feature: working spring boot example

csviri · csviri · commit 5aa1bc4625ae · 2021-12-21T14:09:02.000+01:00
diff --git a/core/src/main/java/io/javaoperatorsdk/admissioncontroller/AdmissionUtils.java b/core/src/main/java/io/javaoperatorsdk/admissioncontroller/AdmissionUtils.java
@@ -35,6 +35,9 @@ public static AdmissionResponse admissionResponseFromMutation(KubernetesResource
     AdmissionResponse admissionResponse = new AdmissionResponse();
     admissionResponse.setAllowed(true);
     admissionResponse.setPatchType(JSON_PATCH);
+    Status status = new Status();
+    status.setCode(200);
+    admissionResponse.setStatus(status);
     var originalResNode = mapper.valueToTree(originalResource);
     var mutatedResNode = mapper.valueToTree(mutatedResource);
 
diff --git a/core/src/main/java/io/javaoperatorsdk/admissioncontroller/NotAllowedException.java b/core/src/main/java/io/javaoperatorsdk/admissioncontroller/NotAllowedException.java
@@ -19,7 +19,8 @@ public NotAllowedException(Throwable cause, Status status) {
     this.status = status;
   }
 
-  public NotAllowedException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace, Status status) {
+  public NotAllowedException(String message, Throwable cause, boolean enableSuppression,
+      boolean writableStackTrace, Status status) {
     super(message, cause, enableSuppression, writableStackTrace);
     this.status = status;
   }
diff --git a/pom.xml b/pom.xml
@@ -51,6 +51,7 @@
         <maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
         <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
         <json-patch.version>1.13</json-patch.version>
+        <maven-javadoc-plugin.version>3.3.1</maven-javadoc-plugin.version>
     </properties>
 
     <modules>
diff --git a/samples/spring-boot-sample/src/main/java/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/AdmissionEndpoint.java b/samples/spring-boot-sample/src/main/java/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/AdmissionEndpoint.java
@@ -1,9 +1,12 @@
 package io.javaoperatorsdk.admissioncontroller.sample.springbootsample;
 
-import io.fabric8.kubernetes.api.model.HasMetadata;
+import io.fabric8.kubernetes.api.model.Pod;
 import io.fabric8.kubernetes.api.model.admission.v1.AdmissionReview;
 import io.javaoperatorsdk.admissioncontroller.AdmissionController;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -12,17 +15,27 @@
 @RestController
 public class AdmissionEndpoint {
 
-    private final AdmissionController<HasMetadata> addLabelMutationController;
+    private final AdmissionController<Pod> addLabelMutationController;
+    private final AdmissionController<Pod> validatingController;
 
     @Autowired
-    public AdmissionEndpoint(AdmissionController<HasMetadata> addLabelMutationController) {
+    public AdmissionEndpoint(@Qualifier("mutatingController") AdmissionController<Pod> addLabelMutationController,
+                             @Qualifier("validatingController") AdmissionController<Pod> validatingController) {
         this.addLabelMutationController = addLabelMutationController;
+        this.validatingController = validatingController;
     }
 
     @PostMapping("/mutate")
     @ResponseBody
-    public AdmissionReview admissionReview(@RequestBody AdmissionReview admissionReview) {
-        return addLabelMutationController.handle(admissionReview);
+    public ResponseEntity<AdmissionReview> mutate(@RequestBody AdmissionReview admissionReview) {
+        AdmissionReview resultReview = addLabelMutationController.handle(admissionReview);
+        return new ResponseEntity<>(resultReview, HttpStatus.valueOf(resultReview.getResponse().getStatus().getCode()));
+    }
+
+    @PostMapping("/validate")
+    public ResponseEntity<AdmissionReview> validate(@RequestBody AdmissionReview admissionReview) {
+        AdmissionReview resultReview = validatingController.handle(admissionReview);
+        return new ResponseEntity<>(resultReview, HttpStatus.valueOf(resultReview.getResponse().getStatus().getCode()));
     }
 
 }
diff --git a/samples/spring-boot-sample/src/main/java/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/Config.java b/samples/spring-boot-sample/src/main/java/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/Config.java
@@ -1,19 +1,32 @@
 package io.javaoperatorsdk.admissioncontroller.sample.springbootsample;
 
 import io.fabric8.kubernetes.api.model.HasMetadata;
+import io.fabric8.kubernetes.api.model.Pod;
 import io.javaoperatorsdk.admissioncontroller.AdmissionController;
+import io.javaoperatorsdk.admissioncontroller.NotAllowedException;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration
 public class Config {
 
+    public static final String APP_NAME_LABEL_KEY = "app.kubernetes.io/name";
+
     @Bean
-    public AdmissionController<HasMetadata> admissionController() {
+    public AdmissionController<Pod> mutatingController() {
         return new AdmissionController<>((resource, operation) -> {
-            resource.getMetadata().getLabels().putIfAbsent("app.kubernetes.io/name", "mutation-test");
+            resource.getMetadata().getLabels().putIfAbsent(APP_NAME_LABEL_KEY, "mutation-test");
             return resource;
         });
     }
 
+    @Bean
+    public AdmissionController<Pod> validatingController() {
+        return new AdmissionController<>((resource, operation) -> {
+            if (resource.getMetadata().getLabels().get(APP_NAME_LABEL_KEY) == null) {
+                throw new NotAllowedException("Missing label: " + APP_NAME_LABEL_KEY);
+            }
+        });
+    }
+
 }
diff --git a/samples/spring-boot-sample/src/test/java/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/AdmissionEndpointTest.java b/samples/spring-boot-sample/src/test/java/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/AdmissionEndpointTest.java
@@ -0,0 +1,42 @@
+package io.javaoperatorsdk.admissioncontroller.sample.springbootsample;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.core.io.Resource;
+import org.springframework.http.MediaType;
+import org.springframework.test.web.servlet.MockMvc;
+
+import java.nio.file.Files;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+public class AdmissionEndpointTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Value("classpath:admission-request.json")
+    private Resource request;
+
+
+    @Test
+    public void testValidation() throws Exception {
+        mockMvc.perform(post("/validate").contentType(MediaType.APPLICATION_JSON)
+                        .content(new String(Files.readAllBytes(request.getFile().toPath()))))
+                .andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void testMutation() throws Exception {
+        mockMvc.perform(post("/mutate").contentType(MediaType.APPLICATION_JSON)
+                        .content(new String(Files.readAllBytes(request.getFile().toPath()))))
+                .andExpect(status().isOk());
+    }
+
+}
diff --git a/samples/spring-boot-sample/src/test/resources/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/admission-request.json b/samples/spring-boot-sample/src/test/resources/io/javaoperatorsdk/admissioncontroller/sample/springbootsample/admission-request.json
@@ -0,0 +1,116 @@
+{
+  "kind": "AdmissionReview",
+  "apiVersion": "admission.k8s.io/v1beta1",
+  "request": {
+    "uid": "0df28fbd-5f5f-11e8-bc74-36e6bb280816",
+    "kind": {
+      "group": "",
+      "version": "v1",
+      "kind": "Pod"
+    },
+    "resource": {
+      "group": "",
+      "version": "v1",
+      "resource": "pods"
+    },
+    "namespace": "dummy",
+    "operation": "CREATE",
+    "userInfo": {
+      "username": "system:serviceaccount:kube-system:replicaset-controller",
+      "uid": "a7e0ab33-5f29-11e8-8a3c-36e6bb280816",
+      "groups": [
+        "system:serviceaccounts",
+        "system:serviceaccounts:kube-system",
+        "system:authenticated"
+      ]
+    },
+    "object": {
+      "apiVersion": "v1",
+      "kind": "Pod",
+      "metadata": {
+        "generateName": "nginx-deployment-6c54bd5869-",
+        "creationTimestamp": null,
+        "labels": {
+          "app": "nginx",
+          "pod-template-hash": "2710681425"
+        },
+        "annotations": {
+          "openshift.io/scc": "restricted"
+        },
+        "ownerReferences": [
+          {
+            "apiVersion": "extensions/v1beta1",
+            "kind": "ReplicaSet",
+            "name": "nginx-deployment-6c54bd5869",
+            "uid": "16c2b355-5f5d-11e8-ac91-36e6bb280816",
+            "controller": true,
+            "blockOwnerDeletion": true
+          }
+        ]
+      },
+      "spec": {
+        "volumes": [
+          {
+            "name": "default-token-tq5lq",
+            "secret": {
+              "secretName": "default-token-tq5lq"
+            }
+          }
+        ],
+        "containers": [
+          {
+            "name": "nginx",
+            "image": "nginx:1.7.9",
+            "ports": [
+              {
+                "containerPort": 80,
+                "protocol": "TCP"
+              }
+            ],
+            "resources": {},
+            "volumeMounts": [
+              {
+                "name": "default-token-tq5lq",
+                "readOnly": true,
+                "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
+              }
+            ],
+            "terminationMessagePath": "/dev/termination-log",
+            "terminationMessagePolicy": "File",
+            "imagePullPolicy": "IfNotPresent",
+            "securityContext": {
+              "capabilities": {
+                "drop": [
+                  "KILL",
+                  "MKNOD",
+                  "SETGID",
+                  "SETUID"
+                ]
+              },
+              "runAsUser": 1000080000
+            }
+          }
+        ],
+        "restartPolicy": "Always",
+        "terminationGracePeriodSeconds": 30,
+        "dnsPolicy": "ClusterFirst",
+        "serviceAccountName": "default",
+        "serviceAccount": "default",
+        "securityContext": {
+          "seLinuxOptions": {
+            "level": "s0:c9,c4"
+          },
+          "fsGroup": 1000080000
+        },
+        "imagePullSecrets": [
+          {
+            "name": "default-dockercfg-kksdv"
+          }
+        ],
+        "schedulerName": "default-scheduler"
+      },
+      "status": {}
+    },
+    "oldObject": null
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,8 @@ public NotAllowedException(Throwable cause, Status status) {`
`19`	`19`	`this.status = status;`
`20`	`20`	`}`
`21`	`21`
`22`		`- public NotAllowedException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace, Status status) {`
	`22`	`+ public NotAllowedException(String message, Throwable cause, boolean enableSuppression,`
	`23`	`+ boolean writableStackTrace, Status status) {`
`23`	`24`	`super(message, cause, enableSuppression, writableStackTrace);`
`24`	`25`	`this.status = status;`
`25`	`26`	`}`