Skip to content

Commit 99eaa71

Browse files
richabankerrichabanker
committed
init a common apiserver for TestCRDParams testcases
1 parent de2730a commit 99eaa71

File tree

1 file changed

+51
-59
lines changed

1 file changed

+51
-59
lines changed

test/integration/apiserver/cel/validatingadmissionpolicy_test.go

Lines changed: 51 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -2341,33 +2341,64 @@ func generateValidationsWithAuthzCheck(num int, exp string) []admissionregistrat
23412341

23422342
// TestCRDParams tests that a CustomResource can be used as a param resource for a ValidatingAdmissionPolicy.
23432343
func TestCRDParams(t *testing.T) {
2344+
generic.PolicyRefreshInterval = 10 * time.Millisecond
2345+
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.ValidatingAdmissionPolicy, true)
2346+
server, err := apiservertesting.StartTestServer(t, nil, []string{
2347+
"--enable-admission-plugins", "ValidatingAdmissionPolicy",
2348+
}, framework.SharedEtcd())
2349+
if err != nil {
2350+
t.Fatal(err)
2351+
}
2352+
defer server.TearDownFn()
2353+
2354+
config := server.ClientConfig
2355+
client, err := clientset.NewForConfig(config)
2356+
if err != nil {
2357+
t.Fatal(err)
2358+
}
2359+
2360+
crd := versionedCustomResourceDefinition()
2361+
etcd.CreateTestCRDs(t, apiextensionsclientset.NewForConfigOrDie(server.ClientConfig), false, crd)
2362+
dynamicClient, err := dynamic.NewForConfig(config)
2363+
if err != nil {
2364+
t.Fatal(err)
2365+
}
2366+
gvr := schema.GroupVersionResource{
2367+
Group: crd.Spec.Group,
2368+
Version: crd.Spec.Versions[0].Name,
2369+
Resource: crd.Spec.Names.Plural,
2370+
}
2371+
crClient := dynamicClient.Resource(gvr)
2372+
2373+
resource := &unstructured.Unstructured{Object: map[string]interface{}{
2374+
"apiVersion": "awesome.bears.com/v1",
2375+
"kind": "Panda",
2376+
"metadata": map[string]interface{}{
2377+
"name": "config-obj",
2378+
},
2379+
"spec": map[string]interface{}{
2380+
"nameCheck": "crd-test-k8s",
2381+
},
2382+
}}
2383+
_, err = crClient.Create(context.TODO(), resource, metav1.CreateOptions{})
2384+
if err != nil {
2385+
t.Fatalf("error creating %s: %s", gvr, err)
2386+
}
2387+
23442388
testcases := []struct {
23452389
name string
2346-
resource *unstructured.Unstructured
23472390
policy *admissionregistrationv1.ValidatingAdmissionPolicy
2348-
policyBinding *admissionregistrationv1.ValidatingAdmissionPolicyBinding
23492391
namespace *v1.Namespace
23502392
err string
23512393
failureReason metav1.StatusReason
23522394
}{
23532395
{
23542396
name: "a rule that uses data from a CRD param resource does NOT pass",
2355-
resource: &unstructured.Unstructured{Object: map[string]interface{}{
2356-
"apiVersion": "awesome.bears.com/v1",
2357-
"kind": "Panda",
2358-
"metadata": map[string]interface{}{
2359-
"name": "config-obj",
2360-
},
2361-
"spec": map[string]interface{}{
2362-
"nameCheck": "crd-test-k8s",
2363-
},
2364-
}},
23652397
policy: withValidations([]admissionregistrationv1.Validation{
23662398
{
23672399
Expression: "params.spec.nameCheck == object.metadata.name",
23682400
},
23692401
}, withNamespaceMatch(withParams(withCRDParamKind("Panda", "awesome.bears.com", "v1"), withFailurePolicy(admissionregistrationv1.Fail, makePolicy("test-policy"))))),
2370-
policyBinding: makeBinding("crd-policy-binding", "test-policy", "config-obj"),
23712402
namespace: &v1.Namespace{
23722403
ObjectMeta: metav1.ObjectMeta{
23732404
Name: "incorrect-name",
@@ -2378,22 +2409,11 @@ func TestCRDParams(t *testing.T) {
23782409
},
23792410
{
23802411
name: "a rule that uses data from a CRD param resource that does pass",
2381-
resource: &unstructured.Unstructured{Object: map[string]interface{}{
2382-
"apiVersion": "awesome.bears.com/v1",
2383-
"kind": "Panda",
2384-
"metadata": map[string]interface{}{
2385-
"name": "config-obj",
2386-
},
2387-
"spec": map[string]interface{}{
2388-
"nameCheck": "crd-test-k8s",
2389-
},
2390-
}},
23912412
policy: withValidations([]admissionregistrationv1.Validation{
23922413
{
23932414
Expression: "params.spec.nameCheck == object.metadata.name",
23942415
},
23952416
}, withNamespaceMatch(withParams(withCRDParamKind("Panda", "awesome.bears.com", "v1"), withFailurePolicy(admissionregistrationv1.Fail, makePolicy("test-policy"))))),
2396-
policyBinding: makeBinding("crd-policy-binding", "test-policy", "config-obj"),
23972417
namespace: &v1.Namespace{
23982418
ObjectMeta: metav1.ObjectMeta{
23992419
Name: "crd-test-k8s",
@@ -2405,53 +2425,25 @@ func TestCRDParams(t *testing.T) {
24052425

24062426
for _, testcase := range testcases {
24072427
t.Run(testcase.name, func(t *testing.T) {
2408-
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.ValidatingAdmissionPolicy, true)
2409-
server, err := apiservertesting.StartTestServer(t, nil, []string{
2410-
"--enable-admission-plugins", "ValidatingAdmissionPolicy",
2411-
}, framework.SharedEtcd())
2412-
if err != nil {
2413-
t.Fatal(err)
2414-
}
2415-
defer server.TearDownFn()
2416-
2417-
config := server.ClientConfig
2418-
2419-
client, err := clientset.NewForConfig(config)
2420-
if err != nil {
2421-
t.Fatal(err)
2422-
}
2423-
2424-
crd := versionedCustomResourceDefinition()
2425-
etcd.CreateTestCRDs(t, apiextensionsclientset.NewForConfigOrDie(server.ClientConfig), false, crd)
2426-
dynamicClient, err := dynamic.NewForConfig(config)
2427-
if err != nil {
2428-
t.Fatal(err)
2429-
}
2430-
gvr := schema.GroupVersionResource{
2431-
Group: crd.Spec.Group,
2432-
Version: crd.Spec.Versions[0].Name,
2433-
Resource: crd.Spec.Names.Plural,
2434-
}
2435-
crClient := dynamicClient.Resource(gvr)
2436-
_, err = crClient.Create(context.TODO(), testcase.resource, metav1.CreateOptions{})
2437-
if err != nil {
2438-
t.Fatalf("error creating %s: %s", gvr, err)
2439-
}
2440-
24412428
policy := withWaitReadyConstraintAndExpression(testcase.policy)
24422429
if _, err := client.AdmissionregistrationV1().ValidatingAdmissionPolicies().Create(context.TODO(), policy, metav1.CreateOptions{}); err != nil {
24432430
t.Fatal(err)
24442431
}
24452432
// remove default namespace since the CRD is cluster-scoped
2446-
testcase.policyBinding.Spec.ParamRef.Namespace = ""
2447-
if err := createAndWaitReady(t, client, testcase.policyBinding, nil); err != nil {
2433+
policyBinding := makeBinding("crd-policy-binding", "test-policy", "config-obj")
2434+
policyBinding.Spec.ParamRef.Namespace = ""
2435+
if err := createAndWaitReady(t, client, policyBinding, nil); err != nil {
24482436
t.Fatal(err)
24492437
}
24502438

24512439
_, err = client.CoreV1().Namespaces().Create(context.TODO(), testcase.namespace, metav1.CreateOptions{})
24522440

24532441
checkExpectedError(t, err, testcase.err)
24542442
checkFailureReason(t, err, testcase.failureReason)
2443+
if err := cleanupPolicy(t, client, policy, policyBinding); err != nil {
2444+
t.Fatalf("error while cleaning up policy and its bindings: %v", err)
2445+
}
2446+
24552447
})
24562448
}
24572449
}

0 commit comments

Comments
 (0)