Skip to content

Commit

Permalink
fix(namereference): add configuration for new admission API
Browse files Browse the repository at this point in the history 
Include configuration for the new `ValidatingAdmissionPolicy` and
`ValidationAdmissionPolicyBinding` APIs so that Kustomize can natively configure
the `policyName` field in `ValidatingAdmissionPolicyBinding` with the transformed
name of `ValidatingAdmissionPolicy`.
  • Loading branch information
@stormqueen1990
stormqueen1990 committed May 20, 2024
1 parent e244b83 commit 3065eb3
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 0 deletions.
7 changes: 7 additions & 0 deletions api/internal/konfig/builtinpluginconsts/namereference.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,13 @@ nameReference:
fieldSpecs:
- path: spec/ingressClassName
kind: Ingress
- kind: ValidatingAdmissionPolicy
group: admissionregistration.k8s.io
fieldSpecs:
- path: spec/policyName
kind: ValidatingAdmissionPolicyBinding
group: admissionregistration.k8s.io
`
)

Expand Down
82 changes: 82 additions & 0 deletions api/krusty/namereference_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -786,3 +786,85 @@ spec:
name: tester
`)
}

func TestBackReferenceAdmissionPolicy(t *testing.T) {
th := kusttest_test.MakeHarness(t)
th.WriteK(".", `
resources:
- admission.yaml
namePrefix: a-prefix-
`)
th.WriteF("admission.yaml", `---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingAdmissionPolicy
metadata:
name: sample-policy
spec:
failurePolicy: Fail
paramKind:
apiVersion: apps/v1
kind: Deployment
matchConstraints:
resourceRules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
validations:
- expression: "!object.metadata.name.startsWith('test-')"
message: prefix 'test-' is not allowed
reason: Invalid
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingAdmissionPolicyBinding
metadata:
name: sample-policy-binding
spec:
policyName: sample-policy
validationActions:
- Deny
`)

m := th.Run(".", th.MakeDefaultOptions())
th.AssertActualEqualsExpected(m, `
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingAdmissionPolicy
metadata:
name: a-prefix-sample-policy
spec:
failurePolicy: Fail
matchConstraints:
resourceRules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
paramKind:
apiVersion: apps/v1
kind: Deployment
validations:
- expression: '!object.metadata.name.startsWith(''test-'')'
message: prefix 'test-' is not allowed
reason: Invalid
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingAdmissionPolicyBinding
metadata:
name: a-prefix-sample-policy-binding
spec:
policyName: a-prefix-sample-policy
validationActions:
- Deny
`)
}

0 comments on commit 3065eb3

Please sign in to comment.