-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OCPBUGS-33378: Verify Build Webhooks on Upgrade
Updating the build suite test to verify the unautenticated build webhook behavior on upgrade. For clusters upgrading from v4.15 or earlier to v4.16, unauthenticated webhooks should continue to be allowed. For clusters that upgrade from v4.16 to a later version, unauthenticated webhooks should be denied by default. Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
- Loading branch information
1 parent
d5836ab
commit cdcc3ef
Showing
4 changed files
with
138 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| // Package clusterversion contains utitlities to access version information for the cluster. | ||
| package clusterversion |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| package clusterversion | ||
|
|
||
| import ( | ||
| "strings" | ||
|
|
||
| "golang.org/x/mod/semver" | ||
|
|
||
| configv1 "github.com/openshift/api/config/v1" | ||
| ) | ||
|
|
||
| // IsUpgradedFromMinorVersion returns true if the cluster has been upgraded from or through the given version. | ||
| // This will only check for X.Y version upgrades - it will ignore patch/z-stream versions. | ||
| // Returns false if the input version is not a semver. | ||
| func IsUpgradedFromMinorVersion(version string, cv *configv1.ClusterVersion) bool { | ||
| fromMajorMinor := majorMinorVersion(version) | ||
| if !semver.IsValid(fromMajorMinor) { | ||
| return false | ||
| } | ||
|
|
||
| beforeOrAtVersionFound := false | ||
| atOrLaterVersionFound := false | ||
|
|
||
| // History is always ordered from most recent to oldest. | ||
| for _, history := range cv.Status.History { | ||
| historyMajorMinor := majorMinorVersion(history.Version) | ||
| // Version in history can be empty or not a semver. Skip in this case. | ||
| if !semver.IsValid(historyMajorMinor) { | ||
| continue | ||
| } | ||
| if semver.Compare(historyMajorMinor, fromMajorMinor) >= 0 { | ||
| atOrLaterVersionFound = true | ||
| } | ||
| if semver.Compare(historyMajorMinor, fromMajorMinor) <= 0 { | ||
| beforeOrAtVersionFound = true | ||
| } | ||
| } | ||
| return beforeOrAtVersionFound && atOrLaterVersionFound | ||
| } | ||
|
|
||
| func majorMinorVersion(version string) string { | ||
| if !strings.HasPrefix(version, "v") { | ||
| version = "v" + version | ||
| } | ||
| return semver.MajorMinor(version) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| package clusterversion | ||
|
|
||
| import ( | ||
| "testing" | ||
|
|
||
| configv1 "github.com/openshift/api/config/v1" | ||
| ) | ||
|
|
||
| func TestIsUpgradedFromMinorVersion(t *testing.T) { | ||
| cases := []struct { | ||
| Name string | ||
| UpgradeFromVersion string | ||
| VersionHistory []string | ||
| Expected bool | ||
| }{ | ||
| { | ||
| Name: "no history", | ||
| UpgradeFromVersion: "4.15", | ||
| Expected: false, | ||
| }, | ||
| { | ||
| Name: "upgraded to 4.16 from 4.15", | ||
| UpgradeFromVersion: "4.15", | ||
| VersionHistory: []string{"4.16.0", "4.15.9", "4.15.7", "4.15.2"}, | ||
| Expected: true, | ||
| }, | ||
| { | ||
| Name: "upgraded to 4.16 from 4.14", | ||
| UpgradeFromVersion: "4.15", | ||
| VersionHistory: []string{"4.16.0", "4.15.9", "4.15.7", "4.15.2", "4.14.9"}, | ||
| Expected: true, | ||
| }, | ||
| { | ||
| Name: "skip odd minor version", | ||
| UpgradeFromVersion: "4.15", | ||
| VersionHistory: []string{"4.16.0", "4.14.9", "4.14.2", "4.12.14", "4.12.8"}, | ||
| Expected: true, | ||
| }, | ||
| { | ||
| Name: "not reached upgrade", | ||
| UpgradeFromVersion: "4.15", | ||
| VersionHistory: []string{"4.14.0", "4.13.9", "4.13.2", "4.12.14", "4.12.8"}, | ||
| Expected: false, | ||
| }, | ||
| { | ||
| Name: "invalid version", | ||
| UpgradeFromVersion: "bad-data", | ||
| VersionHistory: []string{"4.16.0", "4.15.9", "4.15.7"}, | ||
| Expected: false, | ||
| }, | ||
| } | ||
| for _, tc := range cases { | ||
| t.Run(tc.Name, func(t *testing.T) { | ||
| history := []configv1.UpdateHistory{} | ||
| for _, version := range tc.VersionHistory { | ||
| history = append(history, configv1.UpdateHistory{ | ||
| Version: version, | ||
| }) | ||
| } | ||
| cv := &configv1.ClusterVersion{ | ||
| Status: configv1.ClusterVersionStatus{ | ||
| History: history, | ||
| }, | ||
| } | ||
| upgraded := IsUpgradedFromMinorVersion(tc.UpgradeFromVersion, cv) | ||
| if upgraded != tc.Expected { | ||
| t.Errorf("expected %v, got %v", tc.Expected, upgraded) | ||
| } | ||
| }) | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters