Admission Controller example panics on objects with no name

[Alibirb]

Current and expected behavior

If the admission controller example is given an object without a "name" attribute, it will panic on this line (or the similar line for when it rejects the object):
info!("accepted: {:?} on Foo {}", req.operation, obj.name());

This is because the name() method is only supposed to be used when you KNOW that the object has a name set (which is not the case e.g. for Pods created by a ReplicaSet, which will have the generate_name field set instead).

I know it's just an example application, but the lack of name seems like a common enough condition to run into, so the example ought to start people off on the right foot in terms of how to use the name() method.

Possible solution

Check whether a name is set, and if not, use generate_name if that exists, or leave the name blank if there is none.

Additional context

No response

Environment

$ kubectl version --short
Client Version: v1.20.5
Server Version: v1.23.3

Configuration and features

No response

Affected crates

No response

Would you like to work on fixing this bug?

yes

[nightkr]

Is this something you have ran into in the wild? I agree that it's not great (and I'd like to deprecate name() entirely, see #634), but I'd expect the API server to reject unnamed objects before they reach the admission controller in the first place.

[Alibirb]

Yes, I ran into this on a shared development cluster at work. According to the docs, the name field can be missing as long as generate_name is present, and then Kubernetes will generate a name for it when it actually creates the resource.

[clux]

Thanks for the report. I have reworked the ResourceExt trait in #945 to add a .name_or_generatename() (provisionally) and start work on .name() deprecation in favour of .name_unchecked().

EDIT: just .name_any now.

[clux]

By the way, what happens when you apply an object without either a name or generateName? Is that passed through to the admission controller or is that handled by Kubernetes first?

[Alibirb]

I tried applying a Pod without a name or generateName, and Kubernetes rejected it before it reached the webhook.

Also, I agree with renaming .name() to .name_unchecked(). That way you're reminded every time you use it that you need to be careful with it.