refactor(defaulting webhook): breaking the original interface instead of introducing new interface

Signed-off-by: STRRL <[email protected]>

Author: STRRL

pkg/webhook/admission/admissiontest/util.go

@@ -25,86 +25,42 @@ import (
 // It implements the admission.Validator interface and
 // rejects all requests with the same configured error
 // or passes if ErrorToReturn is nil.
+// And it would always return configured warning messages WarningsToReturn.
 type FakeValidator struct {
 	// ErrorToReturn is the error for which the FakeValidator rejects all requests
 	ErrorToReturn error `json:"errorToReturn,omitempty"`
 	// GVKToReturn is the GroupVersionKind that the webhook operates on
 	GVKToReturn schema.GroupVersionKind
-}
-
-// ValidateCreate implements admission.Validator.
-func (v *FakeValidator) ValidateCreate() error {
-	return v.ErrorToReturn
-}
-
-// ValidateUpdate implements admission.Validator.
-func (v *FakeValidator) ValidateUpdate(old runtime.Object) error {
-	return v.ErrorToReturn
-}
-
-// ValidateDelete implements admission.Validator.
-func (v *FakeValidator) ValidateDelete() error {
-	return v.ErrorToReturn
-}
-
-// GetObjectKind implements admission.Validator.
-func (v *FakeValidator) GetObjectKind() schema.ObjectKind { return v }
-
-// DeepCopyObject implements admission.Validator.
-func (v *FakeValidator) DeepCopyObject() runtime.Object {
-	return &FakeValidator{ErrorToReturn: v.ErrorToReturn, GVKToReturn: v.GVKToReturn}
-}
-
-// GroupVersionKind implements admission.Validator.
-func (v *FakeValidator) GroupVersionKind() schema.GroupVersionKind {
-	return v.GVKToReturn
-}
-
-// SetGroupVersionKind implements admission.Validator.
-func (v *FakeValidator) SetGroupVersionKind(gvk schema.GroupVersionKind) {
-	v.GVKToReturn = gvk
-}
-
-// FakeValidatorWarn provides fake validating webhook functionality for testing
-// It implements the admission.ValidatorWarn interface and
-// rejects all requests with the same configured error
-// or passes if ErrorToReturn is nil.
-// And it would always return configured warning messages WarningsToReturn.
-type FakeValidatorWarn struct {
-	// ErrorToReturn is the error for which the FakeValidatorWarn rejects all requests
-	ErrorToReturn error `json:"ErrorToReturn,omitempty"`
-	// GVKToReturn is the GroupVersionKind that the webhook operates on
-	GVKToReturn schema.GroupVersionKind
-	// WarningsToReturn is the warnings for FakeValidatorWarn returns to all requests
+	// WarningsToReturn is the warnings for FakeValidator returns to all requests
 	WarningsToReturn []string
 }
 
-func (v *FakeValidatorWarn) ValidateCreate() (warnings []string, err error) {
+func (v *FakeValidator) ValidateCreate() (warnings []string, err error) {
 	return v.WarningsToReturn, v.ErrorToReturn
 }
 
-func (v *FakeValidatorWarn) ValidateUpdate(old runtime.Object) (warnings []string, err error) {
+func (v *FakeValidator) ValidateUpdate(old runtime.Object) (warnings []string, err error) {
 	return v.WarningsToReturn, v.ErrorToReturn
 }
 
-func (v *FakeValidatorWarn) ValidateDelete() (warnings []string, err error) {
+func (v *FakeValidator) ValidateDelete() (warnings []string, err error) {
 	return v.WarningsToReturn, v.ErrorToReturn
 }
 
-func (v *FakeValidatorWarn) SetGroupVersionKind(kind schema.GroupVersionKind) {
+func (v *FakeValidator) SetGroupVersionKind(kind schema.GroupVersionKind) {
 	v.GVKToReturn = kind
 }
 
-func (v *FakeValidatorWarn) GroupVersionKind() schema.GroupVersionKind {
+func (v *FakeValidator) GroupVersionKind() schema.GroupVersionKind {
 	return v.GVKToReturn
 }
 
-func (v *FakeValidatorWarn) GetObjectKind() schema.ObjectKind {
+func (v *FakeValidator) GetObjectKind() schema.ObjectKind {
 	return v
 }
 
-func (v *FakeValidatorWarn) DeepCopyObject() runtime.Object {
-	return &FakeValidatorWarn{ErrorToReturn: v.ErrorToReturn,
+func (v *FakeValidator) DeepCopyObject() runtime.Object {
+	return &FakeValidator{ErrorToReturn: v.ErrorToReturn,
 		GVKToReturn:      v.GVKToReturn,
 		WarningsToReturn: v.WarningsToReturn,
 	}

pkg/webhook/admission/validator.go

@@ -19,6 +19,7 @@ package admission
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net/http"
 
 	v1 "k8s.io/api/admission/v1"
@@ -29,9 +30,9 @@ import (
 // Validator defines functions for validating an operation.
 type Validator interface {
 	runtime.Object
-	ValidateCreate() error
-	ValidateUpdate(old runtime.Object) error
-	ValidateDelete() error
+	ValidateCreate() ([]string, error)
+	ValidateUpdate(old runtime.Object) ([]string, error)
+	ValidateDelete() ([]string, error)
 }
 
 // ValidatingWebhookFor creates a new Webhook for validating the provided type.
@@ -55,28 +56,26 @@ func (h *validatingHandler) Handle(ctx context.Context, req Request) Response {
 		panic("validator should never be nil")
 	}
 
+	ctx = NewContextWithRequest(ctx, req)
+
 	// Get the object in the request
 	obj := h.validator.DeepCopyObject().(Validator)
-	if req.Operation == v1.Create {
-		err := h.decoder.Decode(req, obj)
-		if err != nil {
-			return Errored(http.StatusBadRequest, err)
-		}
 
-		err = obj.ValidateCreate()
+	var err error
+	var warnings []string
+
+	switch req.Operation {
+	case v1.Create:
+		err = h.decoder.Decode(req, obj)
 		if err != nil {
-			var apiStatus apierrors.APIStatus
-			if errors.As(err, &apiStatus) {
-				return validationResponseFromStatus(false, apiStatus.Status())
-			}
-			return Denied(err.Error())
+			return Errored(http.StatusBadRequest, err)
 		}
-	}
 
-	if req.Operation == v1.Update {
+		warnings, err = obj.ValidateCreate()
+	case v1.Update:
 		oldObj := obj.DeepCopyObject()
 
-		err := h.decoder.DecodeRaw(req.Object, obj)
+		err = h.decoder.DecodeRaw(req.Object, obj)
 		if err != nil {
 			return Errored(http.StatusBadRequest, err)
 		}
@@ -85,33 +84,26 @@ func (h *validatingHandler) Handle(ctx context.Context, req Request) Response {
 			return Errored(http.StatusBadRequest, err)
 		}
 
-		err = obj.ValidateUpdate(oldObj)
-		if err != nil {
-			var apiStatus apierrors.APIStatus
-			if errors.As(err, &apiStatus) {
-				return validationResponseFromStatus(false, apiStatus.Status())
-			}
-			return Denied(err.Error())
-		}
-	}
-
-	if req.Operation == v1.Delete {
+		warnings, err = obj.ValidateUpdate(oldObj)
+	case v1.Delete:
 		// In reference to PR: https://github.com/kubernetes/kubernetes/pull/76346
 		// OldObject contains the object being deleted
-		err := h.decoder.DecodeRaw(req.OldObject, obj)
+		err = h.decoder.DecodeRaw(req.OldObject, obj)
 		if err != nil {
 			return Errored(http.StatusBadRequest, err)
 		}
 
-		err = obj.ValidateDelete()
-		if err != nil {
-			var apiStatus apierrors.APIStatus
-			if errors.As(err, &apiStatus) {
-				return validationResponseFromStatus(false, apiStatus.Status())
-			}
-			return Denied(err.Error())
-		}
+		warnings, err = obj.ValidateDelete()
+	default:
+		return Errored(http.StatusBadRequest, fmt.Errorf("unknown operation request %q", req.Operation))
 	}
 
-	return Allowed("")
+	if err != nil {
+		var apiStatus apierrors.APIStatus
+		if errors.As(err, &apiStatus) {
+			return validationResponseFromStatus(false, apiStatus.Status())
+		}
+		return Denied(err.Error()).WithWarnings(warnings...)
+	}
+	return Allowed("").WithWarnings(warnings...)
 }

pkg/webhook/admission/validator_custom.go

@@ -29,9 +29,9 @@ import (
 
 // CustomValidator defines functions for validating an operation.
 type CustomValidator interface {
-	ValidateCreate(ctx context.Context, obj runtime.Object) error
-	ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) error
-	ValidateDelete(ctx context.Context, obj runtime.Object) error
+	ValidateCreate(ctx context.Context, obj runtime.Object) ([]string, error)
+	ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) ([]string, error)
+	ValidateDelete(ctx context.Context, obj runtime.Object) ([]string, error)
 }
 
 // WithCustomValidator creates a new Webhook for validating the provided type.
@@ -65,6 +65,8 @@ func (h *validatorForType) Handle(ctx context.Context, req Request) Response {
 	obj := h.object.DeepCopyObject()
 
 	var err error
+	var warnings []string
+
 	switch req.Operation {
 	case v1.Connect:
 		// No validation for connect requests.
@@ -74,7 +76,7 @@ func (h *validatorForType) Handle(ctx context.Context, req Request) Response {
 			return Errored(http.StatusBadRequest, err)
 		}
 
-		err = h.validator.ValidateCreate(ctx, obj)
+		warnings, err = h.validator.ValidateCreate(ctx, obj)
 	case v1.Update:
 		oldObj := obj.DeepCopyObject()
 		if err := h.decoder.DecodeRaw(req.Object, obj); err != nil {
@@ -84,15 +86,15 @@ func (h *validatorForType) Handle(ctx context.Context, req Request) Response {
 			return Errored(http.StatusBadRequest, err)
 		}
 
-		err = h.validator.ValidateUpdate(ctx, oldObj, obj)
+		warnings, err = h.validator.ValidateUpdate(ctx, oldObj, obj)
 	case v1.Delete:
 		// In reference to PR: https://github.com/kubernetes/kubernetes/pull/76346
 		// OldObject contains the object being deleted
 		if err := h.decoder.DecodeRaw(req.OldObject, obj); err != nil {
 			return Errored(http.StatusBadRequest, err)
 		}
 
-		err = h.validator.ValidateDelete(ctx, obj)
+		warnings, err = h.validator.ValidateDelete(ctx, obj)
 	default:
 		return Errored(http.StatusBadRequest, fmt.Errorf("unknown operation request %q", req.Operation))
 	}
@@ -103,9 +105,9 @@ func (h *validatorForType) Handle(ctx context.Context, req Request) Response {
 		if errors.As(err, &apiStatus) {
 			return validationResponseFromStatus(false, apiStatus.Status())
 		}
-		return Denied(err.Error())
+		return Denied(err.Error()).WithWarnings(warnings...)
 	}
 
 	// Return allowed if everything succeeded.
-	return Allowed("")
+	return Allowed("").WithWarnings(warnings...)
 }