Merge pull request kubernetes#55988 from caesarxuchao/rename-generic-webhook

Kubernetes Submit Queue · web-flow · commit 47a80424ed9d · 2017-11-18T20:28:23.000-08:00
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Rename generic webhook Ref #kubernetes/enhancements#492 A pure gred & sed change. The `GenericAdmissionWebhook` is renamed as `ValidatingAdmissionWebhook`. ```release-note The `GenericAdmissionWebhook` is renamed as `ValidatingAdmissionWebhook`. Please update you apiserver configuration file to use the new name to pass to the apiserver's `--admission-control` flag. ```
diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh
@@ -321,7 +321,7 @@ if [[ -z "${KUBE_ADMISSION_CONTROL:-}" ]]; then
     ADMISSION_CONTROL="${ADMISSION_CONTROL},PodSecurityPolicy"
   fi
   # ResourceQuota must come last, or a creation is recorded, but the pod may be forbidden.
-  ADMISSION_CONTROL="${ADMISSION_CONTROL},GenericAdmissionWebhook,ResourceQuota"
+  ADMISSION_CONTROL="${ADMISSION_CONTROL},ValidatingAdmissionWebhook,ResourceQuota"
 else
   ADMISSION_CONTROL=${KUBE_ADMISSION_CONTROL}
 fi
diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go
@@ -104,8 +104,8 @@ func TestAddFlags(t *testing.T) {
 			MinRequestTimeout:           1800,
 		},
 		Admission: &apiserveroptions.AdmissionOptions{
-			RecommendedPluginOrder: []string{"MutatingAdmissionWebhook", "NamespaceLifecycle", "Initializers", "GenericAdmissionWebhook"},
-			DefaultOffPlugins:      []string{"MutatingAdmissionWebhook", "Initializers", "GenericAdmissionWebhook"},
+			RecommendedPluginOrder: []string{"MutatingAdmissionWebhook", "NamespaceLifecycle", "Initializers", "ValidatingAdmissionWebhook"},
+			DefaultOffPlugins:      []string{"MutatingAdmissionWebhook", "Initializers", "ValidatingAdmissionWebhook"},
 			PluginNames:            []string{"AlwaysDeny"},
 			ConfigFile:             "/admission-control-config",
 			Plugins:                s.Admission.Plugins,
diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
@@ -419,7 +419,7 @@ function start_apiserver {
     fi
 
     # Admission Controllers to invoke prior to persisting objects in cluster
-    ADMISSION_CONTROL=MutatingAdmissionWebhook,Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount${security_admission},DefaultStorageClass,DefaultTolerationSeconds,GenericAdmissionWebhook,ResourceQuota
+    ADMISSION_CONTROL=MutatingAdmissionWebhook,Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount${security_admission},DefaultStorageClass,DefaultTolerationSeconds,ValidatingAdmissionWebhook,ResourceQuota
     # This is the default dir and filename where the apiserver will generate a self-signed cert
     # which should be able to be used as the CA to verify itself
 
diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go
@@ -50,13 +50,13 @@ import (
 
 const (
 	// Name of admission plug-in
-	PluginName = "GenericAdmissionWebhook"
+	PluginName = "ValidatingAdmissionWebhook"
 )
 
 // Register registers a plugin
 func Register(plugins *admission.Plugins) {
 	plugins.Register(PluginName, func(configFile io.Reader) (admission.Interface, error) {
-		plugin, err := NewGenericAdmissionWebhook(configFile)
+		plugin, err := NewValidatingAdmissionWebhook(configFile)
 		if err != nil {
 			return nil, err
 		}
@@ -71,8 +71,8 @@ type WebhookSource interface {
 	Webhooks() (*v1alpha1.ValidatingWebhookConfiguration, error)
 }
 
-// NewGenericAdmissionWebhook returns a generic admission webhook plugin.
-func NewGenericAdmissionWebhook(configFile io.Reader) (*GenericAdmissionWebhook, error) {
+// NewValidatingAdmissionWebhook returns a generic admission webhook plugin.
+func NewValidatingAdmissionWebhook(configFile io.Reader) (*ValidatingAdmissionWebhook, error) {
 	kubeconfigFile, err := config.LoadConfig(configFile)
 	if err != nil {
 		return nil, err
@@ -90,7 +90,7 @@ func NewGenericAdmissionWebhook(configFile io.Reader) (*GenericAdmissionWebhook,
 	cm.SetAuthenticationInfoResolver(authInfoResolver)
 	cm.SetServiceResolver(config.NewDefaultServiceResolver())
 
-	return &GenericAdmissionWebhook{
+	return &ValidatingAdmissionWebhook{
 		Handler: admission.NewHandler(
 			admission.Connect,
 			admission.Create,
@@ -101,8 +101,8 @@ func NewGenericAdmissionWebhook(configFile io.Reader) (*GenericAdmissionWebhook,
 	}, nil
 }
 
-// GenericAdmissionWebhook is an implementation of admission.Interface.
-type GenericAdmissionWebhook struct {
+// ValidatingAdmissionWebhook is an implementation of admission.Interface.
+type ValidatingAdmissionWebhook struct {
 	*admission.Handler
 	hookSource       WebhookSource
 	namespaceMatcher namespace.Matcher
@@ -111,22 +111,22 @@ type GenericAdmissionWebhook struct {
 }
 
 var (
-	_ = genericadmissioninit.WantsExternalKubeClientSet(&GenericAdmissionWebhook{})
+	_ = genericadmissioninit.WantsExternalKubeClientSet(&ValidatingAdmissionWebhook{})
 )
 
 // TODO find a better way wire this, but keep this pull small for now.
-func (a *GenericAdmissionWebhook) SetAuthenticationInfoResolverWrapper(wrapper config.AuthenticationInfoResolverWrapper) {
+func (a *ValidatingAdmissionWebhook) SetAuthenticationInfoResolverWrapper(wrapper config.AuthenticationInfoResolverWrapper) {
 	a.clientManager.SetAuthenticationInfoResolverWrapper(wrapper)
 }
 
 // SetServiceResolver sets a service resolver for the webhook admission plugin.
 // Passing a nil resolver does not have an effect, instead a default one will be used.
-func (a *GenericAdmissionWebhook) SetServiceResolver(sr config.ServiceResolver) {
+func (a *ValidatingAdmissionWebhook) SetServiceResolver(sr config.ServiceResolver) {
 	a.clientManager.SetServiceResolver(sr)
 }
 
 // SetScheme sets a serializer(NegotiatedSerializer) which is derived from the scheme
-func (a *GenericAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
+func (a *ValidatingAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
 	if scheme != nil {
 		a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
 			Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1alpha1.SchemeGroupVersion),
@@ -136,37 +136,37 @@ func (a *GenericAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
 }
 
 // WantsExternalKubeClientSet defines a function which sets external ClientSet for admission plugins that need it
-func (a *GenericAdmissionWebhook) SetExternalKubeClientSet(client clientset.Interface) {
+func (a *ValidatingAdmissionWebhook) SetExternalKubeClientSet(client clientset.Interface) {
 	a.namespaceMatcher.Client = client
 	a.hookSource = configuration.NewValidatingWebhookConfigurationManager(client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations())
 }
 
 // SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface.
-func (a *GenericAdmissionWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) {
+func (a *ValidatingAdmissionWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) {
 	namespaceInformer := f.Core().V1().Namespaces()
 	a.namespaceMatcher.NamespaceLister = namespaceInformer.Lister()
 	a.SetReadyFunc(namespaceInformer.Informer().HasSynced)
 }
 
 // ValidateInitialization implements the InitializationValidator interface.
-func (a *GenericAdmissionWebhook) ValidateInitialization() error {
+func (a *ValidatingAdmissionWebhook) ValidateInitialization() error {
 	if a.hookSource == nil {
-		return fmt.Errorf("GenericAdmissionWebhook admission plugin requires a Kubernetes client to be provided")
+		return fmt.Errorf("ValidatingAdmissionWebhook admission plugin requires a Kubernetes client to be provided")
 	}
 	if err := a.namespaceMatcher.Validate(); err != nil {
-		return fmt.Errorf("GenericAdmissionWebhook.namespaceMatcher is not properly setup: %v", err)
+		return fmt.Errorf("ValidatingAdmissionWebhook.namespaceMatcher is not properly setup: %v", err)
 	}
 	if err := a.clientManager.Validate(); err != nil {
-		return fmt.Errorf("GenericAdmissionWebhook.clientManager is not properly setup: %v", err)
+		return fmt.Errorf("ValidatingAdmissionWebhook.clientManager is not properly setup: %v", err)
 	}
 	if err := a.convertor.Validate(); err != nil {
-		return fmt.Errorf("GenericAdmissionWebhook.convertor is not properly setup: %v", err)
+		return fmt.Errorf("ValidatingAdmissionWebhook.convertor is not properly setup: %v", err)
 	}
 	go a.hookSource.Run(wait.NeverStop)
 	return nil
 }
 
-func (a *GenericAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.ValidatingWebhookConfiguration, error) {
+func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.ValidatingWebhookConfiguration, error) {
 	hookConfig, err := a.hookSource.Webhooks()
 	// if Webhook configuration is disabled, fail open
 	if err == configuration.ErrDisabled {
@@ -186,7 +186,7 @@ func (a *GenericAdmissionWebhook) loadConfiguration(attr admission.Attributes) (
 }
 
 // Admit makes an admission decision based on the request attributes.
-func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
+func (a *ValidatingAdmissionWebhook) Admit(attr admission.Attributes) error {
 	hookConfig, err := a.loadConfiguration(attr)
 	if err != nil {
 		return err
@@ -280,7 +280,7 @@ func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
 }
 
 // TODO: factor into a common place along with the validating webhook version.
-func (a *GenericAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
+func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
 	var matches bool
 	for _, r := range h.Rules {
 		m := rules.Matcher{Rule: r, Attr: attr}
@@ -296,7 +296,7 @@ func (a *GenericAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admis
 	return a.namespaceMatcher.MatchNamespaceSelector(h, attr)
 }
 
-func (a *GenericAdmissionWebhook) callHook(ctx context.Context, h *v1alpha1.Webhook, attr admission.Attributes) error {
+func (a *ValidatingAdmissionWebhook) callHook(ctx context.Context, h *v1alpha1.Webhook, attr admission.Attributes) error {
 	// Make the webhook request
 	request := request.CreateAdmissionReview(attr)
 	client, err := a.clientManager.HookClient(h)
diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go
@@ -116,7 +116,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook
 	}
 }
 
-// TestAdmit tests that GenericAdmissionWebhook#Admit works as expected
+// TestAdmit tests that ValidatingAdmissionWebhook#Admit works as expected
 func TestAdmit(t *testing.T) {
 	scheme := runtime.NewScheme()
 	v1alpha1.AddToScheme(scheme)
@@ -129,7 +129,7 @@ func TestAdmit(t *testing.T) {
 	if err != nil {
 		t.Fatalf("this should never happen? %v", err)
 	}
-	wh, err := NewGenericAdmissionWebhook(nil)
+	wh, err := NewValidatingAdmissionWebhook(nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -410,7 +410,7 @@ func TestAdmit(t *testing.T) {
 	}
 }
 
-// TestAdmitCachedClient tests that GenericAdmissionWebhook#Admit should cache restClient
+// TestAdmitCachedClient tests that ValidatingAdmissionWebhook#Admit should cache restClient
 func TestAdmitCachedClient(t *testing.T) {
 	scheme := runtime.NewScheme()
 	v1alpha1.AddToScheme(scheme)
@@ -423,7 +423,7 @@ func TestAdmitCachedClient(t *testing.T) {
 	if err != nil {
 		t.Fatalf("this should never happen? %v", err)
 	}
-	wh, err := NewGenericAdmissionWebhook(nil)
+	wh, err := NewValidatingAdmissionWebhook(nil)
 	if err != nil {
 		t.Fatal(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook`
`116`	`116`	`}`
`117`	`117`	`}`
`118`	`118`
`119`		`-// TestAdmit tests that GenericAdmissionWebhook#Admit works as expected`
	`119`	`+// TestAdmit tests that ValidatingAdmissionWebhook#Admit works as expected`
`120`	`120`	`func TestAdmit(t *testing.T) {`
`121`	`121`	`scheme := runtime.NewScheme()`
`122`	`122`	`v1alpha1.AddToScheme(scheme)`
`@@ -129,7 +129,7 @@ func TestAdmit(t *testing.T) {`
`129`	`129`	`if err != nil {`
`130`	`130`	`t.Fatalf("this should never happen? %v", err)`
`131`	`131`	`}`
`132`		`- wh, err := NewGenericAdmissionWebhook(nil)`
	`132`	`+ wh, err := NewValidatingAdmissionWebhook(nil)`
`133`	`133`	`if err != nil {`
`134`	`134`	`t.Fatal(err)`
`135`	`135`	`}`
`@@ -410,7 +410,7 @@ func TestAdmit(t *testing.T) {`
`410`	`410`	`}`
`411`	`411`	`}`
`412`	`412`
`413`		`-// TestAdmitCachedClient tests that GenericAdmissionWebhook#Admit should cache restClient`
	`413`	`+// TestAdmitCachedClient tests that ValidatingAdmissionWebhook#Admit should cache restClient`
`414`	`414`	`func TestAdmitCachedClient(t *testing.T) {`
`415`	`415`	`scheme := runtime.NewScheme()`
`416`	`416`	`v1alpha1.AddToScheme(scheme)`
`@@ -423,7 +423,7 @@ func TestAdmitCachedClient(t *testing.T) {`
`423`	`423`	`if err != nil {`
`424`	`424`	`t.Fatalf("this should never happen? %v", err)`
`425`	`425`	`}`
`426`		`- wh, err := NewGenericAdmissionWebhook(nil)`
	`426`	`+ wh, err := NewValidatingAdmissionWebhook(nil)`
`427`	`427`	`if err != nil {`
`428`	`428`	`t.Fatal(err)`
`429`	`429`	`}`