Merge pull request #5698 from stormqueen1990/fix/validation-name-reference

k8s-ci-robot · web-flow · commit 856662835f40 · 2024-06-08T01:42:58.000-07:00
fix(namereference): add configuration for new admission API
diff --git a/api/internal/konfig/builtinpluginconsts/namereference.go b/api/internal/konfig/builtinpluginconsts/namereference.go
@@ -421,6 +421,13 @@ nameReference:
   fieldSpecs:
   - path: spec/ingressClassName
     kind: Ingress
+
+- kind: ValidatingAdmissionPolicy
+  group: admissionregistration.k8s.io
+  fieldSpecs:
+  - path: spec/policyName
+    kind: ValidatingAdmissionPolicyBinding
+    group: admissionregistration.k8s.io
 `
 )
 
diff --git a/api/krusty/namereference_test.go b/api/krusty/namereference_test.go
@@ -786,3 +786,85 @@ spec:
         name: tester
 `)
 }
+
+func TestBackReferenceAdmissionPolicy(t *testing.T) {
+	th := kusttest_test.MakeHarness(t)
+	th.WriteK(".", `
+resources:
+- admission.yaml
+
+namePrefix: a-prefix-
+`)
+	th.WriteF("admission.yaml", `---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: sample-policy
+spec:
+  failurePolicy: Fail
+  paramKind:
+    apiVersion: apps/v1
+    kind: Deployment
+  matchConstraints:
+    resourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+  validations:
+    - expression: "!object.metadata.name.startsWith('test-')"
+      message: prefix 'test-' is not allowed
+      reason: Invalid
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: sample-policy-binding
+spec:
+  policyName: sample-policy
+  validationActions:
+  - Deny
+`)
+
+	m := th.Run(".", th.MakeDefaultOptions())
+	th.AssertActualEqualsExpected(m, `
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: a-prefix-sample-policy
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+  paramKind:
+    apiVersion: apps/v1
+    kind: Deployment
+  validations:
+  - expression: '!object.metadata.name.startsWith(''test-'')'
+    message: prefix 'test-' is not allowed
+    reason: Invalid
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: a-prefix-sample-policy-binding
+spec:
+  policyName: a-prefix-sample-policy
+  validationActions:
+  - Deny
+`)
+}

Original file line number	Diff line number	Diff line change
`@@ -421,6 +421,13 @@ nameReference:`
`421`	`421`	`fieldSpecs:`
`422`	`422`	`- path: spec/ingressClassName`
`423`	`423`	`kind: Ingress`
	`424`	`+`
	`425`	`+- kind: ValidatingAdmissionPolicy`
	`426`	`+ group: admissionregistration.k8s.io`
	`427`	`+ fieldSpecs:`
	`428`	`+ - path: spec/policyName`
	`429`	`+ kind: ValidatingAdmissionPolicyBinding`
	`430`	`+ group: admissionregistration.k8s.io`
`424`	`431`	`
`425`	`432`	`)`
`426`	`433`