Change rest storage Update interface to retrieve updated object

Add OldObject to admission attributes

Update resthandler Patch/Update admission plumbing

Author: liggitt

cmd/integration/integration.go

@@ -53,6 +53,7 @@ import (
 	"k8s.io/kubernetes/pkg/kubelet/dockertools"
 	"k8s.io/kubernetes/pkg/labels"
 	"k8s.io/kubernetes/pkg/master"
+	"k8s.io/kubernetes/pkg/runtime"
 	"k8s.io/kubernetes/pkg/util"
 	"k8s.io/kubernetes/pkg/util/flag"
 	"k8s.io/kubernetes/pkg/util/flowcontrol"
@@ -647,6 +648,105 @@ func runPatchTest(c *client.Client) {
 		}
 	}
 
+	// Test patch with a resource that allows create on update
+	endpointTemplate := &api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Name: "patchendpoint"},
+		Subsets: []api.EndpointSubset{
+			{
+				Addresses: []api.EndpointAddress{{IP: "1.2.3.4"}},
+				Ports:     []api.EndpointPort{{Port: 80, Protocol: api.ProtocolTCP}},
+			},
+		},
+	}
+
+	patchEndpoint := func(json []byte) (runtime.Object, error) {
+		return c.Patch(api.MergePatchType).Resource("endpoints").Namespace(api.NamespaceDefault).Name("patchendpoint").Body(json).Do().Get()
+	}
+
+	// Make sure patch doesn't get to CreateOnUpdate
+	{
+		endpointJSON, err := runtime.Encode(api.Codecs.LegacyCodec(v1.SchemeGroupVersion), endpointTemplate)
+		if err != nil {
+			glog.Fatalf("Failed creating endpoint JSON: %v", err)
+		}
+		if obj, err := patchEndpoint(endpointJSON); !apierrors.IsNotFound(err) {
+			glog.Fatalf("Expected notfound creating from patch, got error=%v and object: %#v", err, obj)
+		}
+	}
+
+	// Create the endpoint (endpoints set AllowCreateOnUpdate=true) to get a UID and resource version
+	createdEndpoint, err := c.Endpoints(api.NamespaceDefault).Update(endpointTemplate)
+	if err != nil {
+		glog.Fatalf("Failed creating endpoint: %v", err)
+	}
+
+	// Make sure identity patch is accepted
+	{
+		endpointJSON, err := runtime.Encode(api.Codecs.LegacyCodec(v1.SchemeGroupVersion), createdEndpoint)
+		if err != nil {
+			glog.Fatalf("Failed creating endpoint JSON: %v", err)
+		}
+		if _, err := patchEndpoint(endpointJSON); err != nil {
+			glog.Fatalf("Failed patching endpoint: %v", err)
+		}
+	}
+
+	// Make sure patch complains about a mismatched resourceVersion
+	{
+		endpointTemplate.Name = ""
+		endpointTemplate.UID = ""
+		endpointTemplate.ResourceVersion = "1"
+		endpointJSON, err := runtime.Encode(api.Codecs.LegacyCodec(v1.SchemeGroupVersion), endpointTemplate)
+		if err != nil {
+			glog.Fatalf("Failed creating endpoint JSON: %v", err)
+		}
+		if _, err := patchEndpoint(endpointJSON); !apierrors.IsConflict(err) {
+			glog.Fatalf("Expected error, got %#v", err)
+		}
+	}
+
+	// Make sure patch complains about mutating the UID
+	{
+		endpointTemplate.Name = ""
+		endpointTemplate.UID = "abc"
+		endpointTemplate.ResourceVersion = ""
+		endpointJSON, err := runtime.Encode(api.Codecs.LegacyCodec(v1.SchemeGroupVersion), endpointTemplate)
+		if err != nil {
+			glog.Fatalf("Failed creating endpoint JSON: %v", err)
+		}
+		if _, err := patchEndpoint(endpointJSON); !apierrors.IsInvalid(err) {
+			glog.Fatalf("Expected error, got %#v", err)
+		}
+	}
+
+	// Make sure patch complains about a mismatched name
+	{
+		endpointTemplate.Name = "changedname"
+		endpointTemplate.UID = ""
+		endpointTemplate.ResourceVersion = ""
+		endpointJSON, err := runtime.Encode(api.Codecs.LegacyCodec(v1.SchemeGroupVersion), endpointTemplate)
+		if err != nil {
+			glog.Fatalf("Failed creating endpoint JSON: %v", err)
+		}
+		if _, err := patchEndpoint(endpointJSON); !apierrors.IsBadRequest(err) {
+			glog.Fatalf("Expected error, got %#v", err)
+		}
+	}
+
+	// Make sure patch containing originally submitted JSON is accepted
+	{
+		endpointTemplate.Name = ""
+		endpointTemplate.UID = ""
+		endpointTemplate.ResourceVersion = ""
+		endpointJSON, err := runtime.Encode(api.Codecs.LegacyCodec(v1.SchemeGroupVersion), endpointTemplate)
+		if err != nil {
+			glog.Fatalf("Failed creating endpoint JSON: %v", err)
+		}
+		if _, err := patchEndpoint(endpointJSON); err != nil {
+			glog.Fatalf("Failed patching endpoint: %v", err)
+		}
+	}
+
 	glog.Info("PATCHs work.")
 }
 

federation/registry/cluster/etcd/etcd.go

@@ -20,6 +20,7 @@ import (
 	"k8s.io/kubernetes/federation/apis/federation"
 	"k8s.io/kubernetes/federation/registry/cluster"
 	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/rest"
 	"k8s.io/kubernetes/pkg/registry/generic"
 	"k8s.io/kubernetes/pkg/registry/generic/registry"
 	"k8s.io/kubernetes/pkg/runtime"
@@ -38,8 +39,8 @@ func (r *StatusREST) New() runtime.Object {
 }
 
 // Update alters the status subset of an object.
-func (r *StatusREST) Update(ctx api.Context, obj runtime.Object) (runtime.Object, bool, error) {
-	return r.store.Update(ctx, obj)
+func (r *StatusREST) Update(ctx api.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
+	return r.store.Update(ctx, name, objInfo)
 }
 
 // NewREST returns a RESTStorage object that will work against clusters.

federation/registry/cluster/registry.go

@@ -71,7 +71,7 @@ func (s *storage) CreateCluster(ctx api.Context, cluster *federation.Cluster) er
 }
 
 func (s *storage) UpdateCluster(ctx api.Context, cluster *federation.Cluster) error {
-	_, _, err := s.Update(ctx, cluster)
+	_, _, err := s.Update(ctx, cluster.Name, rest.DefaultUpdatedObjectInfo(cluster, api.Scheme))
 	return err
 }
 

pkg/admission/attributes.go

@@ -30,10 +30,11 @@ type attributesRecord struct {
 	subresource string
 	operation   Operation
 	object      runtime.Object
+	oldObject   runtime.Object
 	userInfo    user.Info
 }
 
-func NewAttributesRecord(object runtime.Object, kind unversioned.GroupVersionKind, namespace, name string, resource unversioned.GroupVersionResource, subresource string, operation Operation, userInfo user.Info) Attributes {
+func NewAttributesRecord(object runtime.Object, oldObject runtime.Object, kind unversioned.GroupVersionKind, namespace, name string, resource unversioned.GroupVersionResource, subresource string, operation Operation, userInfo user.Info) Attributes {
 	return &attributesRecord{
 		kind:        kind,
 		namespace:   namespace,
@@ -42,6 +43,7 @@ func NewAttributesRecord(object runtime.Object, kind unversioned.GroupVersionKin
 		subresource: subresource,
 		operation:   operation,
 		object:      object,
+		oldObject:   oldObject,
 		userInfo:    userInfo,
 	}
 }
@@ -74,6 +76,10 @@ func (record *attributesRecord) GetObject() runtime.Object {
 	return record.object
 }
 
+func (record *attributesRecord) GetOldObject() runtime.Object {
+	return record.oldObject
+}
+
 func (record *attributesRecord) GetUserInfo() user.Info {
 	return record.userInfo
 }

pkg/admission/chain_test.go

@@ -100,7 +100,7 @@ func TestAdmit(t *testing.T) {
 		},
 	}
 	for _, test := range tests {
-		err := test.chain.Admit(NewAttributesRecord(nil, unversioned.GroupVersionKind{}, "", "", unversioned.GroupVersionResource{}, "", test.operation, nil))
+		err := test.chain.Admit(NewAttributesRecord(nil, nil, unversioned.GroupVersionKind{}, "", "", unversioned.GroupVersionResource{}, "", test.operation, nil))
 		accepted := (err == nil)
 		if accepted != test.accept {
 			t.Errorf("%s: unexpected result of admit call: %v\n", test.name, accepted)

pkg/admission/interfaces.go

@@ -41,6 +41,8 @@ type Attributes interface {
 	GetOperation() Operation
 	// GetObject is the object from the incoming request prior to default values being applied
 	GetObject() runtime.Object
+	// GetOldObject is the existing object. Only populated for UPDATE requests.
+	GetOldObject() runtime.Object
 	// GetKind is the type of object being manipulated.  For example: Pod
 	GetKind() unversioned.GroupVersionKind
 	// GetUserInfo is information about the requesting user

pkg/api/rest/rest.go

@@ -174,6 +174,19 @@ type NamedCreater interface {
 	Create(ctx api.Context, name string, obj runtime.Object) (runtime.Object, error)
 }
 
+// UpdatedObjectInfo provides information about an updated object to an Updater.
+// It requires access to the old object in order to return the newly updated object.
+type UpdatedObjectInfo interface {
+	// Returns preconditions built from the updated object, if applicable.
+	// May return nil, or a preconditions object containing nil fields,
+	// if no preconditions can be determined from the updated object.
+	Preconditions() *api.Preconditions
+
+	// UpdatedObject returns the updated object, given a context and old object.
+	// The only time an empty oldObj should be passed in is if a "create on update" is occurring (there is no oldObj).
+	UpdatedObject(ctx api.Context, oldObj runtime.Object) (newObj runtime.Object, err error)
+}
+
 // Updater is an object that can update an instance of a RESTful object.
 type Updater interface {
 	// New returns an empty object that can be used with Update after request data has been put into it.
@@ -183,14 +196,14 @@ type Updater interface {
 	// Update finds a resource in the storage and updates it. Some implementations
 	// may allow updates creates the object - they should set the created boolean
 	// to true.
-	Update(ctx api.Context, obj runtime.Object) (runtime.Object, bool, error)
+	Update(ctx api.Context, name string, objInfo UpdatedObjectInfo) (runtime.Object, bool, error)
 }
 
 // CreaterUpdater is a storage object that must support both create and update.
 // Go prevents embedded interfaces that implement the same method.
 type CreaterUpdater interface {
 	Creater
-	Update(ctx api.Context, obj runtime.Object) (runtime.Object, bool, error)
+	Update(ctx api.Context, name string, objInfo UpdatedObjectInfo) (runtime.Object, bool, error)
 }
 
 // CreaterUpdater must satisfy the Updater interface.

pkg/api/rest/resttest/resttest.go

@@ -170,6 +170,8 @@ func (t *Tester) TestUpdate(valid runtime.Object, createFn CreateFunc, getFn Get
 	}
 	t.testUpdateInvokesValidation(copyOrDie(valid), createFn, invalidUpdateFn...)
 	t.testUpdateWithWrongUID(copyOrDie(valid), createFn, getFn)
+	t.testUpdateRetrievesOldObject(copyOrDie(valid), createFn, getFn)
+	t.testUpdatePropagatesUpdatedObjectError(copyOrDie(valid), createFn, getFn)
 }
 
 // Test deleting an object.
@@ -442,7 +444,8 @@ func (t *Tester) testUpdateEquals(obj runtime.Object, createFn CreateFunc, getFn
 		t.Errorf("unexpected error: %v", err)
 	}
 	toUpdate = updateFn(toUpdate)
-	updated, created, err := t.storage.(rest.Updater).Update(ctx, toUpdate)
+	toUpdateMeta := t.getObjectMetaOrFail(toUpdate)
+	updated, created, err := t.storage.(rest.Updater).Update(ctx, toUpdateMeta.Name, rest.DefaultUpdatedObjectInfo(toUpdate, api.Scheme))
 	if err != nil {
 		t.Errorf("unexpected error: %v", err)
 	}
@@ -482,7 +485,7 @@ func (t *Tester) testUpdateFailsOnVersionTooOld(obj runtime.Object, createFn Cre
 	olderMeta := t.getObjectMetaOrFail(older)
 	olderMeta.ResourceVersion = "1"
 
-	_, _, err = t.storage.(rest.Updater).Update(t.TestContext(), older)
+	_, _, err = t.storage.(rest.Updater).Update(t.TestContext(), olderMeta.Name, rest.DefaultUpdatedObjectInfo(older, api.Scheme))
 	if err == nil {
 		t.Errorf("Expected an error, but we didn't get one")
 	} else if !errors.IsConflict(err) {
@@ -501,7 +504,8 @@ func (t *Tester) testUpdateInvokesValidation(obj runtime.Object, createFn Create
 
 	for _, update := range invalidUpdateFn {
 		toUpdate := update(copyOrDie(foo))
-		got, created, err := t.storage.(rest.Updater).Update(t.TestContext(), toUpdate)
+		toUpdateMeta := t.getObjectMetaOrFail(toUpdate)
+		got, created, err := t.storage.(rest.Updater).Update(t.TestContext(), toUpdateMeta.Name, rest.DefaultUpdatedObjectInfo(toUpdate, api.Scheme))
 		if got != nil || created {
 			t.Errorf("expected nil object and no creation for object: %v", toUpdate)
 		}
@@ -522,7 +526,7 @@ func (t *Tester) testUpdateWithWrongUID(obj runtime.Object, createFn CreateFunc,
 	}
 	objectMeta.UID = types.UID("UID1111")
 
-	obj, created, err := t.storage.(rest.Updater).Update(ctx, foo)
+	obj, created, err := t.storage.(rest.Updater).Update(ctx, objectMeta.Name, rest.DefaultUpdatedObjectInfo(foo, api.Scheme))
 	if created || obj != nil {
 		t.Errorf("expected nil object and no creation for object: %v", foo)
 	}
@@ -531,9 +535,85 @@ func (t *Tester) testUpdateWithWrongUID(obj runtime.Object, createFn CreateFunc,
 	}
 }
 
+func (t *Tester) testUpdateRetrievesOldObject(obj runtime.Object, createFn CreateFunc, getFn GetFunc) {
+	ctx := t.TestContext()
+	foo := copyOrDie(obj)
+	t.setObjectMeta(foo, t.namer(6))
+	objectMeta := t.getObjectMetaOrFail(foo)
+	objectMeta.Annotations = map[string]string{"A": "1"}
+	if err := createFn(ctx, foo); err != nil {
+		t.Errorf("unexpected error: %v", err)
+		return
+	}
+
+	storedFoo, err := getFn(ctx, foo)
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+		return
+	}
+
+	storedFooWithUpdates := copyOrDie(storedFoo)
+	objectMeta = t.getObjectMetaOrFail(storedFooWithUpdates)
+	objectMeta.Annotations = map[string]string{"A": "2"}
+
+	// Make sure a custom transform is called, and sees the expected updatedObject and oldObject
+	// This tests the mechanism used to pass the old and new object to admission
+	calledUpdatedObject := 0
+	noopTransform := func(_ api.Context, updatedObject runtime.Object, oldObject runtime.Object) (runtime.Object, error) {
+		if !reflect.DeepEqual(storedFoo, oldObject) {
+			t.Errorf("Expected\n\t%#v\ngot\n\t%#v", storedFoo, oldObject)
+		}
+		if !reflect.DeepEqual(storedFooWithUpdates, updatedObject) {
+			t.Errorf("Expected\n\t%#v\ngot\n\t%#v", storedFooWithUpdates, updatedObject)
+		}
+		calledUpdatedObject++
+		return updatedObject, nil
+	}
+
+	updatedObj, created, err := t.storage.(rest.Updater).Update(ctx, objectMeta.Name, rest.DefaultUpdatedObjectInfo(storedFooWithUpdates, api.Scheme, noopTransform))
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+		return
+	}
+	if created {
+		t.Errorf("expected no creation for object")
+		return
+	}
+	if updatedObj == nil {
+		t.Errorf("expected non-nil object from update")
+		return
+	}
+	if calledUpdatedObject != 1 {
+		t.Errorf("expected UpdatedObject() to be called 1 time, was called %d", calledUpdatedObject)
+		return
+	}
+}
+
+func (t *Tester) testUpdatePropagatesUpdatedObjectError(obj runtime.Object, createFn CreateFunc, getFn GetFunc) {
+	ctx := t.TestContext()
+	foo := copyOrDie(obj)
+	name := t.namer(7)
+	t.setObjectMeta(foo, name)
+	if err := createFn(ctx, foo); err != nil {
+		t.Errorf("unexpected error: %v", err)
+		return
+	}
+
+	// Make sure our transform is called, and sees the expected updatedObject and oldObject
+	propagateErr := fmt.Errorf("custom updated object error for %v", foo)
+	noopTransform := func(_ api.Context, updatedObject runtime.Object, oldObject runtime.Object) (runtime.Object, error) {
+		return nil, propagateErr
+	}
+
+	_, _, err := t.storage.(rest.Updater).Update(ctx, name, rest.DefaultUpdatedObjectInfo(foo, api.Scheme, noopTransform))
+	if err != propagateErr {
+		t.Errorf("expected propagated error, got %#v", err)
+	}
+}
+
 func (t *Tester) testUpdateOnNotFound(obj runtime.Object) {
 	t.setObjectMeta(obj, t.namer(0))
-	_, created, err := t.storage.(rest.Updater).Update(t.TestContext(), obj)
+	_, created, err := t.storage.(rest.Updater).Update(t.TestContext(), t.namer(0), rest.DefaultUpdatedObjectInfo(obj, api.Scheme))
 	if t.createOnUpdate {
 		if err != nil {
 			t.Errorf("creation allowed on updated, but got an error: %v", err)
@@ -563,7 +643,7 @@ func (t *Tester) testUpdateRejectsMismatchedNamespace(obj runtime.Object, create
 	objectMeta.Name = t.namer(1)
 	objectMeta.Namespace = "not-default"
 
-	obj, updated, err := t.storage.(rest.Updater).Update(t.TestContext(), obj)
+	obj, updated, err := t.storage.(rest.Updater).Update(t.TestContext(), "foo1", rest.DefaultUpdatedObjectInfo(obj, api.Scheme))
 	if obj != nil || updated {
 		t.Errorf("expected nil object and not updated")
 	}