Upgrade AdmissionReview e2e test image to also support v1

Author: jpbetz

pkg/apis/admission/fuzzer/BUILD

@@ -9,7 +9,12 @@ go_library(
     name = "go_default_library",
     srcs = ["fuzzer.go"],
     importpath = "k8s.io/kubernetes/pkg/apis/admission/fuzzer",
-    deps = ["//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library"],
+    deps = [
+        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
+        "//vendor/github.com/google/gofuzz:go_default_library",
+    ],
 )
 
 filegroup(

pkg/apis/admission/fuzzer/fuzzer.go

@@ -17,10 +17,23 @@ limitations under the License.
 package fuzzer
 
 import (
+	fuzz "github.com/google/gofuzz"
+
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
 	runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
 )
 
 // Funcs returns the fuzzer functions for the admission api group.
 var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
-	return []interface{}{}
+	return []interface{}{
+		func(s *runtime.RawExtension, c fuzz.Continue) {
+			u := &unstructured.Unstructured{Object: map[string]interface{}{
+				"apiVersion": "unknown.group/unknown",
+				"kind":       "Something",
+				"somekey":    "somevalue",
+			}}
+			s.Object = u
+		},
+	}
 }

test/images/agnhost/VERSION

@@ -1 +1 @@
-2.4
+2.5

test/images/agnhost/agnhost

@@ -17,6 +17,7 @@ limitations under the License.
 package crdconvwebhook
 
 import (
+	"fmt"
 	"net/http"
 
 	"github.com/spf13/cobra"
@@ -27,6 +28,7 @@ import (
 var (
 	certFile string
 	keyFile  string
+	port     int
 )
 
 // CmdCrdConversionWebhook is used by agnhost Cobra.
@@ -48,6 +50,8 @@ func init() {
 			"after server cert.")
 	CmdCrdConversionWebhook.Flags().StringVar(&keyFile, "tls-private-key-file", "",
 		"File containing the default x509 private key matching --tls-cert-file.")
+	CmdCrdConversionWebhook.Flags().IntVar(&port, "port", 443,
+		"Secure port that the webhook listens on")
 }
 
 // Config contains the server (the webhook) cert and key.
@@ -62,8 +66,11 @@ func main(cmd *cobra.Command, args []string) {
 	http.HandleFunc("/crdconvert", converter.ServeExampleConvert)
 	clientset := getClient()
 	server := &http.Server{
-		Addr:      ":443",
+		Addr:      fmt.Sprintf(":%d", port),
 		TLSConfig: configTLS(config, clientset),
 	}
-	server.ListenAndServeTLS("", "")
+	err := server.ListenAndServeTLS("", "")
+	if err != nil {
+		panic(err)
+	}
 }

test/images/agnhost/crd-conversion-webhook/main.go

@@ -8,6 +8,7 @@ go_library(
         "alwaysdeny.go",
         "config.go",
         "configmap.go",
+        "convert.go",
         "crd.go",
         "customresource.go",
         "main.go",
@@ -17,7 +18,9 @@ go_library(
     importpath = "k8s.io/kubernetes/test/images/agnhost/webhook",
     visibility = ["//visibility:public"],
     deps = [
+        "//staging/src/k8s.io/api/admission/v1:go_default_library",
         "//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
@@ -48,15 +51,22 @@ go_test(
     name = "go_default_test",
     srcs = [
         "addlabel_test.go",
+        "convert_test.go",
         "patch_test.go",
     ],
     embed = [":go_default_library"],
     deps = [
+        "//pkg/apis/admission/fuzzer:go_default_library",
+        "//staging/src/k8s.io/api/admission/v1:go_default_library",
         "//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/apitesting/fuzzer:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
         "//vendor/github.com/evanphx/json-patch:go_default_library",
+        "//vendor/github.com/google/gofuzz:go_default_library",
     ],
 )

test/images/agnhost/webhook/BUILD

@@ -19,7 +19,7 @@ package webhook
 import (
 	"encoding/json"
 
-	"k8s.io/api/admission/v1beta1"
+	"k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/klog"
 )
@@ -37,7 +37,7 @@ const (
 )
 
 // Add a label {"added-label": "yes"} to the object
-func addLabel(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
+func addLabel(ar v1.AdmissionReview) *v1.AdmissionResponse {
 	klog.V(2).Info("calling add-label")
 	obj := struct {
 		metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -46,13 +46,13 @@ func addLabel(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
 	err := json.Unmarshal(raw, &obj)
 	if err != nil {
 		klog.Error(err)
-		return toAdmissionResponse(err)
+		return toV1AdmissionResponse(err)
 	}
 
-	reviewResponse := v1beta1.AdmissionResponse{}
+	reviewResponse := v1.AdmissionResponse{}
 	reviewResponse.Allowed = true
 
-	pt := v1beta1.PatchTypeJSONPatch
+	pt := v1.PatchTypeJSONPatch
 	labelValue, hasLabel := obj.ObjectMeta.Labels["added-label"]
 	switch {
 	case len(obj.ObjectMeta.Labels) == 0:

test/images/agnhost/webhook/addlabel.go

@@ -22,7 +22,7 @@ import (
 	"testing"
 
 	jsonpatch "github.com/evanphx/json-patch"
-	"k8s.io/api/admission/v1beta1"
+	"k8s.io/api/admission/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -58,7 +58,7 @@ func TestAddLabel(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			review := v1beta1.AdmissionReview{Request: &v1beta1.AdmissionRequest{Object: runtime.RawExtension{Raw: raw}}}
+			review := v1.AdmissionReview{Request: &v1.AdmissionRequest{Object: runtime.RawExtension{Raw: raw}}}
 			response := addLabel(review)
 			if response.Patch != nil {
 				patchObj, err := jsonpatch.DecodePatch([]byte(response.Patch))

test/images/agnhost/webhook/addlabel_test.go

@@ -19,17 +19,17 @@ package webhook
 import (
 	"time"
 
-	"k8s.io/api/admission/v1beta1"
+	"k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/klog"
 )
 
 // alwaysAllowDelayFiveSeconds sleeps for five seconds and allows all requests made to this function.
-func alwaysAllowDelayFiveSeconds(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
+func alwaysAllowDelayFiveSeconds(ar v1.AdmissionReview) *v1.AdmissionResponse {
 	klog.V(2).Info("always-allow-with-delay sleeping for 5 seconds")
 	time.Sleep(5 * time.Second)
 	klog.V(2).Info("calling always-allow")
-	reviewResponse := v1beta1.AdmissionResponse{}
+	reviewResponse := v1.AdmissionResponse{}
 	reviewResponse.Allowed = true
 	reviewResponse.Result = &metav1.Status{Message: "this webhook allows all requests"}
 	return &reviewResponse

test/images/agnhost/webhook/alwaysallow.go

@@ -17,15 +17,15 @@ limitations under the License.
 package webhook
 
 import (
-	"k8s.io/api/admission/v1beta1"
+	"k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/klog"
 )
 
 // alwaysDeny all requests made to this function.
-func alwaysDeny(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
+func alwaysDeny(ar v1.AdmissionReview) *v1.AdmissionResponse {
 	klog.V(2).Info("calling always-deny")
-	reviewResponse := v1beta1.AdmissionResponse{}
+	reviewResponse := v1.AdmissionResponse{}
 	reviewResponse.Allowed = false
 	reviewResponse.Result = &metav1.Status{Message: "this webhook denies all requests"}
 	return &reviewResponse