5299404082

Committed 17 Jun 2023 05:48PM UTC coverage: 46.084% (+0.3%) from 45.747%

Build # 5299404082

Build Type

Pull #151

github

Committed by

web-flow

Commit Message

Merge 95c1b3dd7 into 1d86e0625

Pull Request Pull Request #151: chore(deps): k8s.io/cli-runtime@v0.27.2 && k8s.io/client-go@v0.27.2

Run Details

57 of 57 new or added lines in 4 files covered. (100.0%)

959 of 2081 relevant lines covered (46.08%)

1.93 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

85.37

/internal/api/v1alpha1/exec_access_request_webhook.go

/*
Copyright 2022 Matt Wise.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha1

import (
        "fmt"

        "k8s.io/apimachinery/pkg/runtime"
        ctrl "sigs.k8s.io/controller-runtime"
        logf "sigs.k8s.io/controller-runtime/pkg/log"
        "sigs.k8s.io/controller-runtime/pkg/webhook/admission"

        "github.com/diranged/oz/internal/webhook"
)

// log is for logging in this package.
var execaccessrequestlog = logf.Log.WithName("execaccessrequest-resource")

// SetupWebhookWithManager configures the webhook service in the Manager to
// accept MutatingWebhookConfiguration and ValidatingWebhookConfiguration calls
// from the Kubernetes API server.
func (r *ExecAccessRequest) SetupWebhookWithManager(mgr ctrl.Manager) error {
        if err := webhook.RegisterContextualDefaulter(r, mgr); err != nil {
                panic(err)
        }
        if err := webhook.RegisterContextualValidator(r, mgr); err != nil {
                panic(err)
        }

        // boilerplate
        return ctrl.NewWebhookManagedBy(mgr).
                For(r).
                Complete()
}

//+kubebuilder:webhook:path=/mutate-crds-wizardofoz-co-v1alpha1-execaccessrequest,mutating=true,failurePolicy=fail,sideEffects=None,groups=crds.wizardofoz.co,resources=execaccessrequests,verbs=create;update,versions=v1alpha1,name=mexecaccessrequest.kb.io,admissionReviewVersions=v1

var _ webhook.IContextuallyDefaultableObject = &ExecAccessRequest{}

// Default implements webhook.Defaulter so a webhook will be registered for the type
func (r *ExecAccessRequest) Default(_ admission.Request) error {
        return nil
}

//+kubebuilder:webhook:path=/validate-crds-wizardofoz-co-v1alpha1-execaccessrequest,mutating=false,failurePolicy=fail,sideEffects=None,groups=crds.wizardofoz.co,resources=execaccessrequests,verbs=create;update;delete,versions=v1alpha1,name=vexecaccessrequest.kb.io,admissionReviewVersions=v1

var _ webhook.IContextuallyValidatableObject = &ExecAccessRequest{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *ExecAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error) {
        warnings := admission.Warnings{}
        if req.UserInfo.Username != "" {
                execaccessrequestlog.Info(
                        fmt.Sprintf("Create ExecAccessRequest from %s", req.UserInfo.Username),
                )
        } else {
                // TODO: Make this fail, after we have confidence in the code in a live environment.
                w := "WARNING - Create ExecAccessRequest with missing user identity"
                warnings = append(warnings, w)
                execaccessrequestlog.Info(w)
        }
        return warnings, nil
}

// ValidateUpdate prevents immutable updates to the ExecAccessRequest.
func (r *ExecAccessRequest) ValidateUpdate(_ admission.Request, old runtime.Object) (admission.Warnings, error) {
        execaccessrequestlog.Info("validate update", "name", r.Name)

        // https://stackoverflow.com/questions/70650677/manage-immutable-fields-in-kubebuilder-validating-webhook
        oldRequest, _ := old.(*ExecAccessRequest)
        if r.Spec.TargetPod != oldRequest.Spec.TargetPod {
                return nil, fmt.Errorf(
                        "error - Spec.TargetPod is an immutable field, create a new PodAccessRequest instead",
                )
        }
        return nil, nil
}

// ValidateDelete implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type
func (r *ExecAccessRequest) ValidateDelete(req admission.Request) (admission.Warnings, error) {
        execaccessrequestlog.Info(
                fmt.Sprintf("Delete ExecAccessRequest from %s", req.UserInfo.Username),
        )
        return nil, nil
}

1	/*
2	Copyright 2022 Matt Wise.
3
4	Licensed under the Apache License, Version 2.0 (the "License");
5	you may not use this file except in compliance with the License.
6	You may obtain a copy of the License at
7
8	http://www.apache.org/licenses/LICENSE-2.0
9
10	Unless required by applicable law or agreed to in writing, software
11	distributed under the License is distributed on an "AS IS" BASIS,
12	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	See the License for the specific language governing permissions and
14	limitations under the License.
15	*/
16
17	package v1alpha1
18
19	import (
20	"fmt"
21
22	"k8s.io/apimachinery/pkg/runtime"
23	ctrl "sigs.k8s.io/controller-runtime"
24	logf "sigs.k8s.io/controller-runtime/pkg/log"
25	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
26
27	"github.com/diranged/oz/internal/webhook"
28	)
29
30	// log is for logging in this package.
31	var execaccessrequestlog = logf.Log.WithName("execaccessrequest-resource")
32
33	// SetupWebhookWithManager configures the webhook service in the Manager to
34	// accept MutatingWebhookConfiguration and ValidatingWebhookConfiguration calls
35	// from the Kubernetes API server.
36	func (r *ExecAccessRequest) SetupWebhookWithManager(mgr ctrl.Manager) error {	1✔
37	if err := webhook.RegisterContextualDefaulter(r, mgr); err != nil {	1✔
38	panic(err)	×
39	}
40	if err := webhook.RegisterContextualValidator(r, mgr); err != nil {	1✔
41	panic(err)	×
42	}
43
44	// boilerplate
45	return ctrl.NewWebhookManagedBy(mgr).	1✔
46	For(r).	1✔
47	Complete()	1✔
48	}
49
50	//+kubebuilder:webhook:path=/mutate-crds-wizardofoz-co-v1alpha1-execaccessrequest,mutating=true,failurePolicy=fail,sideEffects=None,groups=crds.wizardofoz.co,resources=execaccessrequests,verbs=create;update,versions=v1alpha1,name=mexecaccessrequest.kb.io,admissionReviewVersions=v1
51
52	var _ webhook.IContextuallyDefaultableObject = &ExecAccessRequest{}
53
54	// Default implements webhook.Defaulter so a webhook will be registered for the type
55	func (r *ExecAccessRequest) Default(_ admission.Request) error {	2✔
56	return nil	2✔
57	}	2✔
58
59	//+kubebuilder:webhook:path=/validate-crds-wizardofoz-co-v1alpha1-execaccessrequest,mutating=false,failurePolicy=fail,sideEffects=None,groups=crds.wizardofoz.co,resources=execaccessrequests,verbs=create;update;delete,versions=v1alpha1,name=vexecaccessrequest.kb.io,admissionReviewVersions=v1
60
61	var _ webhook.IContextuallyValidatableObject = &ExecAccessRequest{}
62
63	// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
64	func (r *ExecAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error) {	3✔
65	warnings := admission.Warnings{}	3✔
66	if req.UserInfo.Username != "" {	5✔
67	execaccessrequestlog.Info(	2✔
68	fmt.Sprintf("Create ExecAccessRequest from %s", req.UserInfo.Username),	2✔
69	)	2✔
70	} else {	3✔
71	// TODO: Make this fail, after we have confidence in the code in a live environment.	1✔
72	w := "WARNING - Create ExecAccessRequest with missing user identity"	1✔
73	warnings = append(warnings, w)	1✔
74	execaccessrequestlog.Info(w)	1✔
75	}	1✔
76	return warnings, nil	3✔
77	}
78
79	// ValidateUpdate prevents immutable updates to the ExecAccessRequest.
80	func (r *ExecAccessRequest) ValidateUpdate(_ admission.Request, old runtime.Object) (admission.Warnings, error) {	3✔
81	execaccessrequestlog.Info("validate update", "name", r.Name)	3✔
82		3✔
83	// https://stackoverflow.com/questions/70650677/manage-immutable-fields-in-kubebuilder-validating-webhook	3✔
84	oldRequest, _ := old.(*ExecAccessRequest)	3✔
85	if r.Spec.TargetPod != oldRequest.Spec.TargetPod {	3✔
86	return nil, fmt.Errorf(	×
87	"error - Spec.TargetPod is an immutable field, create a new PodAccessRequest instead",	×
88	)	×
89	}	×
90	return nil, nil	3✔
91	}
92
93	// ValidateDelete implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type
94	func (r *ExecAccessRequest) ValidateDelete(req admission.Request) (admission.Warnings, error) {	1✔
95	execaccessrequestlog.Info(	1✔
96	fmt.Sprintf("Delete ExecAccessRequest from %s", req.UserInfo.Username),	1✔
97	)	1✔
98	return nil, nil	1✔
99	}	1✔

diranged / oz / 5299404082

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous