DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Admission warning (#9975)

Browse source 
* Add warning feature in admission code

* Apply suggestions from code review

Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* Add deprecation and validation path notice

---------

Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
This commit is contained in:
Ricardo Katz 2023-05-25 11:56:52 -03:00 committed by GitHub
parent 897783557a
commit 1282345be2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 177 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
internal/admission/controller/main.go
View file

@ -33,6 +33,7 @@ import (
// contains invalid instructions
type Checker interface {
CheckIngress(ing *networking.Ingress) error
CheckWarning(ing *networking.Ingress) ([]string, error)
}
// IngressAdmission implements the AdmissionController interface
@ -85,6 +86,15 @@ func (ia *IngressAdmission) HandleAdmission(obj runtime.Object) (runtime.Object,
return review, nil
}
// Adds the warnings regardless of operation being allowed or not
warning, err := ia.Checker.CheckWarning(&ingress)
if err != nil {
klog.ErrorS(err, "failed to get ingress warnings")
}
if len(warning) > 0 {
status.Warnings = warning
}
if err := ia.Checker.CheckIngress(&ingress); err != nil {
klog.ErrorS(err, "invalid ingress configuration", "ingress", fmt.Sprintf("%v/%v", review.Request.Namespace, review.Request.Name))
status.Allowed = false

12
internal/admission/controller/main_test.go
View file

@ -38,6 +38,11 @@ func (ftc failTestChecker) CheckIngress(ing *networking.Ingress) error {
return nil
}
func (ftc failTestChecker) CheckWarning(ing *networking.Ingress) ([]string, error) {
ftc.t.Error("checker should not be called")
return nil, nil
}
type testChecker struct {
t *testing.T
err error
@ -50,6 +55,13 @@ func (tc testChecker) CheckIngress(ing *networking.Ingress) error {
return tc.err
}
func (tc testChecker) CheckWarning(ing *networking.Ingress) ([]string, error) {
if ing.ObjectMeta.Name != testIngressName {
tc.t.Errorf("CheckWarning should be called with %v ingress, but got %v", testIngressName, ing.ObjectMeta.Name)
}
return nil, tc.err
}
func TestHandleAdmission(t *testing.T) {
adm := &IngressAdmission{
Checker: failTestChecker{t: t},