Enable validation of ingress definitions from extensions package
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
fb6a03ffb4
commit
703c2d6f8e
12 changed files with 225 additions and 79 deletions
|
|
@ -23,6 +23,7 @@ import (
|
|||
admissionv1 "k8s.io/api/admission/v1"
|
||||
admissionv1beta1 "k8s.io/api/admission/v1beta1"
|
||||
networking "k8s.io/api/networking/v1beta1"
|
||||
apiequality "k8s.io/apimachinery/pkg/api/equality"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -43,16 +44,10 @@ type IngressAdmission struct {
|
|||
}
|
||||
|
||||
var (
|
||||
networkingV1Beta1Resource = metav1.GroupVersionResource{
|
||||
Group: networking.GroupName,
|
||||
Version: "v1beta1",
|
||||
Resource: "ingresses",
|
||||
}
|
||||
|
||||
networkingV1Resource = metav1.GroupVersionResource{
|
||||
Group: networking.GroupName,
|
||||
Version: "v1",
|
||||
Resource: "ingresses",
|
||||
ingressResource = metav1.GroupVersionKind{
|
||||
Group: networking.GroupName,
|
||||
Version: "v1beta1",
|
||||
Kind: "Ingress",
|
||||
}
|
||||
)
|
||||
|
||||
|
|
@ -75,9 +70,9 @@ func (ia *IngressAdmission) HandleAdmission(obj runtime.Object) (runtime.Object,
|
|||
convertV1beta1AdmissionReviewToAdmissionAdmissionReview(reviewv1beta1, review)
|
||||
}
|
||||
|
||||
if review.Request.Resource != networkingV1Beta1Resource && review.Request.Resource != networkingV1Resource {
|
||||
if !apiequality.Semantic.DeepEqual(review.Request.Kind, ingressResource) {
|
||||
return nil, fmt.Errorf("rejecting admission review because the request does not contain an Ingress resource but %s with name %s in namespace %s",
|
||||
review.Request.Resource.String(), review.Request.Name, review.Request.Namespace)
|
||||
review.Request.Kind.String(), review.Request.Name, review.Request.Namespace)
|
||||
}
|
||||
|
||||
status := &admissionv1.AdmissionResponse{}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import (
|
|||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||
)
|
||||
|
||||
const testIngressName = "testIngressName"
|
||||
|
|
@ -58,7 +57,7 @@ func TestHandleAdmission(t *testing.T) {
|
|||
|
||||
result, err := adm.HandleAdmission(&admissionv1.AdmissionReview{
|
||||
Request: &admissionv1.AdmissionRequest{
|
||||
Resource: v1.GroupVersionResource{Group: "", Version: "v1", Resource: "pod"},
|
||||
Kind: v1.GroupVersionKind{Group: "", Version: "v1", Kind: "Pod"},
|
||||
},
|
||||
})
|
||||
if err == nil {
|
||||
|
|
@ -72,16 +71,7 @@ func TestHandleAdmission(t *testing.T) {
|
|||
|
||||
result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
|
||||
Request: &admissionv1.AdmissionRequest{
|
||||
Resource: v1.GroupVersionResource{Group: extensions.GroupName, Version: "v1beta1", Resource: "ingresses"},
|
||||
},
|
||||
})
|
||||
if err == nil {
|
||||
t.Fatalf("with extensions/v1beta1 Ingress resource, the check should not pass")
|
||||
}
|
||||
|
||||
result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
|
||||
Request: &admissionv1.AdmissionRequest{
|
||||
Resource: v1.GroupVersionResource{Group: networking.GroupName, Version: "v1beta1", Resource: "ingresses"},
|
||||
Kind: v1.GroupVersionKind{Group: networking.GroupName, Version: "v1beta1", Kind: "Ingress"},
|
||||
Object: runtime.RawExtension{
|
||||
Raw: []byte{0xff},
|
||||
},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue