Skip to content

Commit

Permalink
enable webhooks for alpha resources (#1321)
Browse files Browse the repository at this point in the history 
* enable webhooks for alpha resources

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* clean up transport test

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* update alpha api test, webhook error message was changed

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
  • Loading branch information
@mhenriks
mhenriks committed Aug 1, 2020
1 parent 6dce12f commit 8b9ce68
Show file tree
Hide file tree
Showing 19 changed files with 197 additions and 90 deletions.
2 changes: 2 additions & 0 deletions hack/build/build-functest.sh
View file
Expand Up @@ -18,5 +18,7 @@ script_dir="$(readlink -f $(dirname $0))"
source "${script_dir}"/common.sh

mkdir -p ${TESTS_OUT_DIR}/
# use vendor
export GO111MODULE=off
ginkgo build ${CDI_DIR}/tests/
mv ${CDI_DIR}/tests/tests.test ${TESTS_OUT_DIR}/
6 changes: 3 additions & 3 deletions hack/build/build-manifests.sh
View file
Expand Up @@ -20,7 +20,7 @@ source "${script_dir}"/config.sh

generator="${BIN_DIR}/manifest-generator"

(cd "${CDI_DIR}/tools/manifest-generator/" && go build -o "${generator}" ./...)
(cd "${CDI_DIR}/tools/manifest-generator/" && GO111MODULE=off go build -o "${generator}" ./...)

echo "DOCKER_PREFIX=${DOCKER_PREFIX}"
echo "DOCKER_TAG=${DOCKER_TAG}"
Expand All @@ -33,9 +33,9 @@ source "${script_dir}"/resource-generator.sh
mkdir -p "${MANIFEST_GENERATED_DIR}/"

#generate operator related manifests used to deploy cdi with operator-framework
generateResourceManifest $generator $MANIFEST_GENERATED_DIR "operator" "everything" "operator-everything.yaml.in"
generateResourceManifest $generator $MANIFEST_GENERATED_DIR "operator" "everything" "operator-everything.yaml.in"

#process templated manifests and populate them with generated manifests
tempDir=${MANIFEST_TEMPLATE_DIR}
processDirTemplates ${tempDir} ${OUT_DIR}/manifests ${OUT_DIR}/manifests/templates ${generator} ${MANIFEST_GENERATED_DIR}
processDirTemplates ${tempDir} ${OUT_DIR}/manifests ${OUT_DIR}/manifests/templates ${generator} ${MANIFEST_GENERATED_DIR}
processDirTemplates ${tempDir}/release ${OUT_DIR}/manifests/release ${OUT_DIR}/manifests/templates/release ${generator} ${MANIFEST_GENERATED_DIR}
2 changes: 1 addition & 1 deletion hack/build/run-unit-tests.sh
View file
Expand Up @@ -21,7 +21,7 @@ source hack/build/common.sh

# parsetTestOpts sets 'pkgs' and test_args
parseTestOpts "${@}"

export GO111MODULE=off
test_command="go test -v -coverprofile=.coverprofile -test.timeout 180m ${pkgs} ${test_args:+-args $test_args}"
echo "${test_command}"
${test_command}
2 changes: 2 additions & 0 deletions hack/update-codegen.sh
View file
Expand Up @@ -18,6 +18,8 @@ set -o errexit
set -o nounset
set -o pipefail

export GO111MODULE=off

SCRIPT_ROOT=$(readlink -f $(dirname ${BASH_SOURCE})/..)
CODEGEN_PKG=${CODEGEN_PKG:-$(
cd ${SCRIPT_ROOT}
Expand Down
1 change: 1 addition & 0 deletions pkg/apiserver/webhooks/BUILD.bazel
View file
Expand Up @@ -12,6 +12,7 @@ go_library(
importpath = "kubevirt.io/containerized-data-importer/pkg/apiserver/webhooks",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/core/v1alpha1:go_default_library",
"//pkg/apis/core/v1beta1:go_default_library",
"//pkg/client/clientset/versioned:go_default_library",
"//pkg/clone:go_default_library",
Expand Down
5 changes: 3 additions & 2 deletions pkg/apiserver/webhooks/cdi-validate.go
View file
Expand Up @@ -20,6 +20,7 @@
package webhooks

import (
"encoding/json"
"fmt"

admissionv1beta1 "k8s.io/api/admission/v1beta1"
Expand Down Expand Up @@ -75,11 +76,11 @@ func (wh *cdiValidatingWebhook) Admit(ar admissionv1beta1.AdmissionReview) *admi

func (wh *cdiValidatingWebhook) getResource(ar admissionv1beta1.AdmissionReview) (*cdiv1.CDI, error) {
var cdi *cdiv1.CDI
deserializer := codecs.UniversalDeserializer()

if len(ar.Request.OldObject.Raw) > 0 {
cdi = &cdiv1.CDI{}
if _, _, err := deserializer.Decode(ar.Request.OldObject.Raw, nil, cdi); err != nil {
err := json.Unmarshal(ar.Request.OldObject.Raw, cdi)
if err != nil {
return nil, err
}
} else if len(ar.Request.Name) > 0 {
Expand Down
7 changes: 4 additions & 3 deletions pkg/apiserver/webhooks/datavolume-mutate.go
View file
Expand Up @@ -20,6 +20,8 @@
package webhooks

import (
"encoding/json"

admissionv1beta1 "k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8sfield "k8s.io/apimachinery/pkg/util/validation/field"
Expand Down Expand Up @@ -47,15 +49,14 @@ var (

func (wh *dataVolumeMutatingWebhook) Admit(ar admissionv1beta1.AdmissionReview) *admissionv1beta1.AdmissionResponse {
var dataVolume, oldDataVolume cdiv1.DataVolume
deserializer := codecs.UniversalDeserializer()

klog.V(3).Infof("Got AdmissionReview %+v", ar)

if err := validateDataVolumeResource(ar); err != nil {
return toAdmissionResponseError(err)
}

if _, _, err := deserializer.Decode(ar.Request.Object.Raw, nil, &dataVolume); err != nil {
if err := json.Unmarshal(ar.Request.Object.Raw, &dataVolume); err != nil {
return toAdmissionResponseError(err)
}

Expand All @@ -80,7 +81,7 @@ func (wh *dataVolumeMutatingWebhook) Admit(ar admissionv1beta1.AdmissionReview)
}

if ar.Request.Operation == admissionv1beta1.Update {
if _, _, err := deserializer.Decode(ar.Request.OldObject.Raw, nil, &oldDataVolume); err != nil {
if err := json.Unmarshal(ar.Request.OldObject.Raw, &oldDataVolume); err != nil {
return toAdmissionResponseError(err)
}

Expand Down
27 changes: 19 additions & 8 deletions pkg/apiserver/webhooks/handler.go
View file
Expand Up @@ -35,6 +35,7 @@ import (
"k8s.io/client-go/kubernetes"
"k8s.io/klog"

cdiv1alpha1 "kubevirt.io/containerized-data-importer/pkg/apis/core/v1alpha1"
cdiv1 "kubevirt.io/containerized-data-importer/pkg/apis/core/v1beta1"
cdiclient "kubevirt.io/containerized-data-importer/pkg/client/clientset/versioned"
"kubevirt.io/containerized-data-importer/pkg/common"
Expand Down Expand Up @@ -159,16 +160,26 @@ func allowedAdmissionResponse() *admissionv1beta1.AdmissionResponse {
}

func validateDataVolumeResource(ar v1beta1.AdmissionReview) error {
resource := metav1.GroupVersionResource{
Group: cdiv1.SchemeGroupVersion.Group,
Version: cdiv1.SchemeGroupVersion.Version,
Resource: "datavolumes",
resources := []metav1.GroupVersionResource{
{
Group: cdiv1.SchemeGroupVersion.Group,
Version: cdiv1.SchemeGroupVersion.Version,
Resource: "datavolumes",
},
{
Group: cdiv1alpha1.SchemeGroupVersion.Group,
Version: cdiv1alpha1.SchemeGroupVersion.Version,
Resource: "datavolumes",
},
}
if ar.Request.Resource != resource {
klog.Errorf("resource is %s but request is: %s", resource, ar.Request.Resource)
return fmt.Errorf("expect resource to be '%s'", resource.Resource)
for _, resource := range resources {
if ar.Request.Resource == resource {
return nil
}
}
return nil

klog.Errorf("resource is %s but request is: %s", resources[0], ar.Request.Resource)
return fmt.Errorf("expect resource to be '%s'", resources[0].Resource)
}

func toPatchResponse(original, current interface{}) *admissionv1beta1.AdmissionResponse {
Expand Down
2 changes: 2 additions & 0 deletions pkg/apiserver/webhooks/scheme.go
View file
Expand Up @@ -21,6 +21,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/serializer"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"

cdiv1alpha1 "kubevirt.io/containerized-data-importer/pkg/apis/core/v1alpha1"
cdiv1 "kubevirt.io/containerized-data-importer/pkg/apis/core/v1beta1"
)

Expand All @@ -36,4 +37,5 @@ func addToScheme(scheme *runtime.Scheme) {
utilruntime.Must(admissionv1beta1.AddToScheme(scheme))
utilruntime.Must(admissionregistrationv1beta1.AddToScheme(scheme))
utilruntime.Must(cdiv1.AddToScheme(scheme))
utilruntime.Must(cdiv1alpha1.AddToScheme(scheme))
}
1 change: 1 addition & 0 deletions pkg/operator/resources/cluster/BUILD.bazel
View file
Expand Up @@ -14,6 +14,7 @@ go_library(
importpath = "kubevirt.io/containerized-data-importer/pkg/operator/resources/cluster",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/core/v1alpha1:go_default_library",
"//pkg/apis/core/v1beta1:go_default_library",
"//pkg/apis/upload/v1beta1:go_default_library",
"//pkg/operator/resources/utils:go_default_library",
Expand Down
34 changes: 22 additions & 12 deletions pkg/operator/resources/cluster/apiserver.go
View file
Expand Up @@ -29,6 +29,7 @@ import (
apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
"sigs.k8s.io/controller-runtime/pkg/client"

cdicorev1alpha1 "kubevirt.io/containerized-data-importer/pkg/apis/core/v1alpha1"
cdicorev1 "kubevirt.io/containerized-data-importer/pkg/apis/core/v1beta1"
cdiuploadv1 "kubevirt.io/containerized-data-importer/pkg/apis/upload/v1beta1"
"kubevirt.io/containerized-data-importer/pkg/operator/resources/utils"
Expand Down Expand Up @@ -193,10 +194,13 @@ func createDataVolumeValidatingWebhook(namespace string, c client.Client, l logr
admissionregistrationv1beta1.Update,
},
Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{cdicorev1.SchemeGroupVersion.Group},
APIVersions: []string{cdicorev1.SchemeGroupVersion.Version},
Resources: []string{"datavolumes"},
Scope: &allScopes,
APIGroups: []string{cdicorev1.SchemeGroupVersion.Group},
APIVersions: []string{
cdicorev1.SchemeGroupVersion.Version,
cdicorev1alpha1.SchemeGroupVersion.Version,
},
Resources: []string{"datavolumes"},
Scope: &allScopes,
},
}},
ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Expand Down Expand Up @@ -259,10 +263,13 @@ func createCDIValidatingWebhook(namespace string, c client.Client, l logr.Logger
admissionregistrationv1beta1.Delete,
},
Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{cdicorev1.SchemeGroupVersion.Group},
APIVersions: []string{cdicorev1.SchemeGroupVersion.Version},
Resources: []string{"cdis"},
Scope: &allScopes,
APIGroups: []string{cdicorev1.SchemeGroupVersion.Group},
APIVersions: []string{
cdicorev1.SchemeGroupVersion.Version,
cdicorev1alpha1.SchemeGroupVersion.Version,
},
Resources: []string{"cdis"},
Scope: &allScopes,
},
}},
ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Expand Down Expand Up @@ -330,10 +337,13 @@ func createDataVolumeMutatingWebhook(namespace string, c client.Client, l logr.L
admissionregistrationv1beta1.Update,
},
Rule: admissionregistrationv1beta1.Rule{
APIGroups: []string{cdicorev1.SchemeGroupVersion.Group},
APIVersions: []string{cdicorev1.SchemeGroupVersion.Version},
Resources: []string{"datavolumes"},
Scope: &allScopes,
APIGroups: []string{cdicorev1.SchemeGroupVersion.Group},
APIVersions: []string{
cdicorev1.SchemeGroupVersion.Version,
cdicorev1alpha1.SchemeGroupVersion.Version,
},
Resources: []string{"datavolumes"},
Scope: &allScopes,
},
}},
ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
Expand Down
1 change: 1 addition & 0 deletions tests/BUILD.bazel
View file
Expand Up @@ -35,6 +35,7 @@ go_test(
],
embed = [":go_default_library"],
deps = [
"//pkg/apis/core/v1alpha1:go_default_library",
"//pkg/apis/core/v1beta1:go_default_library",
"//pkg/client/clientset/versioned:go_default_library",
"//pkg/clone:go_default_library",
Expand Down

0 comments on commit 8b9ce68

Please sign in to comment.