kubernetes-sigs
diff --git a/‎pkg/builder/webhook_test.go
Lines changed: 217 additions & 202 deletions b/‎pkg/builder/webhook_test.go
Lines changed: 217 additions & 202 deletions
diff --git a/‎pkg/webhook/admission/decode_test.go
Lines changed: 2 additions & 2 deletions b/‎pkg/webhook/admission/decode_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/webhook/admission/http.go
Lines changed: 54 additions & 7 deletions b/‎pkg/webhook/admission/http.go
Lines changed: 54 additions & 7 deletions
diff --git a/‎pkg/webhook/admission/http_test.go
Lines changed: 4 additions & 4 deletions b/‎pkg/webhook/admission/http_test.go
Lines changed: 4 additions & 4 deletions
diff --git a/‎pkg/webhook/admission/multi.go
Lines changed: 8 additions & 7 deletions b/‎pkg/webhook/admission/multi.go
Lines changed: 8 additions & 7 deletions
diff --git a/‎pkg/webhook/admission/multi_test.go
Lines changed: 8 additions & 8 deletions b/‎pkg/webhook/admission/multi_test.go
Lines changed: 8 additions & 8 deletions
diff --git a/‎pkg/webhook/admission/response.go
Lines changed: 7 additions & 8 deletions b/‎pkg/webhook/admission/response.go
Lines changed: 7 additions & 8 deletions
@@ -20,7 +20,7 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -39,7 +39,7 @@ var _ = Describe("Admission Webhook Decoder", func() {
 	})
 
 	req := Request{
-		AdmissionRequest: admissionv1beta1.AdmissionRequest{
+		AdmissionRequest: admissionv1.AdmissionRequest{
 			Object: runtime.RawExtension{
 				Raw: []byte(`{
     "apiVersion": "v1",
 
@@ -24,9 +24,11 @@ import (
 	"io/ioutil"
 	"net/http"
 
+	v1 "k8s.io/api/admission/v1"
 	"k8s.io/api/admission/v1beta1"
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 )
@@ -35,7 +37,8 @@ var admissionScheme = runtime.NewScheme()
 var admissionCodecs = serializer.NewCodecFactory(admissionScheme)
 
 func init() {
-	utilruntime.Must(admissionv1beta1.AddToScheme(admissionScheme))
+	utilruntime.Must(v1.AddToScheme(admissionScheme))
+	utilruntime.Must(v1beta1.AddToScheme(admissionScheme))
 }
 
 var _ http.Handler = &Webhook{}
@@ -70,11 +73,32 @@ func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	req := Request{}
-	ar := v1beta1.AdmissionReview{
-		// avoid an extra copy
-		Request: &req.AdmissionRequest,
+	// Both v1 and v1beta1 AdmissionReview types are exactly the same, so the v1beta1 type can
+	// be decoded into the v1 type. However the runtime codec's decoder guesses which type to
+	// decode into by GVK if an Object's TypeMeta isn't set. By checking TypeMeta for v1beta1
+	// and setting API version to v1, the decoder will coerce a v1beta1 AdmissionReview to v1.
+	ar := unversionedAdmissionReview{}
+	if err := json.Unmarshal(body, &ar.TypeMeta); err != nil {
+		wh.log.Error(err, "unable to decode request typemeta")
+		reviewResponse = Errored(http.StatusBadRequest, err)
+		wh.writeResponse(w, reviewResponse)
+		return
 	}
+	switch ar.GroupVersionKind() {
+	case v1.SchemeGroupVersion.WithKind("AdmissionReview"):
+	case schema.GroupVersionKind{}, v1beta1.SchemeGroupVersion.WithKind("AdmissionReview"):
+		ar.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("AdmissionReview"))
+	default:
+		err = errors.New("admission review has bad typemeta")
+		wh.log.Error(err, ar.GroupVersionKind().String())
+		reviewResponse = Errored(http.StatusBadRequest, err)
+		wh.writeResponse(w, reviewResponse)
+		return
+	}
+
+	req := Request{}
+	// avoid an extra copy
+	ar.Request = &req.AdmissionRequest
 	if _, _, err := admissionCodecs.UniversalDeserializer().Decode(body, nil, &ar); err != nil {
 		wh.log.Error(err, "unable to decode the request")
 		reviewResponse = Errored(http.StatusBadRequest, err)
@@ -90,7 +114,7 @@ func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 func (wh *Webhook) writeResponse(w io.Writer, response Response) {
 	encoder := json.NewEncoder(w)
-	responseAdmissionReview := v1beta1.AdmissionReview{
+	responseAdmissionReview := v1.AdmissionReview{
 		Response: &response.AdmissionResponse,
 	}
 	err := encoder.Encode(responseAdmissionReview)
@@ -107,3 +131,26 @@ func (wh *Webhook) writeResponse(w io.Writer, response Response) {
 		}
 	}
 }
+
+// unversionedAdmissionReview is used to decode both v1 and v1beta1 AdmissionReview types.
+type unversionedAdmissionReview struct {
+	metav1.TypeMeta `json:",inline"`
+	Request         *v1.AdmissionRequest  `json:"request,omitempty"`
+	Response        *v1.AdmissionResponse `json:"response,omitempty"`
+}
+
+var _ runtime.Object = &unversionedAdmissionReview{}
+
+func (o unversionedAdmissionReview) DeepCopyObject() runtime.Object {
+	ar := v1.AdmissionReview{
+		TypeMeta: o.TypeMeta,
+		Request:  o.Request,
+		Response: o.Response,
+	}
+	aro := ar.DeepCopyObject().(*v1.AdmissionReview)
+	return &unversionedAdmissionReview{
+		TypeMeta: aro.TypeMeta,
+		Request:  aro.Request,
+		Response: aro.Response,
+	}
+}
@@ -27,10 +27,10 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
-	"sigs.k8s.io/controller-runtime/pkg/runtime/inject"
+	admissionv1 "k8s.io/api/admission/v1"
 
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
 	logf "sigs.k8s.io/controller-runtime/pkg/internal/log"
+	"sigs.k8s.io/controller-runtime/pkg/runtime/inject"
 )
 
 var _ = Describe("Admission Webhooks", func() {
@@ -76,7 +76,7 @@ var _ = Describe("Admission Webhooks", func() {
 			}
 
 			expected := []byte(
-				`{"response":{"uid":"","allowed":false,"status":{"metadata":{},"message":"couldn't get version/kind; json parse error: unexpected end of JSON input","code":400}}}
+				`{"response":{"uid":"","allowed":false,"status":{"metadata":{},"message":"unexpected end of JSON input","code":400}}}
 `)
 			webhook.ServeHTTP(respRecorder, req)
 			Expect(respRecorder.Body.Bytes()).To(Equal(expected))
@@ -155,7 +155,7 @@ func (h *fakeHandler) Handle(ctx context.Context, req Request) Response {
 	if h.fn != nil {
 		return h.fn(ctx, req)
 	}
-	return Response{AdmissionResponse: admissionv1beta1.AdmissionResponse{
+	return Response{AdmissionResponse: admissionv1.AdmissionResponse{
 		Allowed: true,
 	}}
 }
@@ -22,9 +22,10 @@ import (
 	"fmt"
 	"net/http"
 
-	"gomodules.xyz/jsonpatch/v2"
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	jsonpatch "gomodules.xyz/jsonpatch/v2"
+	admissionv1 "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
 	"sigs.k8s.io/controller-runtime/pkg/runtime/inject"
 )
 
@@ -37,10 +38,10 @@ func (hs multiMutating) Handle(ctx context.Context, req Request) Response {
 		if !resp.Allowed {
 			return resp
 		}
-		if resp.PatchType != nil && *resp.PatchType != admissionv1beta1.PatchTypeJSONPatch {
+		if resp.PatchType != nil && *resp.PatchType != admissionv1.PatchTypeJSONPatch {
 			return Errored(http.StatusInternalServerError,
 				fmt.Errorf("unexpected patch type returned by the handler: %v, only allow: %v",
-					resp.PatchType, admissionv1beta1.PatchTypeJSONPatch))
+					resp.PatchType, admissionv1.PatchTypeJSONPatch))
 		}
 		patches = append(patches, resp.Patches...)
 	}
@@ -50,13 +51,13 @@ func (hs multiMutating) Handle(ctx context.Context, req Request) Response {
 		return Errored(http.StatusBadRequest, fmt.Errorf("error when marshaling the patch: %w", err))
 	}
 	return Response{
-		AdmissionResponse: admissionv1beta1.AdmissionResponse{
+		AdmissionResponse: admissionv1.AdmissionResponse{
 			Allowed: true,
 			Result: &metav1.Status{
 				Code: http.StatusOK,
 			},
 			Patch:     marshaledPatch,
-			PatchType: func() *admissionv1beta1.PatchType { pt := admissionv1beta1.PatchTypeJSONPatch; return &pt }(),
+			PatchType: func() *admissionv1.PatchType { pt := admissionv1.PatchTypeJSONPatch; return &pt }(),
 		},
 	}
 }
@@ -94,7 +95,7 @@ func (hs multiValidating) Handle(ctx context.Context, req Request) Response {
 		}
 	}
 	return Response{
-		AdmissionResponse: admissionv1beta1.AdmissionResponse{
+		AdmissionResponse: admissionv1.AdmissionResponse{
 			Allowed: true,
 			Result: &metav1.Status{
 				Code: http.StatusOK,
 
@@ -22,15 +22,15 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
-	"gomodules.xyz/jsonpatch/v2"
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	jsonpatch "gomodules.xyz/jsonpatch/v2"
+	admissionv1 "k8s.io/api/admission/v1"
 )
 
 var _ = Describe("Multi-Handler Admission Webhooks", func() {
 	alwaysAllow := &fakeHandler{
 		fn: func(ctx context.Context, req Request) Response {
 			return Response{
-				AdmissionResponse: admissionv1beta1.AdmissionResponse{
+				AdmissionResponse: admissionv1.AdmissionResponse{
 					Allowed: true,
 				},
 			}
@@ -39,7 +39,7 @@ var _ = Describe("Multi-Handler Admission Webhooks", func() {
 	alwaysDeny := &fakeHandler{
 		fn: func(ctx context.Context, req Request) Response {
 			return Response{
-				AdmissionResponse: admissionv1beta1.AdmissionResponse{
+				AdmissionResponse: admissionv1.AdmissionResponse{
 					Allowed: false,
 				},
 			}
@@ -82,9 +82,9 @@ var _ = Describe("Multi-Handler Admission Webhooks", func() {
 							Value:     "2",
 						},
 					},
-					AdmissionResponse: admissionv1beta1.AdmissionResponse{
+					AdmissionResponse: admissionv1.AdmissionResponse{
 						Allowed:   true,
-						PatchType: func() *admissionv1beta1.PatchType { pt := admissionv1beta1.PatchTypeJSONPatch; return &pt }(),
+						PatchType: func() *admissionv1.PatchType { pt := admissionv1.PatchTypeJSONPatch; return &pt }(),
 					},
 				}
 			},
@@ -99,9 +99,9 @@ var _ = Describe("Multi-Handler Admission Webhooks", func() {
 							Value:     "world",
 						},
 					},
-					AdmissionResponse: admissionv1beta1.AdmissionResponse{
+					AdmissionResponse: admissionv1.AdmissionResponse{
 						Allowed:   true,
-						PatchType: func() *admissionv1beta1.PatchType { pt := admissionv1beta1.PatchTypeJSONPatch; return &pt }(),
+						PatchType: func() *admissionv1.PatchType { pt := admissionv1.PatchTypeJSONPatch; return &pt }(),
 					},
 				}
 			},
 
@@ -19,9 +19,8 @@ package admission
 import (
 	"net/http"
 
-	"gomodules.xyz/jsonpatch/v2"
-
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	jsonpatch "gomodules.xyz/jsonpatch/v2"
+	admissionv1 "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -50,7 +49,7 @@ func Patched(reason string, patches ...jsonpatch.JsonPatchOperation) Response {
 // Errored creates a new Response for error-handling a request.
 func Errored(code int32, err error) Response {
 	return Response{
-		AdmissionResponse: admissionv1beta1.AdmissionResponse{
+		AdmissionResponse: admissionv1.AdmissionResponse{
 			Allowed: false,
 			Result: &metav1.Status{
 				Code:    code,
@@ -67,7 +66,7 @@ func ValidationResponse(allowed bool, reason string) Response {
 		code = http.StatusOK
 	}
 	resp := Response{
-		AdmissionResponse: admissionv1beta1.AdmissionResponse{
+		AdmissionResponse: admissionv1.AdmissionResponse{
 			Allowed: allowed,
 			Result: &metav1.Status{
 				Code: int32(code),
@@ -90,17 +89,17 @@ func PatchResponseFromRaw(original, current []byte) Response {
 	}
 	return Response{
 		Patches: patches,
-		AdmissionResponse: admissionv1beta1.AdmissionResponse{
+		AdmissionResponse: admissionv1.AdmissionResponse{
 			Allowed:   true,
-			PatchType: func() *admissionv1beta1.PatchType { pt := admissionv1beta1.PatchTypeJSONPatch; return &pt }(),
+			PatchType: func() *admissionv1.PatchType { pt := admissionv1.PatchTypeJSONPatch; return &pt }(),
 		},
 	}
 }
 
 // validationResponseFromStatus returns a response for admitting a request with provided Status object.
 func validationResponseFromStatus(allowed bool, status metav1.Status) Response {
 	resp := Response{
-		AdmissionResponse: admissionv1beta1.AdmissionResponse{
+		AdmissionResponse: admissionv1.AdmissionResponse{
 			Allowed: allowed,
 			Result:  &status,
 		},
Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,10 @@ import (`
`22`	`22`	`"fmt"`
`23`	`23`	`"net/http"`
`24`	`24`
`25`		`- "gomodules.xyz/jsonpatch/v2"`
`26`		`- admissionv1beta1 "k8s.io/api/admission/v1beta1"`
	`25`	`+ jsonpatch "gomodules.xyz/jsonpatch/v2"`
	`26`	`+ admissionv1 "k8s.io/api/admission/v1"`
`27`	`27`	`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
	`28`	`+`
`28`	`29`	`"sigs.k8s.io/controller-runtime/pkg/runtime/inject"`
`29`	`30`	`)`
`30`	`31`
`@@ -37,10 +38,10 @@ func (hs multiMutating) Handle(ctx context.Context, req Request) Response {`
`37`	`38`	`if !resp.Allowed {`
`38`	`39`	`return resp`
`39`	`40`	`}`
`40`		`- if resp.PatchType != nil && *resp.PatchType != admissionv1beta1.PatchTypeJSONPatch {`
	`41`	`+ if resp.PatchType != nil && *resp.PatchType != admissionv1.PatchTypeJSONPatch {`
`41`	`42`	`return Errored(http.StatusInternalServerError,`
`42`	`43`	`fmt.Errorf("unexpected patch type returned by the handler: %v, only allow: %v",`
`43`		`- resp.PatchType, admissionv1beta1.PatchTypeJSONPatch))`
	`44`	`+ resp.PatchType, admissionv1.PatchTypeJSONPatch))`
`44`	`45`	`}`
`45`	`46`	`patches = append(patches, resp.Patches...)`
`46`	`47`	`}`
`@@ -50,13 +51,13 @@ func (hs multiMutating) Handle(ctx context.Context, req Request) Response {`
`50`	`51`	`return Errored(http.StatusBadRequest, fmt.Errorf("error when marshaling the patch: %w", err))`
`51`	`52`	`}`
`52`	`53`	`return Response{`
`53`		`- AdmissionResponse: admissionv1beta1.AdmissionResponse{`
	`54`	`+ AdmissionResponse: admissionv1.AdmissionResponse{`
`54`	`55`	`Allowed: true,`
`55`	`56`	`Result: &metav1.Status{`
`56`	`57`	`Code: http.StatusOK,`
`57`	`58`	`},`
`58`	`59`	`Patch: marshaledPatch,`
`59`		`- PatchType: func() *admissionv1beta1.PatchType { pt := admissionv1beta1.PatchTypeJSONPatch; return &pt }(),`
	`60`	`+ PatchType: func() *admissionv1.PatchType { pt := admissionv1.PatchTypeJSONPatch; return &pt }(),`
`60`	`61`	`},`
`61`	`62`	`}`
`62`	`63`	`}`
`@@ -94,7 +95,7 @@ func (hs multiValidating) Handle(ctx context.Context, req Request) Response {`
`94`	`95`	`}`
`95`	`96`	`}`
`96`	`97`	`return Response{`
`97`		`- AdmissionResponse: admissionv1beta1.AdmissionResponse{`
	`98`	`+ AdmissionResponse: admissionv1.AdmissionResponse{`
`98`	`99`	`Allowed: true,`
`99`	`100`	`Result: &metav1.Status{`
`100`	`101`	`Code: http.StatusOK,`