Skip to content

Commit 73c3201

Browse files
committed
Make admission plugin config a pointer
1 parent 516aea9 commit 73c3201

28 files changed

+104
-70
lines changed

pkg/build/admission/config.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ import (
1111
)
1212

1313
// ReadPluginConfig will read a plugin configuration object from a reader stream
14-
func ReadPluginConfig(pluginConfig map[string]configapi.AdmissionPluginConfig, name string, config runtime.Object) error {
14+
func ReadPluginConfig(pluginConfig map[string]*configapi.AdmissionPluginConfig, name string, config runtime.Object) error {
1515

1616
configFilePath, err := pluginconfig.GetPluginConfigFile(pluginConfig, name, "")
1717
if err != nil || len(configFilePath) == 0 {

pkg/build/admission/config_test.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ func TestReadPluginConfig(t *testing.T) {
2323
Item1: "hello",
2424
Item2: []string{"foo", "bar"},
2525
}
26-
pluginCfg := map[string]configapi.AdmissionPluginConfig{"testconfig": {Location: "", Configuration: expected}}
26+
pluginCfg := map[string]*configapi.AdmissionPluginConfig{"testconfig": {Location: "", Configuration: expected}}
2727
// The config should match the expected config object
2828
err := ReadPluginConfig(pluginCfg, "testconfig", config)
2929
if err != nil {
@@ -34,15 +34,15 @@ func TestReadPluginConfig(t *testing.T) {
3434
}
3535

3636
// Passing a nil cfg, should not get an error
37-
pluginCfg = map[string]configapi.AdmissionPluginConfig{}
37+
pluginCfg = map[string]*configapi.AdmissionPluginConfig{}
3838
err = ReadPluginConfig(pluginCfg, "testconfig", &testtypes.TestConfig{})
3939
if err != nil {
4040
t.Fatalf("unexpected: %v", err)
4141
}
4242

4343
// Passing the wrong type of destination object should result in an error
4444
config2 := &testtypes.OtherTestConfig2{}
45-
pluginCfg = map[string]configapi.AdmissionPluginConfig{"testconfig": {Location: "", Configuration: expected}}
45+
pluginCfg = map[string]*configapi.AdmissionPluginConfig{"testconfig": {Location: "", Configuration: expected}}
4646
err = ReadPluginConfig(pluginCfg, "testconfig", config2)
4747
if err == nil {
4848
t.Fatalf("expected error")

pkg/build/controller/build/defaults/defaults.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ type BuildDefaults struct {
1919
}
2020

2121
// NewBuildDefaults creates a new BuildDefaults that will apply the defaults specified in the plugin config
22-
func NewBuildDefaults(pluginConfig map[string]configapi.AdmissionPluginConfig) (BuildDefaults, error) {
22+
func NewBuildDefaults(pluginConfig map[string]*configapi.AdmissionPluginConfig) (BuildDefaults, error) {
2323
config := &defaultsapi.BuildDefaultsConfig{}
2424
err := buildadmission.ReadPluginConfig(pluginConfig, defaultsapi.BuildDefaultsPlugin, config)
2525
if err != nil {

pkg/build/controller/build/overrides/overrides.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ type BuildOverrides struct {
2121
}
2222

2323
// NewBuildOverrides creates a new BuildOverrides that will apply the overrides specified in the plugin config
24-
func NewBuildOverrides(pluginConfig map[string]configapi.AdmissionPluginConfig) (BuildOverrides, error) {
24+
func NewBuildOverrides(pluginConfig map[string]*configapi.AdmissionPluginConfig) (BuildOverrides, error) {
2525
config := &overridesapi.BuildOverridesConfig{}
2626
err := buildadmission.ReadPluginConfig(pluginConfig, overridesapi.BuildOverridesPlugin, config)
2727
if err != nil {

pkg/cmd/server/api/serialization_test.go

+19-4
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@ func fuzzInternalObject(t *testing.T, forVersion schema.GroupVersion, item runti
169169

170170
// test an admission plugin nested for round tripping
171171
if c.RandBool() {
172-
obj.AdmissionConfig.PluginConfig = map[string]configapi.AdmissionPluginConfig{
172+
obj.AdmissionConfig.PluginConfig = map[string]*configapi.AdmissionPluginConfig{
173173
"abc": {
174174
Location: "test",
175175
Configuration: &configapi.LDAPSyncConfig{
@@ -178,9 +178,24 @@ func fuzzInternalObject(t *testing.T, forVersion schema.GroupVersion, item runti
178178
},
179179
}
180180
}
181+
182+
// ensure there are no nil plugin config objects
183+
for pluginName := range obj.AdmissionConfig.PluginConfig {
184+
if obj.AdmissionConfig.PluginConfig[pluginName] == nil {
185+
obj.AdmissionConfig.PluginConfig[pluginName] = &configapi.AdmissionPluginConfig{}
186+
}
187+
}
188+
if obj.KubernetesMasterConfig != nil {
189+
for pluginName := range obj.KubernetesMasterConfig.AdmissionConfig.PluginConfig {
190+
if obj.KubernetesMasterConfig.AdmissionConfig.PluginConfig[pluginName] == nil {
191+
obj.KubernetesMasterConfig.AdmissionConfig.PluginConfig[pluginName] = &configapi.AdmissionPluginConfig{}
192+
}
193+
}
194+
}
195+
181196
// test a Kubernetes admission plugin nested for round tripping
182197
if obj.KubernetesMasterConfig != nil && c.RandBool() {
183-
obj.KubernetesMasterConfig.AdmissionConfig.PluginConfig = map[string]configapi.AdmissionPluginConfig{
198+
obj.KubernetesMasterConfig.AdmissionConfig.PluginConfig = map[string]*configapi.AdmissionPluginConfig{
184199
"abc": {
185200
Location: "test",
186201
Configuration: &configapi.LDAPSyncConfig{
@@ -502,7 +517,7 @@ func TestSpecificRoundTrips(t *testing.T) {
502517
{
503518
in: &configapi.MasterConfig{
504519
AdmissionConfig: configapi.AdmissionConfig{
505-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
520+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
506521
"test1": {Configuration: &configapi.LDAPSyncConfig{BindDN: "first"}},
507522
"test2": {Configuration: &runtime.Unknown{Raw: []byte(`{"kind":"LDAPSyncConfig","apiVersion":"v1","bindDN":"second"}`)}},
508523
"test3": {Configuration: &runtime.Unknown{Raw: []byte(`{"kind":"Unknown","apiVersion":"some/version"}`)}},
@@ -514,7 +529,7 @@ func TestSpecificRoundTrips(t *testing.T) {
514529
out: &configapiv1.MasterConfig{
515530
TypeMeta: metav1.TypeMeta{Kind: "MasterConfig", APIVersion: "v1"},
516531
AdmissionConfig: configapiv1.AdmissionConfig{
517-
PluginConfig: map[string]configapiv1.AdmissionPluginConfig{
532+
PluginConfig: map[string]*configapiv1.AdmissionPluginConfig{
518533
"test1": {Configuration: runtime.RawExtension{
519534
Object: &configapiv1.LDAPSyncConfig{BindDN: "first"},
520535
Raw: []byte(`{"kind":"LDAPSyncConfig","apiVersion":"v1","url":"","bindDN":"first","bindPassword":"","insecure":false,"ca":"","groupUIDNameMapping":null}`),

pkg/cmd/server/api/types.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -1523,7 +1523,7 @@ type AdmissionPluginConfig struct {
15231523

15241524
type AdmissionConfig struct {
15251525
// PluginConfig allows specifying a configuration file per admission control plugin
1526-
PluginConfig map[string]AdmissionPluginConfig
1526+
PluginConfig map[string]*AdmissionPluginConfig
15271527

15281528
// PluginOrderOverride is a list of admission control plugin names that will be installed
15291529
// on the master. Order is significant. If empty, a default list of plugins is used.

pkg/cmd/server/api/v1/conversions.go

+13
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,13 @@ func SetDefaults_MasterConfig(obj *MasterConfig) {
129129
// The final value of OAuthConfig.MasterCA should never be nil
130130
obj.OAuthConfig.MasterCA = &s
131131
}
132+
133+
// Ensure no nil plugin config stanzas
134+
for pluginName := range obj.AdmissionConfig.PluginConfig {
135+
if obj.AdmissionConfig.PluginConfig[pluginName] == nil {
136+
obj.AdmissionConfig.PluginConfig[pluginName] = &AdmissionPluginConfig{}
137+
}
138+
}
132139
}
133140

134141
func SetDefaults_KubernetesMasterConfig(obj *KubernetesMasterConfig) {
@@ -147,6 +154,12 @@ func SetDefaults_KubernetesMasterConfig(obj *KubernetesMasterConfig) {
147154
if len(obj.PodEvictionTimeout) == 0 {
148155
obj.PodEvictionTimeout = "5m"
149156
}
157+
// Ensure no nil plugin config stanzas
158+
for pluginName := range obj.AdmissionConfig.PluginConfig {
159+
if obj.AdmissionConfig.PluginConfig[pluginName] == nil {
160+
obj.AdmissionConfig.PluginConfig[pluginName] = &AdmissionPluginConfig{}
161+
}
162+
}
150163
}
151164
func SetDefaults_NodeConfig(obj *NodeConfig) {
152165
if obj.MasterClientConnectionOverrides == nil {

pkg/cmd/server/api/v1/types.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -1443,7 +1443,7 @@ type AdmissionPluginConfig struct {
14431443
// AdmissionConfig holds the necessary configuration options for admission
14441444
type AdmissionConfig struct {
14451445
// PluginConfig allows specifying a configuration file per admission control plugin
1446-
PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig"`
1446+
PluginConfig map[string]*AdmissionPluginConfig `json:"pluginConfig"`
14471447

14481448
// PluginOrderOverride is a list of admission control plugin names that will be installed
14491449
// on the master. Order is significant. If empty, a default list of plugins is used.

pkg/cmd/server/api/v1/types_test.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ func TestMasterConfig(t *testing.T) {
193193
},
194194
KubernetesMasterConfig: &internal.KubernetesMasterConfig{
195195
AdmissionConfig: internal.AdmissionConfig{
196-
PluginConfig: map[string]internal.AdmissionPluginConfig{ // test config as an embedded object
196+
PluginConfig: map[string]*internal.AdmissionPluginConfig{ // test config as an embedded object
197197
"plugin": {
198198
Configuration: &testtypes.AdmissionPluginTestConfig{},
199199
},
@@ -229,7 +229,7 @@ func TestMasterConfig(t *testing.T) {
229229
},
230230
DNSConfig: &internal.DNSConfig{},
231231
AdmissionConfig: internal.AdmissionConfig{
232-
PluginConfig: map[string]internal.AdmissionPluginConfig{ // test config as an embedded object
232+
PluginConfig: map[string]*internal.AdmissionPluginConfig{ // test config as an embedded object
233233
"plugin": {
234234
Configuration: &testtypes.AdmissionPluginTestConfig{},
235235
},

pkg/cmd/server/api/v1/zz_generated.deepcopy.go

+7-4
Original file line numberDiff line numberDiff line change
@@ -42,11 +42,14 @@ func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) {
4242
*out = *in
4343
if in.PluginConfig != nil {
4444
in, out := &in.PluginConfig, &out.PluginConfig
45-
*out = make(map[string]AdmissionPluginConfig, len(*in))
45+
*out = make(map[string]*AdmissionPluginConfig, len(*in))
4646
for key, val := range *in {
47-
newVal := new(AdmissionPluginConfig)
48-
val.DeepCopyInto(newVal)
49-
(*out)[key] = *newVal
47+
if val == nil {
48+
(*out)[key] = nil
49+
} else {
50+
(*out)[key] = new(AdmissionPluginConfig)
51+
val.DeepCopyInto((*out)[key])
52+
}
5053
}
5154
}
5255
if in.PluginOrderOverride != nil {

pkg/cmd/server/api/validation/master.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -774,7 +774,7 @@ func deprecatedAdmissionPluginNames() sets.String {
774774
return sets.NewString("openshift.io/OriginResourceQuota")
775775
}
776776

777-
func ValidateAdmissionPluginConfig(pluginConfig map[string]api.AdmissionPluginConfig, fieldPath *field.Path) ValidationResults {
777+
func ValidateAdmissionPluginConfig(pluginConfig map[string]*api.AdmissionPluginConfig, fieldPath *field.Path) ValidationResults {
778778
validationResults := ValidationResults{}
779779

780780
deprecatedPlugins := deprecatedAdmissionPluginNames()

pkg/cmd/server/api/validation/master_test.go

+19-19
Original file line numberDiff line numberDiff line change
@@ -215,34 +215,34 @@ func TestValidateAdmissionPluginConfig(t *testing.T) {
215215
bothEmpty := configapi.AdmissionPluginConfig{}
216216

217217
tests := []struct {
218-
config map[string]configapi.AdmissionPluginConfig
218+
config map[string]*configapi.AdmissionPluginConfig
219219
expectError bool
220220
warningFields []string
221221
}{
222222
{
223-
config: map[string]configapi.AdmissionPluginConfig{
224-
"one": locationOnly,
225-
"two": configOnly,
223+
config: map[string]*configapi.AdmissionPluginConfig{
224+
"one": &locationOnly,
225+
"two": &configOnly,
226226
},
227227
},
228228
{
229-
config: map[string]configapi.AdmissionPluginConfig{
230-
"one": locationOnly,
231-
"two": locationAndConfig,
229+
config: map[string]*configapi.AdmissionPluginConfig{
230+
"one": &locationOnly,
231+
"two": &locationAndConfig,
232232
},
233233
expectError: true,
234234
},
235235
{
236-
config: map[string]configapi.AdmissionPluginConfig{
237-
"one": configOnly,
238-
"two": bothEmpty,
236+
config: map[string]*configapi.AdmissionPluginConfig{
237+
"one": &configOnly,
238+
"two": &bothEmpty,
239239
},
240240
expectError: true,
241241
},
242242
{
243-
config: map[string]configapi.AdmissionPluginConfig{
244-
"openshift.io/OriginResourceQuota": configOnly,
245-
"two": configOnly,
243+
config: map[string]*configapi.AdmissionPluginConfig{
244+
"openshift.io/OriginResourceQuota": &configOnly,
245+
"two": &configOnly,
246246
},
247247
warningFields: []string{"[openshift.io/OriginResourceQuota]"},
248248
expectError: false,
@@ -325,7 +325,7 @@ func TestValidateAdmissionPluginConfigConflicts(t *testing.T) {
325325
name: "specified, non-conflicting plugin configs 01",
326326
options: configapi.MasterConfig{
327327
AdmissionConfig: configapi.AdmissionConfig{
328-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
328+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
329329
"foo": {
330330
Location: "bar",
331331
},
@@ -338,7 +338,7 @@ func TestValidateAdmissionPluginConfigConflicts(t *testing.T) {
338338
options: configapi.MasterConfig{
339339
KubernetesMasterConfig: &configapi.KubernetesMasterConfig{
340340
AdmissionConfig: configapi.AdmissionConfig{
341-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
341+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
342342
"foo": {
343343
Location: "bar",
344344
},
@@ -349,7 +349,7 @@ func TestValidateAdmissionPluginConfigConflicts(t *testing.T) {
349349
},
350350
},
351351
AdmissionConfig: configapi.AdmissionConfig{
352-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
352+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
353353
"foo": {
354354
Location: "bar",
355355
},
@@ -362,7 +362,7 @@ func TestValidateAdmissionPluginConfigConflicts(t *testing.T) {
362362
options: configapi.MasterConfig{
363363
KubernetesMasterConfig: &configapi.KubernetesMasterConfig{
364364
AdmissionConfig: configapi.AdmissionConfig{
365-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
365+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
366366
"foo": {
367367
Location: "bar",
368368
},
@@ -379,15 +379,15 @@ func TestValidateAdmissionPluginConfigConflicts(t *testing.T) {
379379
options: configapi.MasterConfig{
380380
KubernetesMasterConfig: &configapi.KubernetesMasterConfig{
381381
AdmissionConfig: configapi.AdmissionConfig{
382-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
382+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
383383
"foo": {
384384
Location: "different",
385385
},
386386
},
387387
},
388388
},
389389
AdmissionConfig: configapi.AdmissionConfig{
390-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
390+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
391391
"foo": {
392392
Location: "bar",
393393
},

pkg/cmd/server/api/zz_generated.deepcopy.go

+7-4
Original file line numberDiff line numberDiff line change
@@ -42,11 +42,14 @@ func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) {
4242
*out = *in
4343
if in.PluginConfig != nil {
4444
in, out := &in.PluginConfig, &out.PluginConfig
45-
*out = make(map[string]AdmissionPluginConfig, len(*in))
45+
*out = make(map[string]*AdmissionPluginConfig, len(*in))
4646
for key, val := range *in {
47-
newVal := new(AdmissionPluginConfig)
48-
val.DeepCopyInto(newVal)
49-
(*out)[key] = *newVal
47+
if val == nil {
48+
(*out)[key] = nil
49+
} else {
50+
(*out)[key] = new(AdmissionPluginConfig)
51+
val.DeepCopyInto((*out)[key])
52+
}
5053
}
5154
}
5255
if in.PluginOrderOverride != nil {

pkg/cmd/server/origin/admission/chain_builder.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ func NewAdmissionChains(
147147
} else {
148148
pluginConfig := map[string]configapi.AdmissionPluginConfig{}
149149
for pluginName, config := range options.AdmissionConfig.PluginConfig {
150-
pluginConfig[pluginName] = config
150+
pluginConfig[pluginName] = *config
151151
}
152152
upstreamAdmissionConfig, err := configapilatest.ConvertOpenshiftAdmissionConfigToKubeAdmissionConfig(pluginConfig)
153153
if err != nil {

pkg/cmd/server/origin/admission/config_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ func TestSeparateAdmissionChainDetection(t *testing.T) {
168168
options: configapi.MasterConfig{
169169
KubernetesMasterConfig: &configapi.KubernetesMasterConfig{},
170170
AdmissionConfig: configapi.AdmissionConfig{
171-
PluginConfig: map[string]configapi.AdmissionPluginConfig{
171+
PluginConfig: map[string]*configapi.AdmissionPluginConfig{
172172
"foo": {
173173
Location: "bar",
174174
},

pkg/cmd/server/origin/controller/build.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ import (
1616
type BuildControllerConfig struct {
1717
DockerImage string
1818
S2IImage string
19-
AdmissionPluginConfig map[string]configapi.AdmissionPluginConfig
19+
AdmissionPluginConfig map[string]*configapi.AdmissionPluginConfig
2020

2121
Codec runtime.Codec
2222
}

pkg/cmd/util/pluginconfig/config.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -47,11 +47,11 @@ func GetPluginConfig(cfg configapi.AdmissionPluginConfig) (string, error) {
4747

4848
// GetPluginConfigFile translates from the master plugin config to a file name containing
4949
// a particular plugin's config (the file may be a temp file if config is embedded)
50-
func GetPluginConfigFile(pluginConfig map[string]configapi.AdmissionPluginConfig, pluginName string, defaultConfigFilePath string) (string, error) {
50+
func GetPluginConfigFile(pluginConfig map[string]*configapi.AdmissionPluginConfig, pluginName string, defaultConfigFilePath string) (string, error) {
5151
// Check whether a config is specified for this plugin. If not, default to the
5252
// global plugin config file (if any).
5353
if cfg, hasConfig := pluginConfig[pluginName]; hasConfig {
54-
configFilePath, err := GetPluginConfig(cfg)
54+
configFilePath, err := GetPluginConfig(*cfg)
5555
if err != nil {
5656
return "", err
5757
}

pkg/oc/bootstrap/docker/openshift/helper.go

+5-5
Original file line numberDiff line numberDiff line change
@@ -703,9 +703,9 @@ func (h *Helper) updateConfig(configDir string, opt *StartOptions) error {
703703

704704
// turn on admission webhooks by default. They are no-ops until someone explicitly tries to configure one
705705
if cfg.AdmissionConfig.PluginConfig == nil {
706-
cfg.AdmissionConfig.PluginConfig = map[string]configapi.AdmissionPluginConfig{}
706+
cfg.AdmissionConfig.PluginConfig = map[string]*configapi.AdmissionPluginConfig{}
707707
}
708-
cfg.AdmissionConfig.PluginConfig["GenericAdmissionWebhook"] = configapi.AdmissionPluginConfig{
708+
cfg.AdmissionConfig.PluginConfig["GenericAdmissionWebhook"] = &configapi.AdmissionPluginConfig{
709709
Configuration: &configapi.DefaultAdmissionConfig{},
710710
}
711711

@@ -733,7 +733,7 @@ func (h *Helper) updateConfig(configDir string, opt *StartOptions) error {
733733
var buildDefaults *defaultsapi.BuildDefaultsConfig
734734
buildDefaultsConfig, ok := cfg.AdmissionConfig.PluginConfig[defaultsapi.BuildDefaultsPlugin]
735735
if !ok {
736-
buildDefaultsConfig = configapi.AdmissionPluginConfig{}
736+
buildDefaultsConfig = &configapi.AdmissionPluginConfig{}
737737
}
738738
if buildDefaultsConfig.Configuration != nil {
739739
buildDefaults = buildDefaultsConfig.Configuration.(*defaultsapi.BuildDefaultsConfig)
@@ -837,10 +837,10 @@ func (h *Helper) updateConfig(configDir string, opt *StartOptions) error {
837837
cfg.KubernetesMasterConfig.APIServerArguments["runtime-config"] = append(cfg.KubernetesMasterConfig.APIServerArguments["runtime-config"], "apis/settings.k8s.io/v1alpha1=true")
838838

839839
if cfg.AdmissionConfig.PluginConfig == nil {
840-
cfg.AdmissionConfig.PluginConfig = map[string]configapi.AdmissionPluginConfig{}
840+
cfg.AdmissionConfig.PluginConfig = map[string]*configapi.AdmissionPluginConfig{}
841841
}
842842

843-
cfg.AdmissionConfig.PluginConfig["PodPreset"] = configapi.AdmissionPluginConfig{
843+
cfg.AdmissionConfig.PluginConfig["PodPreset"] = &configapi.AdmissionPluginConfig{
844844
Configuration: &configapi.DefaultAdmissionConfig{Disable: false},
845845
}
846846

0 commit comments

Comments
 (0)