mirror of https://github.com/k3s-io/k3s
Fix admission webhook integration tests to filter out controller requests
Joe Betz
parent
88eea7e2ca
commit
b0aab03209
|
|
@ -53,6 +53,7 @@ import (
|
||||||
|
|
||||||
const (
|
const (
|
||||||
testNamespace = "webhook-integration"
|
testNamespace = "webhook-integration"
|
||||||
|
testClientUsername = "webhook-integration-client"
|
||||||
|
|
||||||
mutation = "mutation"
|
mutation = "mutation"
|
||||||
validation = "validation"
|
validation = "validation"
|
||||||
|
|
@ -336,19 +337,34 @@ func TestWebhookV1beta1(t *testing.T) {
|
||||||
})
|
})
|
||||||
defer master.Cleanup()
|
defer master.Cleanup()
|
||||||
|
|
||||||
if _, err := master.Client.CoreV1().Namespaces().Create(&corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNamespace}}); err != nil {
|
// Configure a client with a distinct user name so that it is easy to distinguish requests
|
||||||
|
// made by the client from requests made by controllers. We use this to filter out requests
|
||||||
|
// before recording them to ensure we don't accidentally mistake requests from controllers
|
||||||
|
// as requests made by the client.
|
||||||
|
clientConfig := master.Config
|
||||||
|
clientConfig.Impersonate.UserName = testClientUsername
|
||||||
|
clientConfig.Impersonate.Groups = []string{"system:masters", "system:authenticated"}
|
||||||
|
client, err := clientset.NewForConfig(clientConfig)
|
||||||
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
if err := createV1beta1MutationWebhook(master.Client, webhookServer.URL+"/"+mutation); err != nil {
|
|
||||||
|
if _, err := client.CoreV1().Namespaces().Create(&corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNamespace}}); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
if err := createV1beta1ValidationWebhook(master.Client, webhookServer.URL+"/"+validation); err != nil {
|
if err := createV1beta1MutationWebhook(client, webhookServer.URL+"/"+mutation); err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
if err := createV1beta1ValidationWebhook(client, webhookServer.URL+"/"+validation); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// gather resources to test
|
// gather resources to test
|
||||||
dynamicClient := master.Dynamic
|
dynamicClient, err := dynamic.NewForConfig(clientConfig)
|
||||||
_, resources, err := master.Client.Discovery().ServerGroupsAndResources()
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
_, resources, err := client.Discovery().ServerGroupsAndResources()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to get ServerGroupsAndResources with error: %+v", err)
|
t.Fatalf("Failed to get ServerGroupsAndResources with error: %+v", err)
|
||||||
}
|
}
|
||||||
|
|
@ -412,7 +428,7 @@ func TestWebhookV1beta1(t *testing.T) {
|
||||||
t: t,
|
t: t,
|
||||||
admissionHolder: holder,
|
admissionHolder: holder,
|
||||||
client: dynamicClient,
|
client: dynamicClient,
|
||||||
clientset: master.Client,
|
clientset: client,
|
||||||
verb: verb,
|
verb: verb,
|
||||||
gvr: gvr,
|
gvr: gvr,
|
||||||
resource: resource,
|
resource: resource,
|
||||||
|
|
@ -938,7 +954,11 @@ func newWebhookHandler(t *testing.T, holder *holder, phase string) http.Handler
|
||||||
}
|
}
|
||||||
review.Request.OldObject.Object = u
|
review.Request.OldObject.Object = u
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if review.Request.UserInfo.Username == testClientUsername {
|
||||||
|
// only record requests originating from this integration test's client
|
||||||
holder.record(phase, review.Request)
|
holder.record(phase, review.Request)
|
||||||
|
}
|
||||||
|
|
||||||
review.Response = &v1beta1.AdmissionResponse{
|
review.Response = &v1beta1.AdmissionResponse{
|
||||||
Allowed: true,
|
Allowed: true,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue