diff --git a/go.mod b/go.mod index f1b4fcd..f8031c5 100644 --- a/go.mod +++ b/go.mod @@ -15,9 +15,11 @@ require ( github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.11.0 github.com/prometheus/client_model v0.2.0 - github.com/prometheus/common v0.28.0 // indirect + github.com/prometheus/common v0.29.0 // indirect + go.uber.org/atomic v1.8.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.17.0 + golang.org/x/net v0.0.0-20210610132358-84b48f89b13b // indirect golang.org/x/sys v0.0.0-20210608053332-aa57babbf139 // indirect gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect k8s.io/api v0.21.1 diff --git a/go.sum b/go.sum index c5c2a6a..d9d2f84 100644 --- a/go.sum +++ b/go.sum @@ -239,6 +239,8 @@ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB8 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.28.0 h1:vGVfV9KrDTvWt5boZO0I19g2E3CsWfpPPKZM9dt3mEw= github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.29.0 h1:3jqPBvKT4OHAbje2Ql7KeaaSicDBCxMYwEJU1zRJceE= +github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= @@ -271,6 +273,8 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.8.0 h1:CUhrE4N1rqSE6FM9ecihEjRkLQu8cDfgDyoOs83mEY4= +go.uber.org/atomic v1.8.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec= go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= @@ -348,6 +352,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210610132358-84b48f89b13b h1:k+E048sYJHyVnsr1GDrRZWQ32D2C7lWs9JRc0bel53A= +golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/pkg/webhook/handler/unmarshal_req_obj.go b/pkg/webhook/handler/unmarshal_req_obj.go index 7139eee..33d965e 100644 --- a/pkg/webhook/handler/unmarshal_req_obj.go +++ b/pkg/webhook/handler/unmarshal_req_obj.go @@ -5,6 +5,7 @@ import ( "github.com/dbsystel/kewl/pkg/webhook/facade" "github.com/go-logr/logr" "github.com/pkg/errors" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" ) @@ -34,6 +35,8 @@ func (u *unmarshalReqObjImpl) HandleReview(_ logr.Logger, review facade.Admissio if err := u.deserializeRawExtension(schemaKind, request.OldObject()); err != nil { return errors.Wrapf(err, "could not deserialize request old object: %v", kind) } + u.ensureNamespaceSet(review.Request().Object().Object, review.Request().Namespace()) + u.ensureNamespaceSet(review.Request().OldObject().Object, review.Request().Namespace()) return nil } @@ -48,3 +51,18 @@ func (u *unmarshalReqObjImpl) deserializeRawExtension(gvk schema.GroupVersionKin ext.Object = deserialized return nil } + +func (u *unmarshalReqObjImpl) ensureNamespaceSet(obj runtime.Object, namespace string) { + metaAcc, ok := obj.(v1.ObjectMetaAccessor) + if !ok { + return + } + objMeta := metaAcc.GetObjectMeta() + if objMeta == nil { + return + } + if len(objMeta.GetNamespace()) > 0 { + return + } + objMeta.SetNamespace(namespace) +} diff --git a/pkg/webhook/handler/unmarshal_req_obj_test.go b/pkg/webhook/handler/unmarshal_req_obj_test.go index 4324442..5c21142 100644 --- a/pkg/webhook/handler/unmarshal_req_obj_test.go +++ b/pkg/webhook/handler/unmarshal_req_obj_test.go @@ -38,6 +38,15 @@ var _ = Describe("UnmarshalReqObj test", func() { Expect(review.Request.Object.Object).To(BeEquivalentTo(corev1_test.InvalidPod)) Expect(review.Request.OldObject.Object).To(BeEquivalentTo(corev1_test.ValidPod)) }) + It("should set namespace from review", func() { + review := admission_test.V1DetachedPod() + review.Request.Namespace = "blubb" + Expect(InvokeHandler(sut, review)).To(Not(HaveOccurred())) + Expect(review.Request.Object.Object).To(BeAssignableToTypeOf(&corev1.Pod{})) + Expect(review.Request.Object.Object.(*corev1.Pod).Namespace).To(Equal(review.Request.Namespace)) + Expect(review.Request.OldObject.Object).To(BeAssignableToTypeOf(&corev1.Pod{})) + Expect(review.Request.OldObject.Object.(*corev1.Pod).Namespace).To(Equal(review.Request.Namespace)) + }) It("should provide handler type", func() { Expect(sut.HandlerType()).To(Equal(handler.TypeOther)) }) diff --git a/testing/admission_test/v1.go b/testing/admission_test/v1.go index d565508..a56cbbc 100644 --- a/testing/admission_test/v1.go +++ b/testing/admission_test/v1.go @@ -69,5 +69,8 @@ var V1ValidPod = NewV1Review(corev1_test.ValidPod, corev1_test.InvalidPod) // V1InvalidPod is the v1.AdmissionReview for corev1_test.InvalidPod var V1InvalidPod = NewV1Review(corev1_test.InvalidPod, corev1_test.ValidPod) +// V1DetachedPod is the v1.AdmissionReview for corev1_test.DetachedPod +var V1DetachedPod = NewV1Review(corev1_test.DetachedPod, corev1_test.DetachedPod) + // V1BadPod is the v1.AdmissionReview for corev1_test.BadPod containing an unknown object var V1BadPod = NewV1Review(corev1_test.BadPod, nil) diff --git a/testing/admission_test/v1beta1.go b/testing/admission_test/v1beta1.go index 9c42ceb..cbbdb12 100644 --- a/testing/admission_test/v1beta1.go +++ b/testing/admission_test/v1beta1.go @@ -56,5 +56,8 @@ var V1Beta1ValidPod = NewV1Beta1Review(corev1_test.ValidPod, nil) // V1Beta1InvalidPod is the v1beta1.AdmissionReview for corev1_test.InvalidPod var V1Beta1InvalidPod = NewV1Beta1Review(corev1_test.InvalidPod, corev1_test.ValidPod) +// V1Beta1DetachedPod is the v1beta1.AdmissionReview for corev1_test.DetachedPod +var V1Beta1DetachedPod = NewV1Beta1Review(corev1_test.DetachedPod, corev1_test.DetachedPod) + // V1Beta1BadPod is the v1.AdmissionReview for corev1_test.BadPod var V1Beta1BadPod = NewV1Beta1Review(corev1_test.BadPod, nil) diff --git a/testing/corev1_test/example_pods.go b/testing/corev1_test/example_pods.go index 01dd77a..e8f27e7 100644 --- a/testing/corev1_test/example_pods.go +++ b/testing/corev1_test/example_pods.go @@ -59,17 +59,24 @@ func NewBrokenPod(name string) *Pod { }, ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: Namespace}} } +func NewDetachedPod(name string) *Pod { + return &Pod{TypeMeta: PodTypeMeta, ObjectMeta: metav1.ObjectMeta{Name: name}} +} + // ErrorPod is a pod which should create an error on handling var ErrorPod = NewPod("error") // PanicPod is a pod which should create a panic on handling var PanicPod = NewPod("panic") -// ValidPod which is considered valid on handling +// ValidPod is a pod which is considered valid on handling var ValidPod = NewPod("valid") -// InvalidPod which is considered invalid on handling +// InvalidPod is a pod which is considered invalid on handling var InvalidPod = NewPod("invalid") +// DetachedPod is a pod which is not attached to a namespace +var DetachedPod = NewDetachedPod("detached") + // BadPod is a pod which does not serialize correctly var BadPod = NewBrokenPod("broken")