Update pkg/webhook to use internal types

Signed-off-by: James Munnelly <james@munnelly.eu>
2020-01-14 17:43:53 +00:00 · 2020-01-14 17:43:53 +00:00 · 866d89ffb0
commit 866d89ffb0
parent b2e6c26eef
6 changed files with 64 additions and 15 deletions
--- a/pkg/webhook/BUILD.bazel
+++ b/pkg/webhook/BUILD.bazel
@ -9,10 +9,10 @@ go_library(
    importpath = "github.com/jetstack/cert-manager/pkg/webhook",
    visibility = ["//visibility:public"],
    deps = [
-        "//pkg/apis/acme/v1alpha2:go_default_library",
-        "//pkg/apis/certmanager/v1alpha2:go_default_library",
+        "//pkg/internal/apis/acme:go_default_library",
        "//pkg/internal/apis/acme/install:go_default_library",
        "//pkg/internal/apis/acme/validation:go_default_library",
+        "//pkg/internal/apis/certmanager:go_default_library",
        "//pkg/internal/apis/certmanager/install:go_default_library",
        "//pkg/internal/apis/certmanager/validation:go_default_library",
        "//pkg/internal/apis/meta/install:go_default_library",
--- a/pkg/webhook/certmanager.go
+++ b/pkg/webhook/certmanager.go
@ -19,20 +19,20 @@ package webhook
 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"

-	cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2"
-	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2"
+	cmacme "github.com/jetstack/cert-manager/pkg/internal/apis/acme"
 	acmeval "github.com/jetstack/cert-manager/pkg/internal/apis/acme/validation"
+	cmapi "github.com/jetstack/cert-manager/pkg/internal/apis/certmanager"
 	"github.com/jetstack/cert-manager/pkg/internal/apis/certmanager/validation"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers"
 )

 var Validators = map[schema.GroupKind]handlers.Validator{
-	gk(cmapi.SchemeGroupVersion, cmapi.CertificateKind):        certificateValidator,
-	gk(cmapi.SchemeGroupVersion, cmapi.CertificateRequestKind): certificateRequestValidator,
-	gk(cmapi.SchemeGroupVersion, cmapi.IssuerKind):             issuerValidator,
-	gk(cmapi.SchemeGroupVersion, cmapi.ClusterIssuerKind):      clusterIssuerValidator,
-	gk(cmacme.SchemeGroupVersion, cmacme.OrderKind):            orderValidator,
-	gk(cmacme.SchemeGroupVersion, cmacme.ChallengeKind):        challengeValidator,
+	gk(cmapi.SchemeGroupVersion, "Certificate"):        certificateValidator,
+	gk(cmapi.SchemeGroupVersion, "CertificateRequest"): certificateRequestValidator,
+	gk(cmapi.SchemeGroupVersion, "Issuer"):             issuerValidator,
+	gk(cmapi.SchemeGroupVersion, "ClusterIssuer"):      clusterIssuerValidator,
+	gk(cmacme.SchemeGroupVersion, "Order"):             orderValidator,
+	gk(cmacme.SchemeGroupVersion, "Challenge"):         challengeValidator,
 }

 var (
--- a/pkg/webhook/handlers/BUILD.bazel
+++ b/pkg/webhook/handlers/BUILD.bazel
@ -37,6 +37,7 @@ go_test(
        "//pkg/webhook/handlers/testdata/apis/testgroup:go_default_library",
        "//pkg/webhook/handlers/testdata/apis/testgroup/install:go_default_library",
        "//pkg/webhook/handlers/testdata/apis/testgroup/v1:go_default_library",
+        "//pkg/webhook/handlers/testdata/apis/testgroup/v2:go_default_library",
        "//pkg/webhook/handlers/testdata/apis/testgroup/validation:go_default_library",
        "@com_github_mattbaird_jsonpatch//:go_default_library",
        "@io_k8s_api//admission/v1beta1:go_default_library",
--- a/pkg/webhook/handlers/testdata/apis/testgroup/validation/BUILD.bazel
+++ b/pkg/webhook/handlers/testdata/apis/testgroup/validation/BUILD.bazel
@ -6,6 +6,7 @@ go_library(
    importpath = "github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/validation",
    visibility = ["//visibility:public"],
    deps = [
+        "//pkg/webhook/handlers/testdata/apis/testgroup:go_default_library",
        "//pkg/webhook/handlers/testdata/apis/testgroup/v1:go_default_library",
        "@io_k8s_apimachinery//pkg/runtime:go_default_library",
        "@io_k8s_apimachinery//pkg/util/validation/field:go_default_library",
--- a/pkg/webhook/handlers/testdata/apis/testgroup/validation/validation.go
+++ b/pkg/webhook/handlers/testdata/apis/testgroup/validation/validation.go
@ -20,11 +20,12 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"

-	v1 "github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v1"
+	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup"
+	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v1"
 )

 func ValidateTestType(obj runtime.Object) field.ErrorList {
-	testType := obj.(*v1.TestType)
+	testType := obj.(*testgroup.TestType)
 	el := field.ErrorList{}
 	if testType.TestField == v1.TestFieldValueNotAllowed {
 		el = append(el, field.Invalid(field.NewPath("testField"), testType.TestField, "invalid value"))
@ -33,8 +34,8 @@ func ValidateTestType(obj runtime.Object) field.ErrorList {
 }

 func ValidateTestTypeUpdate(oldObj, newObj runtime.Object) field.ErrorList {
-	old, ok := oldObj.(*v1.TestType)
-	new := newObj.(*v1.TestType)
+	old, ok := oldObj.(*testgroup.TestType)
+	new := newObj.(*testgroup.TestType)
 	// if oldObj is not set, the Update operation is always valid.
 	if !ok || old == nil {
 		return nil
--- a/pkg/webhook/handlers/validation_test.go
+++ b/pkg/webhook/handlers/validation_test.go
@ -31,6 +31,7 @@ import (
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/install"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v1"
+	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v2"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/validation"
 )

@ -40,13 +41,18 @@ func TestFuncBackedValidator(t *testing.T) {

 	log := klogr.New()
 	c := NewFuncBackedValidator(log, scheme, map[schema.GroupKind]Validator{
-		{Group: testgroup.GroupName, Kind: "TestType"}: ValidatorFunc(&v1.TestType{}, validation.ValidateTestType, validation.ValidateTestTypeUpdate),
+		{Group: testgroup.GroupName, Kind: "TestType"}: ValidatorFunc(&testgroup.TestType{}, validation.ValidateTestType, validation.ValidateTestTypeUpdate),
 	})
 	testTypeGVK := metav1.GroupVersionKind{
 		Group:   v1.SchemeGroupVersion.Group,
 		Version: v1.SchemeGroupVersion.Version,
 		Kind:    "TestType",
 	}
+	testTypeGVKV2 := metav1.GroupVersionKind{
+		Group:   v2.SchemeGroupVersion.Group,
+		Version: v2.SchemeGroupVersion.Version,
+		Kind:    "TestType",
+	}
 	tests := map[string]admissionTestT{
 		"should not allow invalid value for 'testField' field": {
 			inputRequest: admissionv1beta1.AdmissionRequest{
@ -140,6 +146,46 @@ func TestFuncBackedValidator(t *testing.T) {
 	},
 	"testFieldImmutable": "abc"
 }
+`)),
+				},
+			},
+			expectedResponse: admissionv1beta1.AdmissionResponse{
+				Allowed: false,
+				Result: &metav1.Status{
+					Status: metav1.StatusFailure, Code: http.StatusNotAcceptable, Reason: metav1.StatusReasonNotAcceptable,
+					Message: "testFieldImmutable: Forbidden: field is immutable once set",
+				},
+			},
+		},
+		"should not allow setting immutable field if it is already set (v2)": {
+			inputRequest: admissionv1beta1.AdmissionRequest{
+				Kind: testTypeGVKV2,
+				OldObject: runtime.RawExtension{
+					Raw: []byte(fmt.Sprintf(`
+{
+	"apiVersion": "testgroup.testing.cert-manager.io/v2",
+	"kind": "TestType",
+	"metadata": {
+		"name": "testing",
+		"namespace": "abc",
+		"creationTimestamp": null
+	},
+	"testFieldImmutable": "oldvalue"
+}
+`)),
+				},
+				Object: runtime.RawExtension{
+					Raw: []byte(fmt.Sprintf(`
+{
+	"apiVersion": "testgroup.testing.cert-manager.io/v2",
+	"kind": "TestType",
+	"metadata": {
+		"name": "testing",
+		"namespace": "abc",
+		"creationTimestamp": null
+	},
+	"testFieldImmutable": "abc"
+}
 `)),
 				},
 			},