tests.) The failure of pull-kubernetes-e2e-gce-cos-alpha-features should neither be an concern nor blocking this PR from merging.
/skip pull-kubernetes-e2e-gce-cos-alpha-features

@cici37
Copy link
Contributor

cici37 commented Jul 24, 2023

/skip pull-kubernetes-e2e-gce-cos-alpha-features

@cici37
Copy link
Contributor

cici37 commented Jul 24, 2023

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 24, 2023
@jpbetz
Copy link
Contributor

jpbetz commented Jul 24, 2023

/retest

1 similar comment
@jpbetz
Copy link
Contributor

jpbetz commented Jul 24, 2023

/retest

@k8s-ci-robot k8s-ci-robot merged commit b538305 into kubernetes:master Jul 24, 2023
13 of 14 checks passed
SIG Node PR Triage automation moved this from Triage to Done Jul 24, 2023
@cici37
Copy link
Contributor

cici37 commented Jul 25, 2023

/release-note Promoted the feature gate ValidtaingAdmissionPolicy to beta and it is turned off by default.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Jul 25, 2023
@alexzielenski
Copy link
Contributor Author

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cici37 cici37 cici37 left review comments

@jpbetz jpbetz Awaiting requested review from jpbetz

Assignees

@jpbetz jpbetz

@cici37 cici37

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/code-generation area/release-eng Issues or PRs related to the Release Engineering subproject area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/release Categorizes an issue or PR as relevant to SIG Release. sig/storage Categorizes an issue or PR as relevant to SIG Storage. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
SIG Node PR Triage
Done
[sig-release] Bug Triage
Archived in project
Milestone
v1.28
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@alexzielenski @cubxxw @k8s-ci-robot @deads2k @cici37 @jpbetz