Browse code
Do not check builds/details in build by strategy admission control
Cesar Wong authored on 2016/01/16 01:22:33Showing 2 changed files
| ... | ... |
@@ -49,6 +49,11 @@ func (a *buildByStrategy) Admit(attr admission.Attributes) error {
|
| 49 | 49 |
if resource := attr.GetResource(); resource != buildsResource && resource != buildConfigsResource {
|
| 50 | 50 |
return nil |
| 51 | 51 |
} |
| 52 |
+ // Explicitly exclude the builds/details subresource because it's only |
|
| 53 |
+ // updating commit info and cannot change build type. |
|
| 54 |
+ if attr.GetResource() == buildsResource && attr.GetSubresource() == "details" {
|
|
| 55 |
+ return nil |
|
| 56 |
+ } |
|
| 52 | 57 |
switch obj := attr.GetObject().(type) {
|
| 53 | 58 |
case *buildapi.Build: |
| 54 | 59 |
return a.checkBuildAuthorization(obj, attr) |
| ... | ... |
@@ -128,6 +128,15 @@ func TestBuildAdmission(t *testing.T) {
|
| 128 | 128 |
expectAccept: false, |
| 129 | 129 |
expectedError: "Internal error occurred: [Unrecognized request object &admission.fakeObject{}, couldn't find ObjectMeta field in admission.fakeObject{}]",
|
| 130 | 130 |
}, |
| 131 |
+ {
|
|
| 132 |
+ name: "details on forbidden docker build", |
|
| 133 |
+ object: testBuild(buildapi.BuildStrategy{DockerStrategy: &buildapi.DockerBuildStrategy{}}),
|
|
| 134 |
+ kind: "Build", |
|
| 135 |
+ resource: buildsResource, |
|
| 136 |
+ subResource: "details", |
|
| 137 |
+ reviewResponse: reviewResponse(false, "cannot create build of type docker build"), |
|
| 138 |
+ expectAccept: true, |
|
| 139 |
+ }, |
|
| 131 | 140 |
} |
| 132 | 141 |
|
| 133 | 142 |
ops := []admission.Operation{admission.Create, admission.Update}
|