Improve HandleAdmission resiliency
Signed-off-by: Stevo Slavić <sslavic@gmail.com>
This commit is contained in:
Stevo Slavić
parent
3d1acf6db0
commit
96f8094fdc
2 changed files with 19 additions and 4 deletions
|
|
@ -64,9 +64,6 @@ func (ia *IngressAdmission) HandleAdmission(obj runtime.Object) (runtime.Object,
|
|||
|
||||
review, isV1 := obj.(*admissionv1.AdmissionReview)
|
||||
|
||||
status := &admissionv1.AdmissionResponse{}
|
||||
status.UID = review.Request.UID
|
||||
|
||||
if !isV1 {
|
||||
outputVersion = admissionv1beta1.SchemeGroupVersion
|
||||
reviewv1beta1, isv1beta1 := obj.(*admissionv1beta1.AdmissionReview)
|
||||
|
|
@ -79,10 +76,13 @@ func (ia *IngressAdmission) HandleAdmission(obj runtime.Object) (runtime.Object,
|
|||
}
|
||||
|
||||
if review.Request.Resource != networkingV1Beta1Resource && review.Request.Resource != networkingV1Resource {
|
||||
return nil, fmt.Errorf("rejecting admission review because the request does not contains an Ingress resource but %s with name %s in namespace %s",
|
||||
return nil, fmt.Errorf("rejecting admission review because the request does not contain an Ingress resource but %s with name %s in namespace %s",
|
||||
review.Request.Resource.String(), review.Request.Name, review.Request.Namespace)
|
||||
}
|
||||
|
||||
status := &admissionv1.AdmissionResponse{}
|
||||
status.UID = review.Request.UID
|
||||
|
||||
ingress := networking.Ingress{}
|
||||
|
||||
codec := json.NewSerializerWithOptions(json.DefaultMetaFactory, scheme, scheme, json.SerializerOptions{
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import (
|
|||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||
)
|
||||
|
||||
const testIngressName = "testIngressName"
|
||||
|
|
@ -64,6 +65,20 @@ func TestHandleAdmission(t *testing.T) {
|
|||
t.Fatalf("with a non ingress resource, the check should not pass")
|
||||
}
|
||||
|
||||
result, err = adm.HandleAdmission(nil)
|
||||
if err == nil {
|
||||
t.Fatalf("with a nil AdmissionReview request, the check should not pass")
|
||||
}
|
||||
|
||||
result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
|
||||
Request: &admissionv1.AdmissionRequest{
|
||||
Resource: v1.GroupVersionResource{Group: extensions.GroupName, Version: "v1beta1", Resource: "ingresses"},
|
||||
},
|
||||
})
|
||||
if err == nil {
|
||||
t.Fatalf("with extensions/v1beta1 Ingress resource, the check should not pass")
|
||||
}
|
||||
|
||||
result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
|
||||
Request: &admissionv1.AdmissionRequest{
|
||||
Resource: v1.GroupVersionResource{Group: networking.GroupName, Version: "v1beta1", Resource: "ingresses"},
|
||||
|
|
|
|||
Loading…
Reference in a new issue