Skip to content

Commit d6b9f69

Browse files
djoshydjoshy
committed
add resourceread for ValidatingAdmissionPolicy
1 parent c32b334 commit d6b9f69

File tree

2 files changed

+64
-0
lines changed

2 files changed

+64
-0
lines changed

pkg/operator/resource/resourceread/admission.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,3 +53,21 @@ func ReadValidatingAdmissionPolicyBindingV1beta1OrDie(objBytes []byte) *admissio
5353

5454
return requiredObj.(*admissionv1beta1.ValidatingAdmissionPolicyBinding)
5555
}
56+
57+
func ReadValidatingAdmissionPolicyV1OrDie(objBytes []byte) *admissionv1.ValidatingAdmissionPolicy {
58+
requiredObj, err := runtime.Decode(admissionCodecs.UniversalDecoder(admissionv1.SchemeGroupVersion), objBytes)
59+
if err != nil {
60+
panic(err)
61+
}
62+
63+
return requiredObj.(*admissionv1.ValidatingAdmissionPolicy)
64+
}
65+
66+
func ReadValidatingAdmissionPolicyBindingV1OrDie(objBytes []byte) *admissionv1.ValidatingAdmissionPolicyBinding {
67+
requiredObj, err := runtime.Decode(admissionCodecs.UniversalDecoder(admissionv1.SchemeGroupVersion), objBytes)
68+
if err != nil {
69+
panic(err)
70+
}
71+
72+
return requiredObj.(*admissionv1.ValidatingAdmissionPolicyBinding)
73+
}

pkg/operator/resource/resourceread/admission_test.go

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,3 +102,49 @@ webhooks:
102102
t.Errorf("Expected a webhook, got nil")
103103
}
104104
}
105+
106+
func TestValidatingAdmissionPolicies(t *testing.T) {
107+
validValidatingAdmissionPolicy := `
108+
apiVersion: admissionregistration.k8s.io/v1
109+
kind: ValidatingAdmissionPolicy
110+
metadata:
111+
name: "machine-configuration-guards"
112+
spec:
113+
failurePolicy: Fail
114+
matchConstraints:
115+
matchPolicy: Equivalent
116+
namespaceSelector: {}
117+
objectSelector: {}
118+
resourceRules:
119+
- apiGroups: ["operator.openshift.io"]
120+
apiVersions: ["v1"]
121+
operations: ["CREATE","UPDATE"]
122+
resources: ["machineconfigurations"]
123+
scope: "*"
124+
validations:
125+
- expression: "object.metadata.name=='cluster'"
126+
message: "Only a single object of MachineConfiguration is allowed and it must be named cluster."
127+
`
128+
obj := ReadValidatingAdmissionPolicyV1OrDie([]byte(validValidatingAdmissionPolicy))
129+
if obj == nil {
130+
t.Errorf("Expected a validatingadmissionpolicy, got nil")
131+
}
132+
133+
}
134+
135+
func TestValidatingAdmissionPolicyBindings(t *testing.T) {
136+
validValidatingAdmissionPolicyBinding := `
137+
apiVersion: admissionregistration.k8s.io/v1
138+
kind: ValidatingAdmissionPolicyBinding
139+
metadata:
140+
name: "machine-configuration-guards-binding"
141+
spec:
142+
policyName: "machine-configuration-guards"
143+
validationActions: [Deny]
144+
`
145+
obj := ReadValidatingAdmissionPolicyBindingV1OrDie([]byte(validValidatingAdmissionPolicyBinding))
146+
if obj == nil {
147+
t.Errorf("Expected a validatingadmissionpolicybinding, got nil")
148+
}
149+
150+
}

0 commit comments

Comments
 (0)