diff --git a/pkg/registry/apps/deployment/storage/storage.go b/pkg/registry/apps/deployment/storage/storage.go index 5ee1fa2690..bf456b74ef 100644 --- a/pkg/registry/apps/deployment/storage/storage.go +++ b/pkg/registry/apps/deployment/storage/storage.go @@ -166,6 +166,12 @@ func (r *RollbackREST) Create(ctx context.Context, obj runtime.Object, createVal return nil, errors.NewBadRequest(fmt.Sprintf("not a DeploymentRollback: %#v", obj)) } + if createValidation != nil { + if err := createValidation(obj.DeepCopyObject()); err != nil { + return nil, err + } + } + if errs := appsvalidation.ValidateDeploymentRollback(rollback); len(errs) != 0 { return nil, errors.NewInvalid(apps.Kind("DeploymentRollback"), rollback.Name, errs) } diff --git a/pkg/registry/apps/deployment/storage/storage_test.go b/pkg/registry/apps/deployment/storage/storage_test.go index 26bcdc0acc..53f761bc66 100644 --- a/pkg/registry/apps/deployment/storage/storage_test.go +++ b/pkg/registry/apps/deployment/storage/storage_test.go @@ -17,6 +17,7 @@ limitations under the License. package storage import ( + "fmt" "net/http" "reflect" "testing" @@ -374,6 +375,33 @@ func TestEtcdCreateDeploymentRollback(t *testing.T) { } } +func TestCreateDeploymentRollbackValidation(t *testing.T) { + storage, server := newStorage(t) + rollbackStorage := storage.Rollback + rollback := apps.DeploymentRollback{ + Name: name, + UpdatedAnnotations: map[string]string{}, + RollbackTo: apps.RollbackConfig{Revision: 1}, + } + + ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), namespace) + + if _, err := storage.Deployment.Create(ctx, validNewDeployment(), rest.ValidateAllObjectFunc, &metav1.CreateOptions{}); err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + validationError := fmt.Errorf("admission deny") + alwaysDenyValidationFunc := func(obj runtime.Object) error { return validationError } + _, err := rollbackStorage.Create(ctx, &rollback, alwaysDenyValidationFunc, &metav1.CreateOptions{}) + + if err == nil || validationError != err { + t.Errorf("expected: %v, got: %v", validationError, err) + } + + storage.Deployment.Store.DestroyFunc() + server.Terminate(t) +} + // Ensure that when a deploymentRollback is created for a deployment that has already been deleted // by the API server, API server returns not-found error. func TestEtcdCreateDeploymentRollbackNoDeployment(t *testing.T) { diff --git a/pkg/registry/core/serviceaccount/storage/token.go b/pkg/registry/core/serviceaccount/storage/token.go index f1018b7eb0..881b5f26e4 100644 --- a/pkg/registry/core/serviceaccount/storage/token.go +++ b/pkg/registry/core/serviceaccount/storage/token.go @@ -58,8 +58,10 @@ var gvk = schema.GroupVersionKind{ } func (r *TokenREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - if err := createValidation(obj); err != nil { - return nil, err + if createValidation != nil { + if err := createValidation(obj.DeepCopyObject()); err != nil { + return nil, err + } } out := obj.(*authenticationapi.TokenRequest)