add noop admission.Update

kubernetes · Mar 6, 2024 · da39708 · da39708
1 parent 24bf29e
commit da39708
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 5 deletions.
diff --git a/plugin/pkg/admission/disableservicelinks/admission.go b/plugin/pkg/admission/disableservicelinks/admission.go
@@ -40,7 +40,7 @@ func Register(plugins *admission.Plugins) {
 // newDisableServiceLinks creates a new instance of the DisableServiceLinks admission controller.
 func newDisableServiceLinks() *plugin {
 	return &plugin{
-		Handler: admission.NewHandler(admission.Create),
+		Handler: admission.NewHandler(admission.Create, admission.Update),
 	}
 }
 
@@ -53,6 +53,13 @@ type plugin struct {
 
 // Admit updates the EnableServiceLinks of a pod and set it to false.
 func (p *plugin) Admit(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) error {
+	op := attributes.GetOperation()
+
+	// noop admission.Update for future support
+	if op == admission.Update {
+		return nil
+	}
+
 	// Ignore all calls to subresources or resources other than pods.
 	if len(attributes.GetSubresource()) != 0 || attributes.GetResource().GroupResource() != core.Resource("pods") {
 		return nil

diff --git a/plugin/pkg/admission/disableservicelinks/admission_test.go b/plugin/pkg/admission/disableservicelinks/admission_test.go
@@ -35,28 +35,45 @@ func TestAdmit(t *testing.T) {
 		description  string
 		requestedPod core.Pod
 		expectedPod  core.Pod
+		operation    admission.Operation
 	}{
 		{
-			description: "empty pod with default value of Spec.EnableServiceLinks",
+			description: "Create empty pod with default value of Spec.EnableServiceLinks",
 			requestedPod: core.Pod{
 				Spec: core.PodSpec{},
 			},
 			expectedPod: core.Pod{
 				Spec: core.PodSpec{EnableServiceLinks: ptr.To(false)},
 			},
+			operation: admission.Create,
 		},
 		{
-			description: "empty pod with Spec.EnableServiceLinks set to true",
+			description: "Create empty pod with Spec.EnableServiceLinks set to true",
 			requestedPod: core.Pod{
 				Spec: core.PodSpec{EnableServiceLinks: ptr.To(true)},
 			},
 			expectedPod: core.Pod{
 				Spec: core.PodSpec{EnableServiceLinks: ptr.To(false)},
 			},
+			operation: admission.Create,
+		},
+		{
+			description: "Update empty pod with Spec.EnableServiceLinks set to true",
+			requestedPod: core.Pod{
+				Spec: core.PodSpec{EnableServiceLinks: ptr.To(true)},
+			},
+			expectedPod: core.Pod{
+				Spec: core.PodSpec{EnableServiceLinks: ptr.To(true)},
+			},
+			operation: admission.Update,
 		},
 	}
 	for i, test := range tests {
-		err := plugin.Admit(context.TODO(), admission.NewAttributesRecord(&test.requestedPod, nil, core.Kind("Pod").WithVersion("version"), "foo", "name", core.Resource("pods").WithVersion("version"), "", "ignored", nil, false, nil), nil)
+		err := plugin.Admit(context.TODO(), admission.NewAttributesRecord(&test.requestedPod, nil,
+			core.Kind("Pod").WithVersion("version"), "foo", "name",
+			core.Resource("pods").WithVersion("version"), "", test.operation,
+			nil, false, nil), nil)
+
 		if err != nil {
 			t.Errorf("[%d: %s] unexpected error %v for pod %+v", i, test.description, err, test.requestedPod)
 		}
@@ -71,7 +88,7 @@ func TestHandles(t *testing.T) {
 	plugin := newDisableServiceLinks()
 	tests := map[admission.Operation]bool{
 		admission.Create:  true,
-		admission.Update:  false,
+		admission.Update:  true,
 		admission.Delete:  false,
 		admission.Connect: false,
 	}