Merge pull request kubernetes#76849 from liggitt/crd_webhook_integration_tests

Fix scale and rollback subresources with admission webhooks, add integration tests

Author: k8s-ci-robot

pkg/registry/apps/deployment/storage/storage.go

@@ -158,24 +158,27 @@ func (r *RollbackREST) New() runtime.Object {
 	return &apps.DeploymentRollback{}
 }
 
-var _ = rest.Creater(&RollbackREST{})
+var _ = rest.NamedCreater(&RollbackREST{})
 
-func (r *RollbackREST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
+func (r *RollbackREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
 	rollback, ok := obj.(*apps.DeploymentRollback)
 	if !ok {
 		return nil, errors.NewBadRequest(fmt.Sprintf("not a DeploymentRollback: %#v", obj))
 	}
 
+	if errs := appsvalidation.ValidateDeploymentRollback(rollback); len(errs) != 0 {
+		return nil, errors.NewInvalid(apps.Kind("DeploymentRollback"), rollback.Name, errs)
+	}
+	if name != rollback.Name {
+		return nil, errors.NewBadRequest("name in URL does not match name in DeploymentRollback object")
+	}
+
 	if createValidation != nil {
 		if err := createValidation(obj.DeepCopyObject()); err != nil {
 			return nil, err
 		}
 	}
 
-	if errs := appsvalidation.ValidateDeploymentRollback(rollback); len(errs) != 0 {
-		return nil, errors.NewInvalid(apps.Kind("DeploymentRollback"), rollback.Name, errs)
-	}
-
 	// Update the Deployment with information in DeploymentRollback to trigger rollback
 	err := r.rollbackDeployment(ctx, rollback.Name, &rollback.RollbackTo, rollback.UpdatedAnnotations, dryrun.IsDryRun(options.DryRun))
 	if err != nil {
@@ -293,7 +296,15 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 
 	deployment.Spec.Replicas = scale.Spec.Replicas
 	deployment.ResourceVersion = scale.ResourceVersion
-	obj, _, err = r.store.Update(ctx, deployment.Name, rest.DefaultUpdatedObjectInfo(deployment), createValidation, updateValidation, false, options)
+	obj, _, err = r.store.Update(
+		ctx,
+		deployment.Name,
+		rest.DefaultUpdatedObjectInfo(deployment),
+		toScaleCreateValidation(createValidation),
+		toScaleUpdateValidation(updateValidation),
+		false,
+		options,
+	)
 	if err != nil {
 		return nil, false, err
 	}
@@ -305,6 +316,30 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 	return newScale, false, nil
 }
 
+func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc {
+	return func(obj runtime.Object) error {
+		scale, err := scaleFromDeployment(obj.(*apps.Deployment))
+		if err != nil {
+			return err
+		}
+		return f(scale)
+	}
+}
+
+func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc {
+	return func(obj, old runtime.Object) error {
+		newScale, err := scaleFromDeployment(obj.(*apps.Deployment))
+		if err != nil {
+			return err
+		}
+		oldScale, err := scaleFromDeployment(old.(*apps.Deployment))
+		if err != nil {
+			return err
+		}
+		return f(newScale, oldScale)
+	}
+}
+
 // scaleFromDeployment returns a scale subresource for a deployment.
 func scaleFromDeployment(deployment *apps.Deployment) (*autoscaling.Scale, error) {
 	selector, err := metav1.LabelSelectorAsSelector(deployment.Spec.Selector)

pkg/registry/apps/deployment/storage/storage_test.go

@@ -351,7 +351,7 @@ func TestEtcdCreateDeploymentRollback(t *testing.T) {
 		if _, err := storage.Deployment.Create(ctx, validNewDeployment(), rest.ValidateAllObjectFunc, &metav1.CreateOptions{}); err != nil {
 			t.Fatalf("%s: unexpected error: %v", k, err)
 		}
-		rollbackRespStatus, err := rollbackStorage.Create(ctx, &test.rollback, rest.ValidateAllObjectFunc, &metav1.CreateOptions{})
+		rollbackRespStatus, err := rollbackStorage.Create(ctx, test.rollback.Name, &test.rollback, rest.ValidateAllObjectFunc, &metav1.CreateOptions{})
 		if !test.errOK(err) {
 			t.Errorf("%s: unexpected error: %v", k, err)
 		} else if err == nil {
@@ -392,7 +392,7 @@ func TestCreateDeploymentRollbackValidation(t *testing.T) {
 
 	validationError := fmt.Errorf("admission deny")
 	alwaysDenyValidationFunc := func(obj runtime.Object) error { return validationError }
-	_, err := rollbackStorage.Create(ctx, &rollback, alwaysDenyValidationFunc, &metav1.CreateOptions{})
+	_, err := rollbackStorage.Create(ctx, rollback.Name, &rollback, alwaysDenyValidationFunc, &metav1.CreateOptions{})
 
 	if err == nil || validationError != err {
 		t.Errorf("expected: %v, got: %v", validationError, err)
@@ -411,7 +411,7 @@ func TestEtcdCreateDeploymentRollbackNoDeployment(t *testing.T) {
 	rollbackStorage := storage.Rollback
 	ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), namespace)
 
-	_, err := rollbackStorage.Create(ctx, &apps.DeploymentRollback{
+	_, err := rollbackStorage.Create(ctx, name, &apps.DeploymentRollback{
 		Name:               name,
 		UpdatedAnnotations: map[string]string{},
 		RollbackTo:         apps.RollbackConfig{Revision: 1},

pkg/registry/apps/replicaset/storage/storage.go

@@ -201,7 +201,15 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 
 	rs.Spec.Replicas = scale.Spec.Replicas
 	rs.ResourceVersion = scale.ResourceVersion
-	obj, _, err = r.store.Update(ctx, rs.Name, rest.DefaultUpdatedObjectInfo(rs), createValidation, updateValidation, false, options)
+	obj, _, err = r.store.Update(
+		ctx,
+		rs.Name,
+		rest.DefaultUpdatedObjectInfo(rs),
+		toScaleCreateValidation(createValidation),
+		toScaleUpdateValidation(updateValidation),
+		false,
+		options,
+	)
 	if err != nil {
 		return nil, false, err
 	}
@@ -213,6 +221,30 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 	return newScale, false, err
 }
 
+func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc {
+	return func(obj runtime.Object) error {
+		scale, err := scaleFromReplicaSet(obj.(*apps.ReplicaSet))
+		if err != nil {
+			return err
+		}
+		return f(scale)
+	}
+}
+
+func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc {
+	return func(obj, old runtime.Object) error {
+		newScale, err := scaleFromReplicaSet(obj.(*apps.ReplicaSet))
+		if err != nil {
+			return err
+		}
+		oldScale, err := scaleFromReplicaSet(old.(*apps.ReplicaSet))
+		if err != nil {
+			return err
+		}
+		return f(newScale, oldScale)
+	}
+}
+
 // scaleFromReplicaSet returns a scale subresource for a replica set.
 func scaleFromReplicaSet(rs *apps.ReplicaSet) (*autoscaling.Scale, error) {
 	selector, err := metav1.LabelSelectorAsSelector(rs.Spec.Selector)

pkg/registry/apps/statefulset/storage/storage.go

@@ -188,7 +188,15 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 
 	ss.Spec.Replicas = scale.Spec.Replicas
 	ss.ResourceVersion = scale.ResourceVersion
-	obj, _, err = r.store.Update(ctx, ss.Name, rest.DefaultUpdatedObjectInfo(ss), createValidation, updateValidation, false, options)
+	obj, _, err = r.store.Update(
+		ctx,
+		ss.Name,
+		rest.DefaultUpdatedObjectInfo(ss),
+		toScaleCreateValidation(createValidation),
+		toScaleUpdateValidation(updateValidation),
+		false,
+		options,
+	)
 	if err != nil {
 		return nil, false, err
 	}
@@ -200,6 +208,30 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 	return newScale, false, err
 }
 
+func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc {
+	return func(obj runtime.Object) error {
+		scale, err := scaleFromStatefulSet(obj.(*apps.StatefulSet))
+		if err != nil {
+			return err
+		}
+		return f(scale)
+	}
+}
+
+func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc {
+	return func(obj, old runtime.Object) error {
+		newScale, err := scaleFromStatefulSet(obj.(*apps.StatefulSet))
+		if err != nil {
+			return err
+		}
+		oldScale, err := scaleFromStatefulSet(old.(*apps.StatefulSet))
+		if err != nil {
+			return err
+		}
+		return f(newScale, oldScale)
+	}
+}
+
 // scaleFromStatefulSet returns a scale subresource for a statefulset.
 func scaleFromStatefulSet(ss *apps.StatefulSet) (*autoscaling.Scale, error) {
 	selector, err := metav1.LabelSelectorAsSelector(ss.Spec.Selector)

pkg/registry/core/replicationcontroller/storage/storage.go

@@ -183,14 +183,37 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 
 	rc.Spec.Replicas = scale.Spec.Replicas
 	rc.ResourceVersion = scale.ResourceVersion
-	obj, _, err = r.store.Update(ctx, rc.Name, rest.DefaultUpdatedObjectInfo(rc), createValidation, updateValidation, false, options)
+	obj, _, err = r.store.Update(
+		ctx,
+		rc.Name,
+		rest.DefaultUpdatedObjectInfo(rc),
+		toScaleCreateValidation(createValidation),
+		toScaleUpdateValidation(updateValidation),
+		false,
+		options,
+	)
 	if err != nil {
 		return nil, false, err
 	}
 	rc = obj.(*api.ReplicationController)
 	return scaleFromRC(rc), false, nil
 }
 
+func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc {
+	return func(obj runtime.Object) error {
+		return f(scaleFromRC(obj.(*api.ReplicationController)))
+	}
+}
+
+func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc {
+	return func(obj, old runtime.Object) error {
+		return f(
+			scaleFromRC(obj.(*api.ReplicationController)),
+			scaleFromRC(old.(*api.ReplicationController)),
+		)
+	}
+}
+
 // scaleFromRC returns a scale subresource for a replication controller.
 func scaleFromRC(rc *api.ReplicationController) *autoscaling.Scale {
 	return &autoscaling.Scale{

pkg/registry/extensions/controller/storage/storage.go

@@ -95,14 +95,37 @@ func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.Update
 
 	rc.Spec.Replicas = scale.Spec.Replicas
 	rc.ResourceVersion = scale.ResourceVersion
-	obj, _, err = r.store.Update(ctx, rc.Name, rest.DefaultUpdatedObjectInfo(rc), createValidation, updateValidation, false, options)
+	obj, _, err = r.store.Update(
+		ctx,
+		rc.Name,
+		rest.DefaultUpdatedObjectInfo(rc),
+		toScaleCreateValidation(createValidation),
+		toScaleUpdateValidation(updateValidation),
+		false,
+		options,
+	)
 	if err != nil {
 		return nil, false, errors.NewConflict(extensions.Resource("replicationcontrollers/scale"), scale.Name, err)
 	}
 	rc = obj.(*api.ReplicationController)
 	return scaleFromRC(rc), false, nil
 }
 
+func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc {
+	return func(obj runtime.Object) error {
+		return f(scaleFromRC(obj.(*api.ReplicationController)))
+	}
+}
+
+func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc {
+	return func(obj, old runtime.Object) error {
+		return f(
+			scaleFromRC(obj.(*api.ReplicationController)),
+			scaleFromRC(old.(*api.ReplicationController)),
+		)
+	}
+}
+
 // scaleFromRC returns a scale subresource for a replication controller.
 func scaleFromRC(rc *api.ReplicationController) *autoscaling.Scale {
 	return &autoscaling.Scale{

pkg/registry/rbac/rest/storage_rbac.go

@@ -190,9 +190,9 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
 					case result.Protected && result.Operation != reconciliation.ReconcileNone:
 						klog.Warningf("skipped reconcile-protected clusterrole.%s/%s with missing permissions: %v", rbac.GroupName, clusterRole.Name, result.MissingRules)
 					case result.Operation == reconciliation.ReconcileUpdate:
-						klog.Infof("updated clusterrole.%s/%s with additional permissions: %v", rbac.GroupName, clusterRole.Name, result.MissingRules)
+						klog.V(2).Infof("updated clusterrole.%s/%s with additional permissions: %v", rbac.GroupName, clusterRole.Name, result.MissingRules)
 					case result.Operation == reconciliation.ReconcileCreate:
-						klog.Infof("created clusterrole.%s/%s", rbac.GroupName, clusterRole.Name)
+						klog.V(2).Infof("created clusterrole.%s/%s", rbac.GroupName, clusterRole.Name)
 					}
 					return nil
 				})
@@ -218,11 +218,11 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
 					case result.Protected && result.Operation != reconciliation.ReconcileNone:
 						klog.Warningf("skipped reconcile-protected clusterrolebinding.%s/%s with missing subjects: %v", rbac.GroupName, clusterRoleBinding.Name, result.MissingSubjects)
 					case result.Operation == reconciliation.ReconcileUpdate:
-						klog.Infof("updated clusterrolebinding.%s/%s with additional subjects: %v", rbac.GroupName, clusterRoleBinding.Name, result.MissingSubjects)
+						klog.V(2).Infof("updated clusterrolebinding.%s/%s with additional subjects: %v", rbac.GroupName, clusterRoleBinding.Name, result.MissingSubjects)
 					case result.Operation == reconciliation.ReconcileCreate:
-						klog.Infof("created clusterrolebinding.%s/%s", rbac.GroupName, clusterRoleBinding.Name)
+						klog.V(2).Infof("created clusterrolebinding.%s/%s", rbac.GroupName, clusterRoleBinding.Name)
 					case result.Operation == reconciliation.ReconcileRecreate:
-						klog.Infof("recreated clusterrolebinding.%s/%s", rbac.GroupName, clusterRoleBinding.Name)
+						klog.V(2).Infof("recreated clusterrolebinding.%s/%s", rbac.GroupName, clusterRoleBinding.Name)
 					}
 					return nil
 				})
@@ -249,9 +249,9 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
 						case result.Protected && result.Operation != reconciliation.ReconcileNone:
 							klog.Warningf("skipped reconcile-protected role.%s/%s in %v with missing permissions: %v", rbac.GroupName, role.Name, namespace, result.MissingRules)
 						case result.Operation == reconciliation.ReconcileUpdate:
-							klog.Infof("updated role.%s/%s in %v with additional permissions: %v", rbac.GroupName, role.Name, namespace, result.MissingRules)
+							klog.V(2).Infof("updated role.%s/%s in %v with additional permissions: %v", rbac.GroupName, role.Name, namespace, result.MissingRules)
 						case result.Operation == reconciliation.ReconcileCreate:
-							klog.Infof("created role.%s/%s in %v", rbac.GroupName, role.Name, namespace)
+							klog.V(2).Infof("created role.%s/%s in %v", rbac.GroupName, role.Name, namespace)
 						}
 						return nil
 					})
@@ -279,11 +279,11 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
 						case result.Protected && result.Operation != reconciliation.ReconcileNone:
 							klog.Warningf("skipped reconcile-protected rolebinding.%s/%s in %v with missing subjects: %v", rbac.GroupName, roleBinding.Name, namespace, result.MissingSubjects)
 						case result.Operation == reconciliation.ReconcileUpdate:
-							klog.Infof("updated rolebinding.%s/%s in %v with additional subjects: %v", rbac.GroupName, roleBinding.Name, namespace, result.MissingSubjects)
+							klog.V(2).Infof("updated rolebinding.%s/%s in %v with additional subjects: %v", rbac.GroupName, roleBinding.Name, namespace, result.MissingSubjects)
 						case result.Operation == reconciliation.ReconcileCreate:
-							klog.Infof("created rolebinding.%s/%s in %v", rbac.GroupName, roleBinding.Name, namespace)
+							klog.V(2).Infof("created rolebinding.%s/%s in %v", rbac.GroupName, roleBinding.Name, namespace)
 						case result.Operation == reconciliation.ReconcileRecreate:
-							klog.Infof("recreated rolebinding.%s/%s in %v", rbac.GroupName, roleBinding.Name, namespace)
+							klog.V(2).Infof("recreated rolebinding.%s/%s in %v", rbac.GroupName, roleBinding.Name, namespace)
 						}
 						return nil
 					})

staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/conversion/BUILD

@@ -12,6 +12,7 @@ go_library(
     importpath = "k8s.io/apiextensions-apiserver/pkg/apiserver/conversion",
     visibility = ["//visibility:public"],
     deps = [
+        "//staging/src/k8s.io/api/autoscaling/v1:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/features:go_default_library",
@@ -22,6 +23,7 @@ go_library(
         "//staging/src/k8s.io/apimachinery/pkg/util/uuid:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
         "//staging/src/k8s.io/client-go/rest:go_default_library",
         "//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
     ],