Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Webhook for IMC #442

Merged
merged 3 commits into from
Aug 17, 2023
Merged

feat: Webhook for IMC #442

merged 3 commits into from
Aug 17, 2023

Conversation

Arvindthiru
Copy link
Contributor

@Arvindthiru Arvindthiru commented Jul 20, 2023
edited
Loading

Description of your changes

Fixes #

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Special notes for your reviewer

@Arvindthiru Arvindthiru force-pushed the IMCWebhook branch 2 times, most recently from a02e4aa to da4a788 Compare August 2, 2023 20:56
@Arvindthiru Arvindthiru marked this pull request as ready for review August 10, 2023 22:04
ryanzhang-oss
ryanzhang-oss reviewed Aug 10, 2023
View reviewed changes
pkg/webhook/validation/uservalidation.go Outdated Show resolved Hide resolved
pkg/webhook/fleetresourcehandler/fleetresourcehandler_webhook.go Outdated Show resolved Hide resolved
pkg/webhook/validation/uservalidation.go Outdated Show resolved Hide resolved
pkg/webhook/validation/uservalidation.go Show resolved Hide resolved
pkg/webhook/validation/uservalidation.go Outdated Show resolved Hide resolved
pkg/webhook/validation/uservalidation.go Outdated Show resolved Hide resolved
ryanzhang-oss
ryanzhang-oss reviewed Aug 16, 2023
View reviewed changes
pkg/webhook/validation/uservalidation.go
klog.V(2).InfoS("user is not allowed to update IMC status", "user", userInfo.Username, "groups", userInfo.Groups, "kind", imcKind, "namespacedName", namespacedName)
return admission.Denied(fmt.Sprintf(imcStatusUpdateNotAllowedFormat, userInfo.Username, userInfo.Groups, namespacedName))
}
return ValidateUserForFleetResource(currentIMC.Kind, namespacedName, whiteListedUsers, userInfo)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we pass the label changes from MC to imc? Label change doesn't change the spec generation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As of now we don't pass the label changes from MC to IMC. Agreed label changes won't affect generation

test/e2e/utils/helper.go Outdated Show resolved Hide resolved
test/e2e/utils/helper.go Outdated Show resolved Hide resolved
test/e2e/framework/cluster.go
@@ -64,7 +65,7 @@ func GetClusterClient(cluster *Cluster) {
gomega.Expect(err).Should(gomega.Succeed(), "Failed to set up Rest Mapper")

cluster.ImpersonateKubeClient, err = client.New(impersonateRestConfig, client.Options{Scheme: cluster.Scheme})
gomega.Expect(err).Should(gomega.Succeed(), "Failed to set up Kube Client")
gomega.Expect(err).Should(gomega.Succeed(), "Failed to set up Impersonate Kube Client")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIRC, the GetImpersonateClientConfig is not configurable so how can we test different cases (like user belong to some group/name)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently it's being used to simulate a test user who is not part of the system:masters group to make requests to the api server. AFAIK we need to create new Impersonate clients if we want to test scenarios where user has a different name and belongs to different groups

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, we need that. Can you add a TODO?

test/e2e/utils/helper.go
return hubCluster.KubeClient.Create(ctx, mc)
}, PollTimeout, PollInterval).Should(gomega.Succeed(), "Failed to wait for member cluster %s to be created in %s cluster", mc.Name, hubCluster.ClusterName)

imc := &fleetv1alpha1.InternalMemberCluster{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where is this used ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fleet/test/e2e/webhook_test.go

Line 710 in 7cae41b

imc := fleetv1alpha1.InternalMemberCluster{
in the E2E tests

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am a bit confused, the line you pasted declared a new variable.

@ryanzhang-oss ryanzhang-oss merged commit 36d2a41 into Azure:main Aug 17, 2023
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanzhang-oss ryanzhang-oss ryanzhang-oss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Arvindthiru @ryanzhang-oss