Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Call createValidation from subresource handlers #72951

Closed
wants to merge 1 commit into from
Closed

Call createValidation from subresource handlers #72951

wants to merge 1 commit into from

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Jan 16, 2019

What type of PR is this?
/kind bug

What this PR does / why we need it:
createValidation (which is what calls CREATE admission) was not being called for some custom subresources.

Special notes for your reviewer:
Also moves a couple subresource createValidation calls to occur after API validation, matching behavior of standard resources.

Does this PR introduce a user-facing change?:

Admission webhooks are now properly called for CREATE operations on the following resources: deployments/rollback, localsubjectaccessreviews, selfsubjectaccessreviews, selfsubjectrulesreviews, pods/eviction, tokenreviews

/sig api-machinery
/sig auth
/assign @mikedanese @deads2k

/hold

need to think through the implications of calling admission with the auth[nz] review resources

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jan 16, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 16, 2019
@k8s-ci-robot k8s-ci-robot requested review from deads2k and dims January 16, 2019 03:00
@krmayankk
Copy link

@liggitt what does CREATE operation on subresource pod/eviction mean ? Can subresources be created ?

@fedebongio
Copy link
Contributor

/assign @mbohlool @roycaihw

@mikedanese
Copy link
Member

mikedanese commented Jan 22, 2019
edited
Loading

This is such a niche requirement of subresources that it seems fairly unlikely that this will be caught in code reviews. Is this required for the common subresources (/status, /spec, /scale) or just resource specific subresources that support create?

@liggitt
Copy link
Member Author

liggitt commented Jan 22, 2019

Is this required for the common subresources (/status, /spec, /scale) or just resource specific subresources that support create?

Yes, though from sweeping the code, when createValidation/updateValidation gets called for status and scale subresources, it is passed the object whose status is being updated or which is being scaled (as opposed to the autoscalingv1.Scale object)

@liggitt liggitt added this to the v1.15 milestone Mar 7, 2019
@rmohr rmohr mentioned this pull request Mar 8, 2019
Closed
@liggitt liggitt mentioned this pull request Apr 22, 2019
Closed
5 tasks
@liggitt liggitt closed this Apr 23, 2019
@liggitt
Copy link
Member Author

liggitt commented Apr 23, 2019

closed in favor of #76910

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krmayankk krmayankk krmayankk left review comments

@deads2k deads2k Awaiting requested review from deads2k

@dims dims Awaiting requested review from dims

Assignees

@mbohlool mbohlool

@mikedanese mikedanese

@roycaihw roycaihw

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/bug Categorizes issue or PR as related to a bug. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.15
Development

Successfully merging this pull request may close these issues.
8 participants
@liggitt @k8s-ci-robot @krmayankk @fedebongio @mikedanese @mbohlool @roycaihw @deads2k