From cebb4ee2ac9e19fe90f78c3285978e585e67a3ac Mon Sep 17 00:00:00 2001 From: Mehdy Bohlool Date: Sat, 16 Feb 2019 13:28:14 -0800 Subject: [PATCH] Remove the propagated scheme from the Admission chain --- cmd/kube-apiserver/app/aggregator.go | 1 - cmd/kube-apiserver/app/apiextensions.go | 1 - cmd/kube-apiserver/app/server.go | 1 - pkg/kubeapiserver/options/admission.go | 4 +-- plugin/pkg/admission/gc/gc_admission_test.go | 2 +- .../admission/limitranger/admission_test.go | 2 +- .../namespace/autoprovision/admission_test.go | 2 +- .../namespace/exists/admission_test.go | 2 +- .../podnodeselector/admission_test.go | 2 +- .../admission_test.go | 2 +- .../pkg/cmd/server/options/options.go | 2 +- .../pkg/admission/initializer/initializer.go | 8 ----- .../admission/initializer/initializer_test.go | 34 ++----------------- .../pkg/admission/initializer/interfaces.go | 7 ---- .../namespace/lifecycle/admission_test.go | 2 +- .../plugin/webhook/generic/interfaces.go | 2 +- .../plugin/webhook/generic/webhook.go | 7 +--- .../plugin/webhook/mutating/dispatcher.go | 19 ++++++----- .../webhook/mutating/dispatcher_test.go | 7 ++-- .../plugin/webhook/mutating/plugin.go | 21 ------------ .../plugin/webhook/validating/dispatcher.go | 3 +- .../apiserver/pkg/server/options/admission.go | 8 +---- .../pkg/server/options/api_enablement.go | 1 + .../pkg/server/options/recommended.go | 5 ++- .../kube-aggregator/pkg/cmd/server/start.go | 2 +- .../plugin/banflunder/admission_test.go | 1 + .../sample-apiserver/pkg/cmd/server/start.go | 2 +- 27 files changed, 37 insertions(+), 113 deletions(-) diff --git a/cmd/kube-apiserver/app/aggregator.go b/cmd/kube-apiserver/app/aggregator.go index ee42f6a5a6..e9766b5f15 100644 --- a/cmd/kube-apiserver/app/aggregator.go +++ b/cmd/kube-apiserver/app/aggregator.go @@ -70,7 +70,6 @@ func createAggregatorConfig( &genericConfig, externalInformers, genericConfig.LoopbackClientConfig, - aggregatorscheme.Scheme, pluginInitializers...) if err != nil { return nil, err diff --git a/cmd/kube-apiserver/app/apiextensions.go b/cmd/kube-apiserver/app/apiextensions.go index 181ca71585..2db21153cd 100644 --- a/cmd/kube-apiserver/app/apiextensions.go +++ b/cmd/kube-apiserver/app/apiextensions.go @@ -52,7 +52,6 @@ func createAPIExtensionsConfig( &genericConfig, externalInformers, genericConfig.LoopbackClientConfig, - apiextensionsapiserver.Scheme, pluginInitializers...) if err != nil { return nil, err diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 499f6d1490..eb4ab7517e 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -490,7 +490,6 @@ func buildGenericConfig( genericConfig, versionedInformers, kubeClientConfig, - legacyscheme.Scheme, pluginInitializers...) if err != nil { lastErr = fmt.Errorf("failed to initialize admission: %v", err) diff --git a/pkg/kubeapiserver/options/admission.go b/pkg/kubeapiserver/options/admission.go index 15f5d95492..dfad5aa0bc 100644 --- a/pkg/kubeapiserver/options/admission.go +++ b/pkg/kubeapiserver/options/admission.go @@ -22,7 +22,6 @@ import ( "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/server" @@ -108,7 +107,6 @@ func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, kubeAPIServerClientConfig *rest.Config, - scheme *runtime.Scheme, pluginInitializers ...admission.PluginInitializer, ) error { if a == nil { @@ -120,7 +118,7 @@ func (a *AdmissionOptions) ApplyTo( a.GenericAdmission.EnablePlugins, a.GenericAdmission.DisablePlugins = computePluginNames(a.PluginNames, a.GenericAdmission.RecommendedPluginOrder) } - return a.GenericAdmission.ApplyTo(c, informers, kubeAPIServerClientConfig, scheme, pluginInitializers...) + return a.GenericAdmission.ApplyTo(c, informers, kubeAPIServerClientConfig, pluginInitializers...) } // explicitly disable all plugins that are not in the enabled list diff --git a/plugin/pkg/admission/gc/gc_admission_test.go b/plugin/pkg/admission/gc/gc_admission_test.go index ccae3d3271..8e0ef132ed 100644 --- a/plugin/pkg/admission/gc/gc_admission_test.go +++ b/plugin/pkg/admission/gc/gc_admission_test.go @@ -100,7 +100,7 @@ func newGCPermissionsEnforcement() (*gcPermissionsEnforcement, error) { whiteList: whiteList, } - genericPluginInitializer := initializer.New(nil, nil, fakeAuthorizer{}, nil) + genericPluginInitializer := initializer.New(nil, nil, fakeAuthorizer{}) fakeDiscoveryClient := &fakediscovery.FakeDiscovery{Fake: &coretesting.Fake{}} fakeDiscoveryClient.Resources = []*metav1.APIResourceList{ { diff --git a/plugin/pkg/admission/limitranger/admission_test.go b/plugin/pkg/admission/limitranger/admission_test.go index 59b9ee2171..ec184e4dfc 100644 --- a/plugin/pkg/admission/limitranger/admission_test.go +++ b/plugin/pkg/admission/limitranger/admission_test.go @@ -788,7 +788,7 @@ func newHandlerForTest(c clientset.Interface) (*LimitRanger, informers.SharedInf if err != nil { return nil, f, err } - pluginInitializer := genericadmissioninitializer.New(c, f, nil, nil) + pluginInitializer := genericadmissioninitializer.New(c, f, nil) pluginInitializer.Initialize(handler) err = admission.ValidateInitialization(handler) return handler, f, err diff --git a/plugin/pkg/admission/namespace/autoprovision/admission_test.go b/plugin/pkg/admission/namespace/autoprovision/admission_test.go index 5874b54cb5..cde6f315bf 100644 --- a/plugin/pkg/admission/namespace/autoprovision/admission_test.go +++ b/plugin/pkg/admission/namespace/autoprovision/admission_test.go @@ -39,7 +39,7 @@ import ( func newHandlerForTest(c clientset.Interface) (admission.MutationInterface, informers.SharedInformerFactory, error) { f := informers.NewSharedInformerFactory(c, 5*time.Minute) handler := NewProvision() - pluginInitializer := genericadmissioninitializer.New(c, f, nil, nil) + pluginInitializer := genericadmissioninitializer.New(c, f, nil) pluginInitializer.Initialize(handler) err := admission.ValidateInitialization(handler) return handler, f, err diff --git a/plugin/pkg/admission/namespace/exists/admission_test.go b/plugin/pkg/admission/namespace/exists/admission_test.go index a5c6f33598..c1cbfa5b18 100644 --- a/plugin/pkg/admission/namespace/exists/admission_test.go +++ b/plugin/pkg/admission/namespace/exists/admission_test.go @@ -38,7 +38,7 @@ import ( func newHandlerForTest(c kubernetes.Interface) (admission.ValidationInterface, informers.SharedInformerFactory, error) { f := informers.NewSharedInformerFactory(c, 5*time.Minute) handler := NewExists() - pluginInitializer := genericadmissioninitializer.New(c, f, nil, nil) + pluginInitializer := genericadmissioninitializer.New(c, f, nil) pluginInitializer.Initialize(handler) err := admission.ValidateInitialization(handler) return handler, f, err diff --git a/plugin/pkg/admission/podnodeselector/admission_test.go b/plugin/pkg/admission/podnodeselector/admission_test.go index b6f60bbd8b..73f1da0983 100644 --- a/plugin/pkg/admission/podnodeselector/admission_test.go +++ b/plugin/pkg/admission/podnodeselector/admission_test.go @@ -197,7 +197,7 @@ func TestHandles(t *testing.T) { func newHandlerForTest(c kubernetes.Interface) (*podNodeSelector, informers.SharedInformerFactory, error) { f := informers.NewSharedInformerFactory(c, 5*time.Minute) handler := NewPodNodeSelector(nil) - pluginInitializer := genericadmissioninitializer.New(c, f, nil, nil) + pluginInitializer := genericadmissioninitializer.New(c, f, nil) pluginInitializer.Initialize(handler) err := admission.ValidateInitialization(handler) return handler, f, err diff --git a/plugin/pkg/admission/podtolerationrestriction/admission_test.go b/plugin/pkg/admission/podtolerationrestriction/admission_test.go index 8ab6fcaf77..7b7d9d8803 100644 --- a/plugin/pkg/admission/podtolerationrestriction/admission_test.go +++ b/plugin/pkg/admission/podtolerationrestriction/admission_test.go @@ -346,7 +346,7 @@ func newHandlerForTest(c kubernetes.Interface) (*podTolerationsPlugin, informers return nil, nil, err } handler := NewPodTolerationsPlugin(pluginConfig) - pluginInitializer := genericadmissioninitializer.New(c, f, nil, nil) + pluginInitializer := genericadmissioninitializer.New(c, f, nil) pluginInitializer.Initialize(handler) err = admission.ValidateInitialization(handler) return handler, f, err diff --git a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/options/options.go b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/options/options.go index c787aa6419..8803bb3997 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/options/options.go +++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/options/options.go @@ -91,7 +91,7 @@ func (o CustomResourceDefinitionsServerOptions) Config() (*apiserver.Config, err } serverConfig := genericapiserver.NewRecommendedConfig(apiserver.Codecs) - if err := o.RecommendedOptions.ApplyTo(serverConfig, apiserver.Scheme); err != nil { + if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil { return nil, err } if err := o.APIEnablement.ApplyTo(&serverConfig.Config, apiserver.DefaultAPIResourceConfigSource(), apiserver.Scheme); err != nil { diff --git a/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer.go b/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer.go index abe764bb94..822885a5e8 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer.go @@ -17,7 +17,6 @@ limitations under the License. package initializer import ( - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/client-go/informers" @@ -28,7 +27,6 @@ type pluginInitializer struct { externalClient kubernetes.Interface externalInformers informers.SharedInformerFactory authorizer authorizer.Authorizer - scheme *runtime.Scheme } // New creates an instance of admission plugins initializer. @@ -37,13 +35,11 @@ func New( extClientset kubernetes.Interface, extInformers informers.SharedInformerFactory, authz authorizer.Authorizer, - scheme *runtime.Scheme, ) pluginInitializer { return pluginInitializer{ externalClient: extClientset, externalInformers: extInformers, authorizer: authz, - scheme: scheme, } } @@ -61,10 +57,6 @@ func (i pluginInitializer) Initialize(plugin admission.Interface) { if wants, ok := plugin.(WantsAuthorizer); ok { wants.SetAuthorizer(i.authorizer) } - - if wants, ok := plugin.(WantsScheme); ok { - wants.SetScheme(i.scheme) - } } var _ admission.PluginInitializer = pluginInitializer{} diff --git a/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer_test.go b/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer_test.go index 2e3a704933..fd2d500619 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer_test.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer_test.go @@ -20,7 +20,6 @@ import ( "testing" "time" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/initializer" "k8s.io/apiserver/pkg/authorization/authorizer" @@ -29,22 +28,10 @@ import ( "k8s.io/client-go/kubernetes/fake" ) -// TestWantsScheme ensures that the scheme is injected when -// the WantsScheme interface is implemented by a plugin. -func TestWantsScheme(t *testing.T) { - scheme := runtime.NewScheme() - target := initializer.New(nil, nil, nil, scheme) - wantSchemeAdmission := &WantSchemeAdmission{} - target.Initialize(wantSchemeAdmission) - if wantSchemeAdmission.scheme != scheme { - t.Errorf("expected scheme to be initialized") - } -} - // TestWantsAuthorizer ensures that the authorizer is injected // when the WantsAuthorizer interface is implemented by a plugin. func TestWantsAuthorizer(t *testing.T) { - target := initializer.New(nil, nil, &TestAuthorizer{}, nil) + target := initializer.New(nil, nil, &TestAuthorizer{}) wantAuthorizerAdmission := &WantAuthorizerAdmission{} target.Initialize(wantAuthorizerAdmission) if wantAuthorizerAdmission.auth == nil { @@ -56,7 +43,7 @@ func TestWantsAuthorizer(t *testing.T) { // when the WantsExternalKubeClientSet interface is implemented by a plugin. func TestWantsExternalKubeClientSet(t *testing.T) { cs := &fake.Clientset{} - target := initializer.New(cs, nil, &TestAuthorizer{}, nil) + target := initializer.New(cs, nil, &TestAuthorizer{}) wantExternalKubeClientSet := &WantExternalKubeClientSet{} target.Initialize(wantExternalKubeClientSet) if wantExternalKubeClientSet.cs != cs { @@ -69,7 +56,7 @@ func TestWantsExternalKubeClientSet(t *testing.T) { func TestWantsExternalKubeInformerFactory(t *testing.T) { cs := &fake.Clientset{} sf := informers.NewSharedInformerFactory(cs, time.Duration(1)*time.Second) - target := initializer.New(cs, sf, &TestAuthorizer{}, nil) + target := initializer.New(cs, sf, &TestAuthorizer{}) wantExternalKubeInformerFactory := &WantExternalKubeInformerFactory{} target.Initialize(wantExternalKubeInformerFactory) if wantExternalKubeInformerFactory.sf != sf { @@ -142,18 +129,3 @@ func (s *clientCertWanter) Admit(a admission.Attributes, o admission.ObjectInter } func (s *clientCertWanter) Handles(o admission.Operation) bool { return false } func (s *clientCertWanter) ValidateInitialization() error { return nil } - -// WantSchemeAdmission is a test stub that fulfills the WantsScheme interface. -type WantSchemeAdmission struct { - scheme *runtime.Scheme -} - -func (self *WantSchemeAdmission) SetScheme(s *runtime.Scheme) { self.scheme = s } -func (self *WantSchemeAdmission) Admit(a admission.Attributes, o admission.ObjectInterfaces) error { - return nil -} -func (self *WantSchemeAdmission) Handles(o admission.Operation) bool { return false } -func (self *WantSchemeAdmission) ValidateInitialization() error { return nil } - -var _ admission.Interface = &WantSchemeAdmission{} -var _ initializer.WantsScheme = &WantSchemeAdmission{} diff --git a/staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go b/staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go index 98a0758540..9bddb7155c 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go @@ -17,7 +17,6 @@ limitations under the License. package initializer import ( - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/client-go/informers" @@ -41,9 +40,3 @@ type WantsAuthorizer interface { SetAuthorizer(authorizer.Authorizer) admission.InitializationValidator } - -// WantsScheme defines a function that accepts runtime.Scheme for admission plugins that need it. -type WantsScheme interface { - SetScheme(*runtime.Scheme) - admission.InitializationValidator -} diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission_test.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission_test.go index d3d372446c..593c107dbf 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission_test.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission_test.go @@ -48,7 +48,7 @@ func newHandlerForTestWithClock(c clientset.Interface, cacheClock clock.Clock) ( if err != nil { return nil, f, err } - pluginInitializer := kubeadmission.New(c, f, nil, nil) + pluginInitializer := kubeadmission.New(c, f, nil) pluginInitializer.Initialize(handler) err = admission.ValidateInitialization(handler) return handler, f, err diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/interfaces.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/interfaces.go index 3a7edb526d..d998b6b71e 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/interfaces.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/interfaces.go @@ -41,5 +41,5 @@ type VersionedAttributes struct { // Dispatcher dispatches webhook call to a list of webhooks with admission attributes as argument. type Dispatcher interface { // Dispatch a request to the webhooks using the given webhooks. A non-nil error means the request is rejected. - Dispatch(ctx context.Context, a *VersionedAttributes, hooks []*v1beta1.Webhook) error + Dispatch(ctx context.Context, a *VersionedAttributes, o admission.ObjectInterfaces, hooks []*v1beta1.Webhook) error } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go index 6cd86a51d2..c44f67346c 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go @@ -24,7 +24,6 @@ import ( admissionv1beta1 "k8s.io/api/admission/v1beta1" "k8s.io/api/admissionregistration/v1beta1" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/admission" genericadmissioninit "k8s.io/apiserver/pkg/admission/initializer" "k8s.io/apiserver/pkg/admission/plugin/webhook/config" @@ -96,10 +95,6 @@ func (a *Webhook) SetServiceResolver(sr webhook.ServiceResolver) { a.clientManager.SetServiceResolver(sr) } -// SetScheme sets a serializer(NegotiatedSerializer) which is derived from the scheme -func (a *Webhook) SetScheme(scheme *runtime.Scheme) { -} - // SetExternalKubeClientSet implements the WantsExternalKubeInformerFactory interface. // It sets external ClientSet for admission plugins that need it func (a *Webhook) SetExternalKubeClientSet(client clientset.Interface) { @@ -193,5 +188,5 @@ func (a *Webhook) Dispatch(attr admission.Attributes, o admission.ObjectInterfac } versionedAttr.VersionedObject = out } - return a.dispatcher.Dispatch(ctx, &versionedAttr, relevantHooks) + return a.dispatcher.Dispatch(ctx, &versionedAttr, o, relevantHooks) } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go index d646bacb53..44490d1b4f 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go @@ -31,7 +31,9 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer/json" utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apiserver/pkg/admission" admissionmetrics "k8s.io/apiserver/pkg/admission/metrics" webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors" "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" @@ -53,10 +55,10 @@ func newMutatingDispatcher(p *Plugin) func(cm *webhook.ClientManager) generic.Di var _ generic.Dispatcher = &mutatingDispatcher{} -func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr *generic.VersionedAttributes, relevantHooks []*v1beta1.Webhook) error { +func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr *generic.VersionedAttributes, o admission.ObjectInterfaces, relevantHooks []*v1beta1.Webhook) error { for _, hook := range relevantHooks { t := time.Now() - err := a.callAttrMutatingHook(ctx, hook, attr) + err := a.callAttrMutatingHook(ctx, hook, attr, o) admissionmetrics.Metrics.ObserveWebhook(time.Since(t), err != nil, attr.Attributes, "admit", hook.Name) if err == nil { continue @@ -76,13 +78,13 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr *generic.Version // convert attr.VersionedObject to the internal version in the underlying admission.Attributes if attr.VersionedObject != nil { - return a.plugin.scheme.Convert(attr.VersionedObject, attr.Attributes.GetObject(), nil) + return o.GetObjectConvertor().Convert(attr.VersionedObject, attr.Attributes.GetObject(), nil) } return nil } // note that callAttrMutatingHook updates attr -func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *v1beta1.Webhook, attr *generic.VersionedAttributes) error { +func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *v1beta1.Webhook, attr *generic.VersionedAttributes, o admission.ObjectInterfaces) error { if attr.IsDryRun() { if h.SideEffects == nil { return &webhook.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Webhook SideEffects is nil")} @@ -135,7 +137,8 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *v1beta return apierrors.NewInternalError(fmt.Errorf("admission webhook %q attempted to modify the object, which is not supported for this operation", h.Name)) } - objJS, err := runtime.Encode(a.plugin.jsonSerializer, attr.VersionedObject) + jsonSerializer := json.NewSerializer(json.DefaultMetaFactory, o.GetObjectCreater(), o.GetObjectTyper(), false) + objJS, err := runtime.Encode(jsonSerializer, attr.VersionedObject) if err != nil { return apierrors.NewInternalError(err) } @@ -150,17 +153,17 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *v1beta // They are represented as Unstructured. newVersionedObject = &unstructured.Unstructured{} } else { - newVersionedObject, err = a.plugin.scheme.New(attr.GetKind()) + newVersionedObject, err = o.GetObjectCreater().New(attr.GetKind()) if err != nil { return apierrors.NewInternalError(err) } } // TODO: if we have multiple mutating webhooks, we can remember the json // instead of encoding and decoding for each one. - if _, _, err := a.plugin.jsonSerializer.Decode(patchedJS, nil, newVersionedObject); err != nil { + if _, _, err := jsonSerializer.Decode(patchedJS, nil, newVersionedObject); err != nil { return apierrors.NewInternalError(err) } attr.VersionedObject = newVersionedObject - a.plugin.scheme.Default(attr.VersionedObject) + o.GetObjectDefaulter().Default(attr.VersionedObject) return nil } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher_test.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher_test.go index ccea268624..53bcf0124d 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher_test.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher_test.go @@ -49,6 +49,7 @@ func TestDispatch(t *testing.T) { require.NoError(t, example.AddToScheme(scheme)) require.NoError(t, examplev1.AddToScheme(scheme)) require.NoError(t, example2v1.AddToScheme(scheme)) + objectInterfaces := &admission.SchemeBasedObjectInterfaces{scheme} tests := []struct { name string @@ -118,16 +119,14 @@ func TestDispatch(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { a := &mutatingDispatcher{ - plugin: &Plugin{ - scheme: scheme, - }, + plugin: &Plugin{}, } attr := generic.VersionedAttributes{ Attributes: admission.NewAttributesRecord(test.out, nil, schema.GroupVersionKind{}, "", "", schema.GroupVersionResource{}, "", admission.Operation(""), false, nil), VersionedOldObject: nil, VersionedObject: test.in, } - if err := a.Dispatch(context.TODO(), &attr, nil); err != nil { + if err := a.Dispatch(context.TODO(), &attr, objectInterfaces, nil); err != nil { t.Fatalf("%s: unexpected error: %v", test.name, err) } if !reflect.DeepEqual(attr.Attributes.GetObject(), test.expectedObj) { diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin.go index df5a2522f1..6202fbc63f 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin.go @@ -17,11 +17,8 @@ limitations under the License. package mutating import ( - "fmt" "io" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer/json" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/configuration" "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" @@ -47,9 +44,6 @@ func Register(plugins *admission.Plugins) { // Plugin is an implementation of admission.Interface. type Plugin struct { *generic.Webhook - - scheme *runtime.Scheme - jsonSerializer *json.Serializer } var _ admission.MutationInterface = &Plugin{} @@ -67,26 +61,11 @@ func NewMutatingWebhook(configFile io.Reader) (*Plugin, error) { return p, nil } -// SetScheme sets a serializer(NegotiatedSerializer) which is derived from the scheme -func (a *Plugin) SetScheme(scheme *runtime.Scheme) { - a.Webhook.SetScheme(scheme) - if scheme != nil { - a.scheme = scheme - a.jsonSerializer = json.NewSerializer(json.DefaultMetaFactory, scheme, scheme, false) - } -} - // ValidateInitialization implements the InitializationValidator interface. func (a *Plugin) ValidateInitialization() error { if err := a.Webhook.ValidateInitialization(); err != nil { return err } - if a.scheme == nil { - return fmt.Errorf("scheme is not properly setup") - } - if a.jsonSerializer == nil { - return fmt.Errorf("jsonSerializer is not properly setup") - } return nil } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go index 166e21adcd..d779be7b83 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go @@ -28,6 +28,7 @@ import ( "k8s.io/api/admissionregistration/v1beta1" apierrors "k8s.io/apimachinery/pkg/api/errors" utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apiserver/pkg/admission" admissionmetrics "k8s.io/apiserver/pkg/admission/metrics" webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors" "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" @@ -46,7 +47,7 @@ func newValidatingDispatcher(cm *webhook.ClientManager) generic.Dispatcher { var _ generic.Dispatcher = &validatingDispatcher{} -func (d *validatingDispatcher) Dispatch(ctx context.Context, attr *generic.VersionedAttributes, relevantHooks []*v1beta1.Webhook) error { +func (d *validatingDispatcher) Dispatch(ctx context.Context, attr *generic.VersionedAttributes, o admission.ObjectInterfaces, relevantHooks []*v1beta1.Webhook) error { wg := sync.WaitGroup{} errCh := make(chan error, len(relevantHooks)) wg.Add(len(relevantHooks)) diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index 09d4854141..962b44a3a9 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -114,18 +114,12 @@ func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, kubeAPIServerClientConfig *rest.Config, - scheme *runtime.Scheme, pluginInitializers ...admission.PluginInitializer, ) error { if a == nil { return nil } - // Admission need scheme to construct admission initializer. - if scheme == nil { - return fmt.Errorf("admission depends on a scheme, it cannot be nil") - } - // Admission depends on CoreAPI to set SharedInformerFactory and ClientConfig. if informers == nil { return fmt.Errorf("admission depends on a Kubernetes core API shared informer, it cannot be nil") @@ -142,7 +136,7 @@ func (a *AdmissionOptions) ApplyTo( if err != nil { return err } - genericInitializer := initializer.New(clientset, informers, c.Authorization.Authorizer, scheme) + genericInitializer := initializer.New(clientset, informers, c.Authorization.Authorizer) initializersChain := admission.PluginInitializers{} pluginInitializers = append(pluginInitializers, genericInitializer) initializersChain = append(initializersChain, pluginInitializers...) diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/api_enablement.go b/staging/src/k8s.io/apiserver/pkg/server/options/api_enablement.go index 71eda2981a..ed6a8bef05 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/api_enablement.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/api_enablement.go @@ -84,6 +84,7 @@ func (s *APIEnablementOptions) Validate(registries ...GroupRegisty) []error { // ApplyTo override MergedResourceConfig with defaults and registry func (s *APIEnablementOptions) ApplyTo(c *server.Config, defaultResourceConfig *serverstore.ResourceConfig, registry resourceconfig.GroupVersionRegistry) error { + if s == nil { return nil } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go index 500d578d6b..631b4f43e3 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go @@ -82,9 +82,8 @@ func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) { } // ApplyTo adds RecommendedOptions to the server configuration. -// scheme is the scheme of the apiserver types that are sent to the admission chain. // pluginInitializers can be empty, it is only need for additional initializers. -func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig, scheme *runtime.Scheme) error { +func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error { if err := o.Etcd.ApplyTo(&config.Config); err != nil { return err } @@ -108,7 +107,7 @@ func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig, scheme *r } if initializers, err := o.ExtraAdmissionInitializers(config); err != nil { return err - } else if err := o.Admission.ApplyTo(&config.Config, config.SharedInformerFactory, config.ClientConfig, scheme, initializers...); err != nil { + } else if err := o.Admission.ApplyTo(&config.Config, config.SharedInformerFactory, config.ClientConfig, initializers...); err != nil { return err } diff --git a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go index a86186f4fa..9dd8d7021f 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go @@ -122,7 +122,7 @@ func (o AggregatorOptions) RunAggregator(stopCh <-chan struct{}) error { serverConfig := genericapiserver.NewRecommendedConfig(aggregatorscheme.Codecs) - if err := o.RecommendedOptions.ApplyTo(serverConfig, aggregatorscheme.Scheme); err != nil { + if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil { return err } if err := o.APIEnablement.ApplyTo(&serverConfig.Config, apiserver.DefaultAPIResourceConfigSource(), aggregatorscheme.Scheme); err != nil { diff --git a/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission_test.go b/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission_test.go index b60ae0dbae..1797c23741 100644 --- a/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission_test.go +++ b/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission_test.go @@ -138,6 +138,7 @@ func TestBanflunderAdmissionPlugin(t *testing.T) { admission.Create, false, nil), + nil, ) // validate diff --git a/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go b/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go index e492925353..feb75fbf4f 100644 --- a/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go +++ b/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go @@ -120,7 +120,7 @@ func (o *WardleServerOptions) Config() (*apiserver.Config, error) { } serverConfig := genericapiserver.NewRecommendedConfig(apiserver.Codecs) - if err := o.RecommendedOptions.ApplyTo(serverConfig, apiserver.Scheme); err != nil { + if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil { return nil, err }