-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
335 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# To get started with Dependabot version updates, you'll need to specify which | ||
# package ecosystems to update and where the package manifests are located. | ||
# Please see the documentation for all configuration options: | ||
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "gomod" # See documentation for possible values | ||
directory: "/" # Location of package manifests | ||
schedule: | ||
interval: "weekly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
name: Test | ||
|
||
on: | ||
push: | ||
branches: [ main ] | ||
pull_request: | ||
branches: [ main ] | ||
|
||
jobs: | ||
build: | ||
name: Test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Set up Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: ^1.16 | ||
|
||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Test | ||
run: go test ./... -coverprofile cover.out -timeout 30m | ||
env: | ||
CGO_ENABLED: 0 | ||
GO111MODULE: on | ||
GOOS: linux | ||
GOARCH: amd64 | ||
|
||
- name: Send coverage | ||
uses: shogo82148/actions-goveralls@v1 | ||
with: | ||
path-to-profile: cover.out |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,213 @@ | ||
package webhook | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
|
||
. "github.com/onsi/ginkgo" | ||
. "github.com/onsi/gomega" | ||
|
||
admissionv1 "k8s.io/api/admission/v1" | ||
corev1 "k8s.io/api/core/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
"sigs.k8s.io/controller-runtime/pkg/client/fake" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" | ||
) | ||
|
||
var _ = Describe("Handler", func() { | ||
Context("Handle", func() { | ||
var ( | ||
decoder *admission.Decoder | ||
) | ||
BeforeEach(func() { | ||
scheme := runtime.NewScheme() | ||
err := corev1.AddToScheme(scheme) | ||
Ω(err).ShouldNot(HaveOccurred()) | ||
decoder, err = admission.NewDecoder(scheme) | ||
Ω(err).ShouldNot(HaveOccurred()) | ||
|
||
}) | ||
It("should deny by default", func() { | ||
result := (&handler{}).Handle(context.TODO(), admission.Request{}) | ||
Ω(result.Allowed).Should(BeFalse()) | ||
}) | ||
It("should validate", func() { | ||
pod := &corev1.Pod{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "foo", | ||
Namespace: "bar", | ||
}, | ||
} | ||
raw, err := json.Marshal(pod) | ||
Ω(err).ShouldNot(HaveOccurred()) | ||
|
||
h := handler{ | ||
Handler: &ValidateFuncs{ | ||
CreateFunc: func(ctx context.Context, request admission.Request) admission.Response { | ||
return admission.Allowed("") | ||
}, | ||
UpdateFunc: func(ctx context.Context, request admission.Request) admission.Response { | ||
return admission.Denied("") | ||
}, | ||
DeleteFunc: func(ctx context.Context, request admission.Request) admission.Response { | ||
return admission.Denied("") | ||
}, | ||
}, | ||
Object: &corev1.Pod{}, | ||
} | ||
err = h.InjectDecoder(decoder) | ||
Ω(err).ShouldNot(HaveOccurred()) | ||
|
||
result := h.Handle(context.TODO(), admission.Request{ | ||
AdmissionRequest: admissionv1.AdmissionRequest{ | ||
Object: runtime.RawExtension{ | ||
Raw: raw, | ||
}, | ||
Operation: admissionv1.Create, | ||
}, | ||
}) | ||
Ω(result.Allowed).Should(BeTrue()) | ||
result = h.Handle(context.TODO(), admission.Request{ | ||
AdmissionRequest: admissionv1.AdmissionRequest{ | ||
Object: runtime.RawExtension{ | ||
Raw: raw, | ||
}, | ||
Operation: admissionv1.Update, | ||
}, | ||
}) | ||
Ω(result.Allowed).Should(BeFalse()) | ||
result = h.Handle(context.TODO(), admission.Request{ | ||
AdmissionRequest: admissionv1.AdmissionRequest{ | ||
Object: runtime.RawExtension{ | ||
Raw: raw, | ||
}, | ||
Operation: admissionv1.Delete, | ||
}, | ||
}) | ||
Ω(result.Allowed).Should(BeFalse()) | ||
|
||
}) | ||
It("should decode object", func() { | ||
pod := &corev1.Pod{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "foo", | ||
Namespace: "bar", | ||
}, | ||
Spec: corev1.PodSpec{ | ||
NodeName: "jin", | ||
}, | ||
} | ||
raw, err := json.Marshal(pod) | ||
Ω(err).ShouldNot(HaveOccurred()) | ||
|
||
h := handler{ | ||
Handler: &MutateFunc{ | ||
Func: func(ctx context.Context, request admission.Request) admission.Response { | ||
if len(request.Object.Raw) > 0 { | ||
Ω(request.Object.Object).Should(Equal(pod)) | ||
} | ||
if len(request.OldObject.Raw) > 0 { | ||
Ω(request.OldObject.Object).Should(Equal(pod)) | ||
} | ||
return admission.Allowed("") | ||
}, | ||
}, | ||
Object: &corev1.Pod{}, | ||
} | ||
err = h.InjectDecoder(decoder) | ||
Ω(err).ShouldNot(HaveOccurred()) | ||
|
||
result := h.Handle(context.TODO(), admission.Request{ | ||
AdmissionRequest: admissionv1.AdmissionRequest{ | ||
Object: runtime.RawExtension{ | ||
Raw: raw, | ||
}, | ||
}, | ||
}) | ||
Ω(result.Allowed).Should(BeTrue()) | ||
|
||
result = h.Handle(context.TODO(), admission.Request{ | ||
AdmissionRequest: admissionv1.AdmissionRequest{ | ||
OldObject: runtime.RawExtension{ | ||
Raw: raw, | ||
}, | ||
}, | ||
}) | ||
Ω(result.Allowed).Should(BeTrue()) | ||
}) | ||
It("should not decode invalid object", func() { | ||
h := handler{ | ||
Handler: &MutateFunc{ | ||
Func: func(ctx context.Context, request admission.Request) admission.Response { | ||
return admission.Allowed("") | ||
}, | ||
}, | ||
Object: &corev1.Pod{}, | ||
} | ||
err := h.InjectDecoder(decoder) | ||
Ω(err).ShouldNot(HaveOccurred()) | ||
|
||
result := h.Handle(context.TODO(), admission.Request{ | ||
AdmissionRequest: admissionv1.AdmissionRequest{ | ||
Object: runtime.RawExtension{ | ||
Raw: []byte{1, 2, 3, 4, 5}, | ||
}, | ||
}, | ||
}) | ||
Ω(result.Allowed).Should(BeFalse()) | ||
|
||
result = h.Handle(context.TODO(), admission.Request{ | ||
AdmissionRequest: admissionv1.AdmissionRequest{ | ||
OldObject: runtime.RawExtension{ | ||
Raw: []byte{1, 2, 3, 4, 5}, | ||
}, | ||
}, | ||
}) | ||
Ω(result.Allowed).Should(BeFalse()) | ||
}) | ||
}) | ||
Context("InjectDecoder", func() { | ||
var ( | ||
decoder *admission.Decoder | ||
) | ||
BeforeEach(func() { | ||
decoder = &admission.Decoder{} | ||
}) | ||
It("should pass decoder to validating webhook", func() { | ||
webhook := ValidatingWebhook{} | ||
Ω((&handler{Handler: &webhook}).InjectDecoder(decoder)).ShouldNot(HaveOccurred()) | ||
Ω(webhook.Decoder).Should(Equal(decoder)) | ||
}) | ||
It("should pass decoder to mutating webhook", func() { | ||
webhook := MutatingWebhook{} | ||
Ω((&handler{Handler: &webhook}).InjectDecoder(decoder)).ShouldNot(HaveOccurred()) | ||
Ω(webhook.Decoder).Should(Equal(decoder)) | ||
}) | ||
It("should never fail if handler not set", func() { | ||
Ω((&handler{}).InjectDecoder(decoder)).ShouldNot(HaveOccurred()) | ||
}) | ||
}) | ||
Context("InjectClient", func() { | ||
var ( | ||
client client.Client | ||
) | ||
BeforeEach(func() { | ||
client = fake.NewClientBuilder().Build() | ||
}) | ||
It("should pass client to validating webhook", func() { | ||
webhook := ValidatingWebhook{} | ||
Ω((&handler{Handler: &webhook}).InjectClient(client)).ShouldNot(HaveOccurred()) | ||
Ω(webhook.Client).Should(Equal(client)) | ||
}) | ||
It("should pass client to mutating webhook", func() { | ||
webhook := MutatingWebhook{} | ||
Ω((&handler{Handler: &webhook}).InjectClient(client)).ShouldNot(HaveOccurred()) | ||
Ω(webhook.Client).Should(Equal(client)) | ||
}) | ||
It("should never fail if handler not set", func() { | ||
Ω((&handler{}).InjectClient(client)).ShouldNot(HaveOccurred()) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
package webhook_test | ||
|
||
import ( | ||
"context" | ||
|
||
. "github.com/onsi/ginkgo" | ||
. "github.com/onsi/gomega" | ||
|
||
"github.com/snorwin/k8s-generic-webhook/pkg/webhook" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" | ||
) | ||
|
||
var _ = Describe("Mutating Webhook", func() { | ||
Context("MutateFunc", func() { | ||
It("should by default allow all", func() { | ||
result := (&webhook.MutateFunc{}).Mutate(context.TODO(), admission.Request{}) | ||
Ω(result.Allowed).Should(BeTrue()) | ||
}) | ||
It("should use defined functions", func() { | ||
result := (&webhook.MutateFunc{ | ||
Func: func(ctx context.Context, _ admission.Request) admission.Response { | ||
return admission.Denied("") | ||
}, | ||
}).Mutate(context.TODO(), admission.Request{}) | ||
Ω(result.Allowed).Should(BeFalse()) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package webhook_test | ||
|
||
import ( | ||
"context" | ||
|
||
. "github.com/onsi/ginkgo" | ||
. "github.com/onsi/gomega" | ||
|
||
"github.com/snorwin/k8s-generic-webhook/pkg/webhook" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" | ||
) | ||
|
||
var _ = Describe("Validating Webhook", func() { | ||
Context("ValidateFuncs", func() { | ||
It("should by default allow all", func() { | ||
result := (&webhook.ValidateFuncs{}).ValidateCreate(context.TODO(), admission.Request{}) | ||
Ω(result.Allowed).Should(BeTrue()) | ||
result = (&webhook.ValidateFuncs{}).ValidateUpdate(context.TODO(), admission.Request{}) | ||
Ω(result.Allowed).Should(BeTrue()) | ||
result = (&webhook.ValidateFuncs{}).ValidateDelete(context.TODO(), admission.Request{}) | ||
Ω(result.Allowed).Should(BeTrue()) | ||
}) | ||
It("should use defined functions", func() { | ||
result := (&webhook.ValidateFuncs{ | ||
CreateFunc: func(ctx context.Context, _ admission.Request) admission.Response { | ||
return admission.Denied("") | ||
}, | ||
}).ValidateCreate(context.TODO(), admission.Request{}) | ||
Ω(result.Allowed).Should(BeFalse()) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package webhook_test | ||
|
||
import ( | ||
"testing" | ||
|
||
. "github.com/onsi/ginkgo" | ||
. "github.com/onsi/gomega" | ||
) | ||
|
||
func TestWebhook(t *testing.T) { | ||
RegisterFailHandler(Fail) | ||
RunSpecs(t, "Webhook Test Suite") | ||
} |