... | ... |
@@ -14,7 +14,7 @@ import ( |
14 | 14 |
|
15 | 15 |
// IsBuildPod returns true if a pod is a pod generated for a Build |
16 | 16 |
func IsBuildPod(a admission.Attributes) bool { |
17 |
- if a.GetResource() != kapi.Resource("pods") { |
|
17 |
+ if a.GetResource().GroupResource() != kapi.Resource("pods") { |
|
18 | 18 |
return false |
19 | 19 |
} |
20 | 20 |
if len(a.GetSubresource()) != 0 { |
... | ... |
@@ -44,12 +44,12 @@ var ( |
44 | 44 |
) |
45 | 45 |
|
46 | 46 |
func (a *buildByStrategy) Admit(attr admission.Attributes) error { |
47 |
- if resource := attr.GetResource(); resource != buildsResource && resource != buildConfigsResource { |
|
47 |
+ if resource := attr.GetResource().GroupResource(); resource != buildsResource && resource != buildConfigsResource { |
|
48 | 48 |
return nil |
49 | 49 |
} |
50 | 50 |
// Explicitly exclude the builds/details subresource because it's only |
51 | 51 |
// updating commit info and cannot change build type. |
52 |
- if attr.GetResource() == buildsResource && attr.GetSubresource() == "details" { |
|
52 |
+ if attr.GetResource().GroupResource() == buildsResource && attr.GetSubresource() == "details" { |
|
53 | 53 |
return nil |
54 | 54 |
} |
55 | 55 |
switch obj := attr.GetObject().(type) { |
... | ... |
@@ -136,7 +136,7 @@ func (a *buildByStrategy) checkBuildConfigAuthorization(buildConfig *buildapi.Bu |
136 | 136 |
} |
137 | 137 |
|
138 | 138 |
func (a *buildByStrategy) checkBuildRequestAuthorization(req *buildapi.BuildRequest, attr admission.Attributes) error { |
139 |
- switch attr.GetResource() { |
|
139 |
+ switch attr.GetResource().GroupResource() { |
|
140 | 140 |
case buildsResource: |
141 | 141 |
build, err := a.client.Builds(attr.GetNamespace()).Get(req.Name) |
142 | 142 |
if err != nil { |
... | ... |
@@ -147,7 +147,7 @@ func TestBuildAdmission(t *testing.T) { |
147 | 147 |
client := fakeClient(test.expectedResource, test.reviewResponse, test.responseObject) |
148 | 148 |
c := NewBuildByStrategy() |
149 | 149 |
c.(oadmission.WantsOpenshiftClient).SetOpenshiftClient(client) |
150 |
- attrs := admission.NewAttributesRecord(test.object, test.kind, "default", "name", test.resource, test.subResource, op, fakeUser()) |
|
150 |
+ attrs := admission.NewAttributesRecord(test.object, test.kind.WithVersion("version"), "default", "name", test.resource.WithVersion("version"), test.subResource, op, fakeUser()) |
|
151 | 151 |
err := c.Admit(attrs) |
152 | 152 |
if err != nil && test.expectAccept { |
153 | 153 |
t.Errorf("%s: unexpected error: %v", test.name, err) |
... | ... |
@@ -72,10 +72,10 @@ func (p *TestPod) GetBuild(t *testing.T) *buildapi.Build { |
72 | 72 |
|
73 | 73 |
func (p *TestPod) ToAttributes() admission.Attributes { |
74 | 74 |
return admission.NewAttributesRecord((*kapi.Pod)(p), |
75 |
- kapi.Kind("Pod"), |
|
75 |
+ kapi.Kind("Pod").WithVersion("version"), |
|
76 | 76 |
"default", |
77 | 77 |
"TestPod", |
78 |
- kapi.Resource("pods"), |
|
78 |
+ kapi.Resource("pods").WithVersion("version"), |
|
79 | 79 |
"", |
80 | 80 |
admission.Create, |
81 | 81 |
nil) |
... | ... |
@@ -130,7 +130,7 @@ func (bs *SourceBuildStrategy) canRunAsRoot(build *buildapi.Build) bool { |
130 | 130 |
}, |
131 | 131 |
} |
132 | 132 |
userInfo := serviceaccount.UserInfo(build.Namespace, build.Spec.ServiceAccount, "") |
133 |
- attrs := admission.NewAttributesRecord(pod, kapi.Kind("Pod"), pod.Namespace, pod.Name, kapi.Resource("pods"), "", admission.Create, userInfo) |
|
133 |
+ attrs := admission.NewAttributesRecord(pod, kapi.Kind("Pod").WithVersion(""), pod.Namespace, pod.Name, kapi.Resource("pods").WithVersion(""), "", admission.Create, userInfo) |
|
134 | 134 |
err := bs.AdmissionControl.Admit(attrs) |
135 | 135 |
if err != nil { |
136 | 136 |
glog.V(2).Infof("Admit for root user returned error: %v", err) |
... | ... |
@@ -59,7 +59,7 @@ func (e *lifecycle) Admit(a admission.Attributes) (err error) { |
59 | 59 |
if err != nil { |
60 | 60 |
return err |
61 | 61 |
} |
62 |
- mapping, err := groupMeta.RESTMapper.RESTMapping(a.GetKind()) |
|
62 |
+ mapping, err := groupMeta.RESTMapper.RESTMapping(a.GetKind().GroupKind()) |
|
63 | 63 |
if err != nil { |
64 | 64 |
glog.V(4).Infof("Ignoring life-cycle enforcement for resource %v; no associated default version and kind could be found.", a.GetResource()) |
65 | 65 |
return nil |
... | ... |
@@ -93,7 +93,7 @@ func (e *lifecycle) Admit(a admission.Attributes) (err error) { |
93 | 93 |
} |
94 | 94 |
|
95 | 95 |
if namespace.Status.Phase == kapi.NamespaceTerminating && !e.creatableResources.Has(strings.ToLower(a.GetResource().Resource)) { |
96 |
- return apierrors.NewForbidden(a.GetResource(), name, fmt.Errorf("Namespace %s is terminating", a.GetNamespace())) |
|
96 |
+ return apierrors.NewForbidden(a.GetResource().GroupResource(), name, fmt.Errorf("Namespace %s is terminating", a.GetNamespace())) |
|
97 | 97 |
} |
98 | 98 |
|
99 | 99 |
// in case of concurrency issues, we will retry this logic |
... | ... |
@@ -152,5 +152,5 @@ var ( |
152 | 152 |
) |
153 | 153 |
|
154 | 154 |
func isSubjectAccessReview(a admission.Attributes) bool { |
155 |
- return a.GetKind() == sar || a.GetKind() == lsar |
|
155 |
+ return a.GetKind().GroupKind() == sar || a.GetKind().GroupKind() == lsar |
|
156 | 156 |
} |
... | ... |
@@ -35,7 +35,7 @@ func TestIgnoreThatWhichCannotBeKnown(t *testing.T) { |
35 | 35 |
handler := &lifecycle{} |
36 | 36 |
unknown := &UnknownObject{} |
37 | 37 |
|
38 |
- err := handler.Admit(admission.NewAttributesRecord(unknown, kapi.Kind("kind"), "namespace", "name", kapi.Resource("resource"), "subresource", "CREATE", nil)) |
|
38 |
+ err := handler.Admit(admission.NewAttributesRecord(unknown, kapi.Kind("kind").WithVersion("version"), "namespace", "name", kapi.Resource("resource").WithVersion("version"), "subresource", "CREATE", nil)) |
|
39 | 39 |
if err != nil { |
40 | 40 |
t.Errorf("Admission control should not error if it finds an object it knows nothing about %v", err) |
41 | 41 |
} |
... | ... |
@@ -76,7 +76,7 @@ func TestAdmissionExists(t *testing.T) { |
76 | 76 |
Phase: buildapi.BuildPhaseNew, |
77 | 77 |
}, |
78 | 78 |
} |
79 |
- err := handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build"), "namespace", "name", kapi.Resource("builds"), "", "CREATE", nil)) |
|
79 |
+ err := handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build").WithVersion("version"), "namespace", "name", kapi.Resource("builds").WithVersion("version"), "", "CREATE", nil)) |
|
80 | 80 |
if err == nil { |
81 | 81 |
t.Errorf("Expected an error because namespace does not exist") |
82 | 82 |
} |
... | ... |
@@ -124,7 +124,7 @@ func TestAdmissionLifecycle(t *testing.T) { |
124 | 124 |
Phase: buildapi.BuildPhaseNew, |
125 | 125 |
}, |
126 | 126 |
} |
127 |
- err := handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build"), build.Namespace, "name", kapi.Resource("builds"), "", "CREATE", nil)) |
|
127 |
+ err := handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build").WithVersion("version"), build.Namespace, "name", kapi.Resource("builds").WithVersion("version"), "", "CREATE", nil)) |
|
128 | 128 |
if err != nil { |
129 | 129 |
t.Errorf("Unexpected error returned from admission handler: %v", err) |
130 | 130 |
} |
... | ... |
@@ -134,19 +134,19 @@ func TestAdmissionLifecycle(t *testing.T) { |
134 | 134 |
store.Add(namespaceObj) |
135 | 135 |
|
136 | 136 |
// verify create operations in the namespace cause an error |
137 |
- err = handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build"), build.Namespace, "name", kapi.Resource("builds"), "", "CREATE", nil)) |
|
137 |
+ err = handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build").WithVersion("version"), build.Namespace, "name", kapi.Resource("builds").WithVersion("version"), "", "CREATE", nil)) |
|
138 | 138 |
if err == nil { |
139 | 139 |
t.Errorf("Expected error rejecting creates in a namespace when it is terminating") |
140 | 140 |
} |
141 | 141 |
|
142 | 142 |
// verify update operations in the namespace can proceed |
143 |
- err = handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build"), build.Namespace, "name", kapi.Resource("builds"), "", "UPDATE", nil)) |
|
143 |
+ err = handler.Admit(admission.NewAttributesRecord(build, kapi.Kind("Build").WithVersion("version"), build.Namespace, "name", kapi.Resource("builds").WithVersion("version"), "", "UPDATE", nil)) |
|
144 | 144 |
if err != nil { |
145 | 145 |
t.Errorf("Unexpected error returned from admission handler: %v", err) |
146 | 146 |
} |
147 | 147 |
|
148 | 148 |
// verify delete operations in the namespace can proceed |
149 |
- err = handler.Admit(admission.NewAttributesRecord(nil, kapi.Kind("Build"), build.Namespace, "name", kapi.Resource("builds"), "", "DELETE", nil)) |
|
149 |
+ err = handler.Admit(admission.NewAttributesRecord(nil, kapi.Kind("Build").WithVersion("version"), build.Namespace, "name", kapi.Resource("builds").WithVersion("version"), "", "DELETE", nil)) |
|
150 | 150 |
if err != nil { |
151 | 151 |
t.Errorf("Unexpected error returned from admission handler: %v", err) |
152 | 152 |
} |
... | ... |
@@ -200,7 +200,7 @@ func TestSAR(t *testing.T) { |
200 | 200 |
} |
201 | 201 |
|
202 | 202 |
for k, v := range tests { |
203 |
- err := handler.Admit(admission.NewAttributesRecord(nil, kapi.Kind(v.kind), "foo", "name", kapi.Resource(v.resource), "", "CREATE", nil)) |
|
203 |
+ err := handler.Admit(admission.NewAttributesRecord(nil, kapi.Kind(v.kind).WithVersion("version"), "foo", "name", kapi.Resource(v.resource).WithVersion("version"), "", "CREATE", nil)) |
|
204 | 204 |
if err != nil { |
205 | 205 |
t.Errorf("Unexpected error for %s returned from admission handler: %v", k, err) |
206 | 206 |
} |
... | ... |
@@ -32,7 +32,7 @@ var _ = oadmission.Validator(&podNodeEnvironment{}) |
32 | 32 |
|
33 | 33 |
// Admit enforces that pod and its project node label selectors matches at least a node in the cluster. |
34 | 34 |
func (p *podNodeEnvironment) Admit(a admission.Attributes) (err error) { |
35 |
- resource := a.GetResource() |
|
35 |
+ resource := a.GetResource().GroupResource() |
|
36 | 36 |
if resource != kapi.Resource("pods") { |
37 | 37 |
return nil |
38 | 38 |
} |
... | ... |
@@ -113,7 +113,7 @@ func TestPodAdmission(t *testing.T) { |
113 | 113 |
} |
114 | 114 |
pod.Spec = kapi.PodSpec{NodeSelector: test.podNodeSelector} |
115 | 115 |
|
116 |
- err := handler.Admit(admission.NewAttributesRecord(pod, kapi.Kind("Pod"), "namespace", project.ObjectMeta.Name, kapi.Resource("pods"), "", admission.Create, nil)) |
|
116 |
+ err := handler.Admit(admission.NewAttributesRecord(pod, kapi.Kind("Pod").WithVersion("version"), "namespace", project.ObjectMeta.Name, kapi.Resource("pods").WithVersion("version"), "", admission.Create, nil)) |
|
117 | 117 |
if test.admit && err != nil { |
118 | 118 |
t.Errorf("Test: %s, expected no error but got: %s", test.testName, err) |
119 | 119 |
} else if !test.admit && err == nil { |
... | ... |
@@ -68,7 +68,7 @@ func (o *projectRequestLimit) Admit(a admission.Attributes) (err error) { |
68 | 68 |
if o.config == nil { |
69 | 69 |
return nil |
70 | 70 |
} |
71 |
- if a.GetResource() != projectapi.Resource("projectrequests") { |
|
71 |
+ if a.GetResource().GroupResource() != projectapi.Resource("projectrequests") { |
|
72 | 72 |
return nil |
73 | 73 |
} |
74 | 74 |
if _, isProjectRequest := a.GetObject().(*projectapi.ProjectRequest); !isProjectRequest { |
... | ... |
@@ -281,10 +281,10 @@ func TestAdmit(t *testing.T) { |
281 | 281 |
} |
282 | 282 |
err = reqLimit.Admit(admission.NewAttributesRecord( |
283 | 283 |
&projectapi.ProjectRequest{}, |
284 |
- projectapi.Kind("ProjectRequest"), |
|
284 |
+ projectapi.Kind("ProjectRequest").WithVersion("version"), |
|
285 | 285 |
"foo", |
286 | 286 |
"name", |
287 |
- projectapi.Resource("projectrequests"), |
|
287 |
+ projectapi.Resource("projectrequests").WithVersion("version"), |
|
288 | 288 |
"", |
289 | 289 |
"CREATE", |
290 | 290 |
&user.DefaultInfo{Name: tc.user})) |
... | ... |
@@ -141,7 +141,7 @@ func (a *clusterResourceOverridePlugin) Validate() error { |
141 | 141 |
// TODO this will need to update when we have pod requests/limits |
142 | 142 |
func (a *clusterResourceOverridePlugin) Admit(attr admission.Attributes) error { |
143 | 143 |
glog.V(6).Infof("%s admission controller is invoked", api.PluginName) |
144 |
- if a.config == nil || attr.GetResource() != kapi.Resource("pods") || attr.GetSubresource() != "" { |
|
144 |
+ if a.config == nil || attr.GetResource().GroupResource() != kapi.Resource("pods") || attr.GetSubresource() != "" { |
|
145 | 145 |
return nil // not applicable |
146 | 146 |
} |
147 | 147 |
pod, ok := attr.GetObject().(*kapi.Pod) |
... | ... |
@@ -227,7 +227,7 @@ func TestLimitRequestAdmission(t *testing.T) { |
227 | 227 |
continue |
228 | 228 |
} |
229 | 229 |
c.(*clusterResourceOverridePlugin).SetProjectCache(fakeProjectCache(test.namespace)) |
230 |
- attrs := admission.NewAttributesRecord(test.object, unversioned.GroupKind{}, test.namespace.Name, "name", kapi.Resource("pods"), "", admission.Create, fakeUser()) |
|
230 |
+ attrs := admission.NewAttributesRecord(test.object, unversioned.GroupVersionKind{}, test.namespace.Name, "name", kapi.Resource("pods").WithVersion("version"), "", admission.Create, fakeUser()) |
|
231 | 231 |
if err := c.Admit(attrs); err != nil { |
232 | 232 |
t.Errorf("%s: admission controller should not return error", test.name) |
233 | 233 |
} |
... | ... |
@@ -67,7 +67,7 @@ var _ = oadmission.Validator(&runOnceDuration{}) |
67 | 67 |
func (a *runOnceDuration) Admit(attributes admission.Attributes) error { |
68 | 68 |
switch { |
69 | 69 |
case a.config == nil, |
70 |
- attributes.GetResource() != kapi.Resource("pods"), |
|
70 |
+ attributes.GetResource().GroupResource() != kapi.Resource("pods"), |
|
71 | 71 |
len(attributes.GetSubresource()) > 0: |
72 | 72 |
return nil |
73 | 73 |
} |
... | ... |
@@ -137,7 +137,7 @@ func TestRunOnceDurationAdmit(t *testing.T) { |
137 | 137 |
runOnceDuration := NewRunOnceDuration(tc.config) |
138 | 138 |
runOnceDuration.(oadmission.WantsProjectCache).SetProjectCache(testCache(tc.projectAnnotations)) |
139 | 139 |
pod := tc.pod |
140 |
- attrs := admission.NewAttributesRecord(pod, kapi.Kind("Pod"), "default", "test", kapi.Resource("pods"), "", admission.Create, nil) |
|
140 |
+ attrs := admission.NewAttributesRecord(pod, kapi.Kind("Pod").WithVersion("version"), "default", "test", kapi.Resource("pods").WithVersion("version"), "", admission.Create, nil) |
|
141 | 141 |
err := runOnceDuration.Admit(attrs) |
142 | 142 |
if err != nil { |
143 | 143 |
t.Errorf("%s: unexpected admission error: %v", tc.name, err) |
... | ... |
@@ -112,7 +112,7 @@ func (o *podNodeConstraints) Admit(attr admission.Attributes) error { |
112 | 112 |
attr.GetSubresource() != "": |
113 | 113 |
return nil |
114 | 114 |
} |
115 |
- shouldCheck, err := shouldCheckResource(attr.GetResource(), attr.GetKind()) |
|
115 |
+ shouldCheck, err := shouldCheckResource(attr.GetResource().GroupResource(), attr.GetKind().GroupKind()) |
|
116 | 116 |
if err != nil { |
117 | 117 |
return err |
118 | 118 |
} |
... | ... |
@@ -120,7 +120,7 @@ func (o *podNodeConstraints) Admit(attr admission.Attributes) error { |
120 | 120 |
return nil |
121 | 121 |
} |
122 | 122 |
// Only check Create operation on pods |
123 |
- if attr.GetResource() == kapi.Resource("pods") && attr.GetOperation() != admission.Create { |
|
123 |
+ if attr.GetResource().GroupResource() == kapi.Resource("pods") && attr.GetOperation() != admission.Create { |
|
124 | 124 |
return nil |
125 | 125 |
} |
126 | 126 |
ps, err := o.getPodSpec(attr) |
... | ... |
@@ -199,7 +199,7 @@ func (o *podNodeConstraints) checkPodsBindAccess(attr admission.Attributes) (boo |
199 | 199 |
Resource: "pods/binding", |
200 | 200 |
APIGroup: kapi.GroupName, |
201 | 201 |
} |
202 |
- if attr.GetResource() == kapi.Resource("pods") { |
|
202 |
+ if attr.GetResource().GroupResource() == kapi.Resource("pods") { |
|
203 | 203 |
authzAttr.ResourceName = attr.GetName() |
204 | 204 |
} |
205 | 205 |
allow, _, err := o.authorizer.Authorize(ctx, authzAttr) |
... | ... |
@@ -111,7 +111,7 @@ func TestPodNodeConstraints(t *testing.T) { |
111 | 111 |
checkAdmitError(t, err, expectedError, errPrefix) |
112 | 112 |
continue |
113 | 113 |
} |
114 |
- attrs := admission.NewAttributesRecord(tc.resource, kapi.Kind("Pod"), ns, "test", kapi.Resource("pods"), "", admission.Create, tc.userinfo) |
|
114 |
+ attrs := admission.NewAttributesRecord(tc.resource, kapi.Kind("Pod").WithVersion("version"), ns, "test", kapi.Resource("pods").WithVersion("version"), "", admission.Create, tc.userinfo) |
|
115 | 115 |
if tc.expectedErrorMsg != "" { |
116 | 116 |
expectedError = admission.NewForbidden(attrs, fmt.Errorf(tc.expectedErrorMsg)) |
117 | 117 |
} |
... | ... |
@@ -131,7 +131,7 @@ func TestPodNodeConstraintsPodUpdate(t *testing.T) { |
131 | 131 |
checkAdmitError(t, err, expectedError, errPrefix) |
132 | 132 |
return |
133 | 133 |
} |
134 |
- attrs := admission.NewAttributesRecord(nodeNamePod(), kapi.Kind("Pod"), ns, "test", kapi.Resource("pods"), "", admission.Update, serviceaccount.UserInfo("", "", "")) |
|
134 |
+ attrs := admission.NewAttributesRecord(nodeNamePod(), kapi.Kind("Pod").WithVersion("version"), ns, "test", kapi.Resource("pods").WithVersion("version"), "", admission.Update, serviceaccount.UserInfo("", "", "")) |
|
135 | 135 |
err = prc.Admit(attrs) |
136 | 136 |
checkAdmitError(t, err, expectedError, errPrefix) |
137 | 137 |
} |
... | ... |
@@ -147,7 +147,7 @@ func TestPodNodeConstraintsNonHandledResources(t *testing.T) { |
147 | 147 |
checkAdmitError(t, err, expectedError, errPrefix) |
148 | 148 |
return |
149 | 149 |
} |
150 |
- attrs := admission.NewAttributesRecord(resourceQuota(), kapi.Kind("ResourceQuota"), ns, "test", kapi.Resource("resourcequotas"), "", admission.Create, serviceaccount.UserInfo("", "", "")) |
|
150 |
+ attrs := admission.NewAttributesRecord(resourceQuota(), kapi.Kind("ResourceQuota").WithVersion("version"), ns, "test", kapi.Resource("resourcequotas").WithVersion("version"), "", admission.Create, serviceaccount.UserInfo("", "", "")) |
|
151 | 151 |
err = prc.Admit(attrs) |
152 | 152 |
checkAdmitError(t, err, expectedError, errPrefix) |
153 | 153 |
} |
... | ... |
@@ -253,7 +253,7 @@ func TestPodNodeConstraintsResources(t *testing.T) { |
253 | 253 |
checkAdmitError(t, err, expectedError, errPrefix) |
254 | 254 |
continue |
255 | 255 |
} |
256 |
- attrs := admission.NewAttributesRecord(tr.resource(tp.nodeselector), tr.kind, ns, "test", tr.groupresource, "", top.operation, tc.userinfo) |
|
256 |
+ attrs := admission.NewAttributesRecord(tr.resource(tp.nodeselector), tr.kind.WithVersion("version"), ns, "test", tr.groupresource.WithVersion("version"), "", top.operation, tc.userinfo) |
|
257 | 257 |
if tp.expectedErrorMsg != "" { |
258 | 258 |
expectedError = admission.NewForbidden(attrs, fmt.Errorf(tp.expectedErrorMsg)) |
259 | 259 |
} |
... | ... |
@@ -95,7 +95,7 @@ func (a *constraint) Stop() { |
95 | 95 |
// with the validated SCC. If we don't find any reject the pod and give all errors from the |
96 | 96 |
// failed attempts. |
97 | 97 |
func (c *constraint) Admit(a kadmission.Attributes) error { |
98 |
- if a.GetResource() != kapi.Resource("pods") { |
|
98 |
+ if a.GetResource().GroupResource() != kapi.Resource("pods") { |
|
99 | 99 |
return nil |
100 | 100 |
} |
101 | 101 |
|
... | ... |
@@ -133,7 +133,7 @@ func testSCCAdmit(testCaseName string, sccs []*kapi.SecurityContextConstraints, |
133 | 133 |
|
134 | 134 |
plugin := NewTestAdmission(store, tc) |
135 | 135 |
|
136 |
- attrs := kadmission.NewAttributesRecord(pod, kapi.Kind("Pod"), "namespace", "", kapi.Resource("pods"), "", kadmission.Create, &user.DefaultInfo{}) |
|
136 |
+ attrs := kadmission.NewAttributesRecord(pod, kapi.Kind("Pod").WithVersion("version"), "namespace", "", kapi.Resource("pods").WithVersion("version"), "", kadmission.Create, &user.DefaultInfo{}) |
|
137 | 137 |
err := plugin.Admit(attrs) |
138 | 138 |
|
139 | 139 |
if shouldPass && err != nil { |
... | ... |
@@ -374,7 +374,7 @@ func TestAdmit(t *testing.T) { |
374 | 374 |
} |
375 | 375 |
|
376 | 376 |
for k, v := range testCases { |
377 |
- attrs := kadmission.NewAttributesRecord(v.pod, kapi.Kind("Pod"), "namespace", "", kapi.Resource("pods"), "", kadmission.Create, &user.DefaultInfo{}) |
|
377 |
+ attrs := kadmission.NewAttributesRecord(v.pod, kapi.Kind("Pod").WithVersion("version"), "namespace", "", kapi.Resource("pods").WithVersion("version"), "", kadmission.Create, &user.DefaultInfo{}) |
|
378 | 378 |
err := p.Admit(attrs) |
379 | 379 |
|
380 | 380 |
if v.shouldAdmit && err != nil { |
... | ... |
@@ -448,7 +448,7 @@ func TestAdmit(t *testing.T) { |
448 | 448 |
|
449 | 449 |
for k, v := range testCases { |
450 | 450 |
if !v.shouldAdmit { |
451 |
- attrs := kadmission.NewAttributesRecord(v.pod, kapi.Kind("Pod"), "namespace", "", kapi.Resource("pods"), "", kadmission.Create, &user.DefaultInfo{}) |
|
451 |
+ attrs := kadmission.NewAttributesRecord(v.pod, kapi.Kind("Pod").WithVersion("version"), "namespace", "", kapi.Resource("pods").WithVersion("version"), "", kadmission.Create, &user.DefaultInfo{}) |
|
452 | 452 |
err := p.Admit(attrs) |
453 | 453 |
if err != nil { |
454 | 454 |
t.Errorf("Expected %s to pass with escalated scc but got error %v", k, err) |
... | ... |
@@ -823,7 +823,7 @@ func TestCreateProvidersFromConstraints(t *testing.T) { |
823 | 823 |
scc := v.scc() |
824 | 824 |
|
825 | 825 |
// create the providers, this method only needs the namespace |
826 |
- attributes := kadmission.NewAttributesRecord(nil, kapi.Kind("Pod"), v.namespace.Name, "", kapi.Resource("pods"), "", kadmission.Create, nil) |
|
826 |
+ attributes := kadmission.NewAttributesRecord(nil, kapi.Kind("Pod").WithVersion("version"), v.namespace.Name, "", kapi.Resource("pods").WithVersion("version"), "", kadmission.Create, nil) |
|
827 | 827 |
_, errs := admit.createProvidersFromConstraints(attributes.GetNamespace(), []*kapi.SecurityContextConstraints{scc}) |
828 | 828 |
|
829 | 829 |
if !reflect.DeepEqual(scc, v.scc()) { |
... | ... |
@@ -1465,7 +1465,7 @@ func TestAdmitWithPrioritizedSCC(t *testing.T) { |
1465 | 1465 |
// testSCCAdmission is a helper to admit the pod and ensure it was validated against the expected |
1466 | 1466 |
// SCC. |
1467 | 1467 |
func testSCCAdmission(pod *kapi.Pod, plugin kadmission.Interface, expectedSCC string, t *testing.T) { |
1468 |
- attrs := kadmission.NewAttributesRecord(pod, kapi.Kind("Pod"), "namespace", "", kapi.Resource("pods"), "", kadmission.Create, &user.DefaultInfo{}) |
|
1468 |
+ attrs := kadmission.NewAttributesRecord(pod, kapi.Kind("Pod").WithVersion("version"), "namespace", "", kapi.Resource("pods").WithVersion("version"), "", kadmission.Create, &user.DefaultInfo{}) |
|
1469 | 1469 |
err := plugin.Admit(attrs) |
1470 | 1470 |
if err != nil { |
1471 | 1471 |
t.Errorf("error admitting pod: %v", err) |
... | ... |
@@ -28,7 +28,7 @@ func (d *sccExecRestrictions) Admit(a admission.Attributes) (err error) { |
28 | 28 |
if a.GetOperation() != admission.Connect { |
29 | 29 |
return nil |
30 | 30 |
} |
31 |
- if a.GetResource() != kapi.Resource("pods") { |
|
31 |
+ if a.GetResource().GroupResource() != kapi.Resource("pods") { |
|
32 | 32 |
return nil |
33 | 33 |
} |
34 | 34 |
if a.GetSubresource() != "attach" && a.GetSubresource() != "exec" { |
... | ... |
@@ -42,7 +42,7 @@ func (d *sccExecRestrictions) Admit(a admission.Attributes) (err error) { |
42 | 42 |
|
43 | 43 |
// TODO, if we want to actually limit who can use which service account, then we'll need to add logic here to make sure that |
44 | 44 |
// we're allowed to use the SA the pod is using. Otherwise, user-A creates pod and user-B (who can't use the SA) can exec into it. |
45 |
- createAttributes := admission.NewAttributesRecord(pod, kapi.Kind("Pod"), a.GetNamespace(), a.GetName(), a.GetResource(), a.GetSubresource(), admission.Create, a.GetUserInfo()) |
|
45 |
+ createAttributes := admission.NewAttributesRecord(pod, kapi.Kind("Pod").WithVersion(""), a.GetNamespace(), a.GetName(), a.GetResource(), a.GetSubresource(), admission.Create, a.GetUserInfo()) |
|
46 | 46 |
if err := d.constraintAdmission.Admit(createAttributes); err != nil { |
47 | 47 |
return admission.NewForbidden(a, err) |
48 | 48 |
} |
... | ... |
@@ -90,7 +90,7 @@ func TestExecAdmit(t *testing.T) { |
90 | 90 |
// create the admission plugin |
91 | 91 |
p := NewSCCExecRestrictions(tc) |
92 | 92 |
|
93 |
- attrs := kadmission.NewAttributesRecord(v.pod, kapi.Kind("Pod"), "namespace", "pod-name", kapi.Resource(v.resource), v.subresource, v.operation, &user.DefaultInfo{}) |
|
93 |
+ attrs := kadmission.NewAttributesRecord(v.pod, kapi.Kind("Pod").WithVersion("version"), "namespace", "pod-name", kapi.Resource(v.resource).WithVersion("version"), v.subresource, v.operation, &user.DefaultInfo{}) |
|
94 | 94 |
err := p.Admit(attrs) |
95 | 95 |
|
96 | 96 |
if v.shouldAdmit && err != nil { |
... | ... |
@@ -74,7 +74,7 @@ func (s networkSlice) Contains(ip net.IP) bool { |
74 | 74 |
|
75 | 75 |
// Admit determines if the service should be admitted based on the configured network CIDR. |
76 | 76 |
func (r *externalIPRanger) Admit(a kadmission.Attributes) error { |
77 |
- if a.GetResource() != kapi.Resource("services") { |
|
77 |
+ if a.GetResource().GroupResource() != kapi.Resource("services") { |
|
78 | 78 |
return nil |
79 | 79 |
} |
80 | 80 |
|
... | ... |
@@ -104,7 +104,7 @@ func (r *externalIPRanger) Admit(a kadmission.Attributes) error { |
104 | 104 |
} |
105 | 105 |
} |
106 | 106 |
if len(errs) > 0 { |
107 |
- return apierrs.NewInvalid(a.GetKind(), a.GetName(), errs) |
|
107 |
+ return apierrs.NewInvalid(a.GetKind().GroupKind(), a.GetName(), errs) |
|
108 | 108 |
} |
109 | 109 |
return nil |
110 | 110 |
} |
... | ... |
@@ -161,7 +161,7 @@ func TestAdmission(t *testing.T) { |
161 | 161 |
svc.Spec.ExternalIPs = test.externalIPs |
162 | 162 |
handler := NewExternalIPRanger(test.rejects, test.admits) |
163 | 163 |
|
164 |
- err := handler.Admit(admission.NewAttributesRecord(svc, kapi.Kind("Service"), "namespace", svc.ObjectMeta.Name, kapi.Resource("services"), "", test.op, nil)) |
|
164 |
+ err := handler.Admit(admission.NewAttributesRecord(svc, kapi.Kind("Service").WithVersion("version"), "namespace", svc.ObjectMeta.Name, kapi.Resource("services").WithVersion("version"), "", test.op, nil)) |
|
165 | 165 |
if test.admit && err != nil { |
166 | 166 |
t.Errorf("%s: expected no error but got: %s", test.testName, err) |
167 | 167 |
} else if !test.admit && err == nil { |