@@ -26,9 +26,12 @@ import (
2626 "testing"
2727 "time"
2828
29- "k8s.io/api/admission/v1beta1 "
29+ v1 "k8s.io/api/admission/v1 "
3030 corev1 "k8s.io/api/core/v1"
3131 apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
32+ "k8s.io/apimachinery/pkg/util/version"
33+ utilfeature "k8s.io/apiserver/pkg/util/feature"
34+ featuregatetesting "k8s.io/component-base/featuregate/testing"
3235 apiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing"
3336 "k8s.io/kubernetes/pkg/apis/admissionregistration"
3437 admissionregistrationv1apis "k8s.io/kubernetes/pkg/apis/admissionregistration/v1"
@@ -398,15 +401,40 @@ func createV1ValidatingPolicyAndBinding(client clientset.Interface, convertedRul
398401 return nil
399402}
400403
404+ // This test shows that policy intercepts all requests for all resources,
405+ // subresources, verbs, and input versions of policy/binding.
406+ // The test emulates v1.33 as that was the last version before v1beta1 resource was removed.
407+ // Remove this test once v1.33 cannot be emulated in v1.37.
408+ //
409+ // This test tries to mirror very closely the same test for webhook admission
410+ // test/integration/apiserver/admissionwebhook/admission_test.go testWebhookAdmission
411+ func TestPolicyAdmissionV1beta1 (t * testing.T ) {
412+ featuregatetesting .SetFeatureGateEmulationVersionDuringTest (t , utilfeature .DefaultFeatureGate , version .MustParse (vapV1beta1LastEmulatableVersion ))
413+ testPolicyAdmission (t , true )
414+ }
415+
401416// This test shows that policy intercepts all requests for all resources,
402417// subresources, verbs, and input versions of policy/binding.
403418//
404419// This test tries to mirror very closely the same test for webhook admission
405420// test/integration/apiserver/admissionwebhook/admission_test.go testWebhookAdmission
406421func TestPolicyAdmission (t * testing.T ) {
422+ testPolicyAdmission (t , false )
423+ }
424+
425+ func testPolicyAdmission (t * testing.T , supportV1Beta1 bool ) {
426+ supportedVersions := []string {}
427+ if supportV1Beta1 {
428+ supportedVersions = append (supportedVersions , "v1beta1" )
429+ } else {
430+ supportedVersions = append (supportedVersions , "v1" )
431+ }
432+
407433 holder := & policyExpectationHolder {
434+ supportedVersions : supportedVersions ,
408435 holder : holder {
409436 t : t ,
437+ supportedVersions : supportedVersions ,
410438 gvrToConvertedGVR : map [metav1.GroupVersionResource ]metav1.GroupVersionResource {},
411439 gvrToConvertedGVK : map [metav1.GroupVersionResource ]schema.GroupVersionKind {},
412440 },
@@ -530,11 +558,14 @@ func TestPolicyAdmission(t *testing.T) {
530558 holder .gvrToConvertedGVK [metaGVR ] = schema.GroupVersionKind {Group : resourcesByGVR [convertedGVR ].Group , Version : resourcesByGVR [convertedGVR ].Version , Kind : resourcesByGVR [convertedGVR ].Kind }
531559 }
532560
533- if err := createV1beta1ValidatingPolicyAndBinding (client , convertedV1beta1Rules ); err != nil {
534- t .Fatal (err )
535- }
536- if err := createV1ValidatingPolicyAndBinding (client , convertedV1Rules ); err != nil {
537- t .Fatal (err )
561+ if supportV1Beta1 {
562+ if err := createV1beta1ValidatingPolicyAndBinding (client , convertedV1beta1Rules ); err != nil {
563+ t .Fatal (err )
564+ }
565+ } else {
566+ if err := createV1ValidatingPolicyAndBinding (client , convertedV1Rules ); err != nil {
567+ t .Fatal (err )
568+ }
538569 }
539570
540571 // Allow the policy & binding to establish
@@ -554,14 +585,15 @@ func TestPolicyAdmission(t *testing.T) {
554585 holder .reset (t )
555586 testFunc := getTestFunc (gvr , verb )
556587 testFunc (& testContext {
557- t : t ,
558- admissionHolder : holder ,
559- client : dynamicClient ,
560- clientset : client ,
561- verb : verb ,
562- gvr : gvr ,
563- resource : resource ,
564- resources : resourcesByGVR ,
588+ t : t ,
589+ emulateV1beta1Version : supportV1Beta1 ,
590+ admissionHolder : holder ,
591+ client : dynamicClient ,
592+ clientset : client ,
593+ verb : verb ,
594+ gvr : gvr ,
595+ resource : resource ,
596+ resources : resourcesByGVR ,
565597 })
566598 holder .verify (t )
567599 })
@@ -583,8 +615,9 @@ func TestPolicyAdmission(t *testing.T) {
583615
584616type policyExpectationHolder struct {
585617 holder
586- warningLock sync.Mutex
587- warnings []string
618+ supportedVersions []string
619+ warningLock sync.Mutex
620+ warnings []string
588621}
589622
590623func (p * policyExpectationHolder ) reset (t * testing.T ) {
@@ -595,7 +628,7 @@ func (p *policyExpectationHolder) reset(t *testing.T) {
595628 p .holder .reset (t )
596629
597630}
598- func (p * policyExpectationHolder ) expect (gvr schema.GroupVersionResource , gvk , optionsGVK schema.GroupVersionKind , operation v1beta1 .Operation , name , namespace string , object , oldObject , options bool ) {
631+ func (p * policyExpectationHolder ) expect (gvr schema.GroupVersionResource , gvk , optionsGVK schema.GroupVersionKind , operation v1 .Operation , name , namespace string , object , oldObject , options bool ) {
599632 p .holder .expect (gvr , gvk , optionsGVK , operation , name , namespace , object , oldObject , options )
600633
601634 p .lock .Lock ()
@@ -604,7 +637,7 @@ func (p *policyExpectationHolder) expect(gvr schema.GroupVersionResource, gvk, o
604637 p .recorded = map [webhookOptions ]* admissionRequest {}
605638 for _ , phase := range []string {validation } {
606639 for _ , converted := range []bool {true , false } {
607- for _ , version := range [] string { "v1beta1" , "v1" } {
640+ for _ , version := range p . supportedVersions {
608641 p .recorded [webhookOptions {version : version , phase : phase , converted : converted }] = nil
609642 }
610643 }
0 commit comments