From 866d89ffb0dd8d65a2459ee8b33f0209523bc84e Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Tue, 14 Jan 2020 17:43:53 +0000
Subject: [PATCH] Update pkg/webhook to use internal types

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 pkg/webhook/BUILD.bazel                       |  4 +-
 pkg/webhook/certmanager.go                    | 16 +++----
 pkg/webhook/handlers/BUILD.bazel              |  1 +
 .../apis/testgroup/validation/BUILD.bazel     |  1 +
 .../apis/testgroup/validation/validation.go   |  9 ++--
 pkg/webhook/handlers/validation_test.go       | 48 ++++++++++++++++++-
 6 files changed, 64 insertions(+), 15 deletions(-)

diff --git a/pkg/webhook/BUILD.bazel b/pkg/webhook/BUILD.bazel
index ee8c120bd..fc2735842 100644
--- a/pkg/webhook/BUILD.bazel
+++ b/pkg/webhook/BUILD.bazel
@@ -9,10 +9,10 @@ go_library(
     importpath = "github.com/jetstack/cert-manager/pkg/webhook",
     visibility = ["//visibility:public"],
     deps = [
-        "//pkg/apis/acme/v1alpha2:go_default_library",
-        "//pkg/apis/certmanager/v1alpha2:go_default_library",
+        "//pkg/internal/apis/acme:go_default_library",
         "//pkg/internal/apis/acme/install:go_default_library",
         "//pkg/internal/apis/acme/validation:go_default_library",
+        "//pkg/internal/apis/certmanager:go_default_library",
         "//pkg/internal/apis/certmanager/install:go_default_library",
         "//pkg/internal/apis/certmanager/validation:go_default_library",
         "//pkg/internal/apis/meta/install:go_default_library",
diff --git a/pkg/webhook/certmanager.go b/pkg/webhook/certmanager.go
index 5bf500102..a2e3fe152 100644
--- a/pkg/webhook/certmanager.go
+++ b/pkg/webhook/certmanager.go
@@ -19,20 +19,20 @@ package webhook
 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 
-	cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1alpha2"
-	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2"
+	cmacme "github.com/jetstack/cert-manager/pkg/internal/apis/acme"
 	acmeval "github.com/jetstack/cert-manager/pkg/internal/apis/acme/validation"
+	cmapi "github.com/jetstack/cert-manager/pkg/internal/apis/certmanager"
 	"github.com/jetstack/cert-manager/pkg/internal/apis/certmanager/validation"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers"
 )
 
 var Validators = map[schema.GroupKind]handlers.Validator{
-	gk(cmapi.SchemeGroupVersion, cmapi.CertificateKind):        certificateValidator,
-	gk(cmapi.SchemeGroupVersion, cmapi.CertificateRequestKind): certificateRequestValidator,
-	gk(cmapi.SchemeGroupVersion, cmapi.IssuerKind):             issuerValidator,
-	gk(cmapi.SchemeGroupVersion, cmapi.ClusterIssuerKind):      clusterIssuerValidator,
-	gk(cmacme.SchemeGroupVersion, cmacme.OrderKind):            orderValidator,
-	gk(cmacme.SchemeGroupVersion, cmacme.ChallengeKind):        challengeValidator,
+	gk(cmapi.SchemeGroupVersion, "Certificate"):        certificateValidator,
+	gk(cmapi.SchemeGroupVersion, "CertificateRequest"): certificateRequestValidator,
+	gk(cmapi.SchemeGroupVersion, "Issuer"):             issuerValidator,
+	gk(cmapi.SchemeGroupVersion, "ClusterIssuer"):      clusterIssuerValidator,
+	gk(cmacme.SchemeGroupVersion, "Order"):             orderValidator,
+	gk(cmacme.SchemeGroupVersion, "Challenge"):         challengeValidator,
 }
 
 var (
diff --git a/pkg/webhook/handlers/BUILD.bazel b/pkg/webhook/handlers/BUILD.bazel
index bda8504c2..50eecb9f6 100644
--- a/pkg/webhook/handlers/BUILD.bazel
+++ b/pkg/webhook/handlers/BUILD.bazel
@@ -37,6 +37,7 @@ go_test(
         "//pkg/webhook/handlers/testdata/apis/testgroup:go_default_library",
         "//pkg/webhook/handlers/testdata/apis/testgroup/install:go_default_library",
         "//pkg/webhook/handlers/testdata/apis/testgroup/v1:go_default_library",
+        "//pkg/webhook/handlers/testdata/apis/testgroup/v2:go_default_library",
         "//pkg/webhook/handlers/testdata/apis/testgroup/validation:go_default_library",
         "@com_github_mattbaird_jsonpatch//:go_default_library",
         "@io_k8s_api//admission/v1beta1:go_default_library",
diff --git a/pkg/webhook/handlers/testdata/apis/testgroup/validation/BUILD.bazel b/pkg/webhook/handlers/testdata/apis/testgroup/validation/BUILD.bazel
index 5feb53a62..d72f9e6da 100644
--- a/pkg/webhook/handlers/testdata/apis/testgroup/validation/BUILD.bazel
+++ b/pkg/webhook/handlers/testdata/apis/testgroup/validation/BUILD.bazel
@@ -6,6 +6,7 @@ go_library(
     importpath = "github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/validation",
     visibility = ["//visibility:public"],
     deps = [
+        "//pkg/webhook/handlers/testdata/apis/testgroup:go_default_library",
         "//pkg/webhook/handlers/testdata/apis/testgroup/v1:go_default_library",
         "@io_k8s_apimachinery//pkg/runtime:go_default_library",
         "@io_k8s_apimachinery//pkg/util/validation/field:go_default_library",
diff --git a/pkg/webhook/handlers/testdata/apis/testgroup/validation/validation.go b/pkg/webhook/handlers/testdata/apis/testgroup/validation/validation.go
index 0c93c4020..349960f69 100644
--- a/pkg/webhook/handlers/testdata/apis/testgroup/validation/validation.go
+++ b/pkg/webhook/handlers/testdata/apis/testgroup/validation/validation.go
@@ -20,11 +20,12 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
-	v1 "github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v1"
+	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup"
+	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v1"
 )
 
 func ValidateTestType(obj runtime.Object) field.ErrorList {
-	testType := obj.(*v1.TestType)
+	testType := obj.(*testgroup.TestType)
 	el := field.ErrorList{}
 	if testType.TestField == v1.TestFieldValueNotAllowed {
 		el = append(el, field.Invalid(field.NewPath("testField"), testType.TestField, "invalid value"))
@@ -33,8 +34,8 @@ func ValidateTestType(obj runtime.Object) field.ErrorList {
 }
 
 func ValidateTestTypeUpdate(oldObj, newObj runtime.Object) field.ErrorList {
-	old, ok := oldObj.(*v1.TestType)
-	new := newObj.(*v1.TestType)
+	old, ok := oldObj.(*testgroup.TestType)
+	new := newObj.(*testgroup.TestType)
 	// if oldObj is not set, the Update operation is always valid.
 	if !ok || old == nil {
 		return nil
diff --git a/pkg/webhook/handlers/validation_test.go b/pkg/webhook/handlers/validation_test.go
index f746bcc8e..631a25160 100644
--- a/pkg/webhook/handlers/validation_test.go
+++ b/pkg/webhook/handlers/validation_test.go
@@ -31,6 +31,7 @@ import (
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/install"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v1"
+	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/v2"
 	"github.com/jetstack/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/validation"
 )
 
@@ -40,13 +41,18 @@ func TestFuncBackedValidator(t *testing.T) {
 
 	log := klogr.New()
 	c := NewFuncBackedValidator(log, scheme, map[schema.GroupKind]Validator{
-		{Group: testgroup.GroupName, Kind: "TestType"}: ValidatorFunc(&v1.TestType{}, validation.ValidateTestType, validation.ValidateTestTypeUpdate),
+		{Group: testgroup.GroupName, Kind: "TestType"}: ValidatorFunc(&testgroup.TestType{}, validation.ValidateTestType, validation.ValidateTestTypeUpdate),
 	})
 	testTypeGVK := metav1.GroupVersionKind{
 		Group:   v1.SchemeGroupVersion.Group,
 		Version: v1.SchemeGroupVersion.Version,
 		Kind:    "TestType",
 	}
+	testTypeGVKV2 := metav1.GroupVersionKind{
+		Group:   v2.SchemeGroupVersion.Group,
+		Version: v2.SchemeGroupVersion.Version,
+		Kind:    "TestType",
+	}
 	tests := map[string]admissionTestT{
 		"should not allow invalid value for 'testField' field": {
 			inputRequest: admissionv1beta1.AdmissionRequest{
@@ -140,6 +146,46 @@ func TestFuncBackedValidator(t *testing.T) {
 	},
 	"testFieldImmutable": "abc"
 }
+`)),
+				},
+			},
+			expectedResponse: admissionv1beta1.AdmissionResponse{
+				Allowed: false,
+				Result: &metav1.Status{
+					Status: metav1.StatusFailure, Code: http.StatusNotAcceptable, Reason: metav1.StatusReasonNotAcceptable,
+					Message: "testFieldImmutable: Forbidden: field is immutable once set",
+				},
+			},
+		},
+		"should not allow setting immutable field if it is already set (v2)": {
+			inputRequest: admissionv1beta1.AdmissionRequest{
+				Kind: testTypeGVKV2,
+				OldObject: runtime.RawExtension{
+					Raw: []byte(fmt.Sprintf(`
+{
+	"apiVersion": "testgroup.testing.cert-manager.io/v2",
+	"kind": "TestType",
+	"metadata": {
+		"name": "testing",
+		"namespace": "abc",
+		"creationTimestamp": null
+	},
+	"testFieldImmutable": "oldvalue"
+}
+`)),
+				},
+				Object: runtime.RawExtension{
+					Raw: []byte(fmt.Sprintf(`
+{
+	"apiVersion": "testgroup.testing.cert-manager.io/v2",
+	"kind": "TestType",
+	"metadata": {
+		"name": "testing",
+		"namespace": "abc",
+		"creationTimestamp": null
+	},
+	"testFieldImmutable": "abc"
+}
 `)),
 				},
 			},