Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gator cannot test DELETE operations #3059

Closed
skaven81 opened this issue Oct 11, 2023 · 2 comments · Fixed by #3079
Closed

Gator cannot test DELETE operations #3059

skaven81 opened this issue Oct 11, 2023 · 2 comments · Fixed by #3079
Assignees
@acpana
Labels
bug Something isn't working

Comments

@skaven81
Copy link

What steps did you take and what happened:
I created a test suite that includes an AdmissionReview object of type DELETE:

kind: AdmissionReview
apiVersion: admission.k8s.io/v1beta1
request:
  operation: "DELETE"
  object:
    apiVersion: v1
    kind: Pod
    metadata:
      name: delete
      namespace: default

When executing gator, when it encounters this test case, I get:

    --- FAIL: delete    (0.002s)
        oldObject is nil: For admission webhooks registered for DELETE operations, please use Kubernetes v1.15.0+.

There is no Kubernetes involved, so I suspect that Gator is just linking to an old version of the Kubernetes library that handles admission reviews.

What did you expect to happen:
It should be possible to create Gator test cases that simulate a DELETE operation

Environment:

  • Gator version: 3.12
@skaven81 skaven81 added the bug Something isn't working label Oct 11, 2023
@acpana
Copy link
Contributor

acpana commented Oct 13, 2023

hey @skaven81 thanks for filing this -- admittedly, the err message is not helpful! 🤦🏼

I can change that to indicate that the payload should be part of the oldObject field. So the test AdmissionReview should look like:

kind: AdmissionReview
apiVersion: admission.k8s.io/v1beta1
request:
  operation: "DELETE"
  oldObject:
    apiVersion: v1
    kind: Pod
    metadata:
      name: delete
      namespace: default

And the error message would say operation is DELETE but object is not nil.

I think that would be more helpful, right?

@acpana acpana self-assigned this Oct 13, 2023
@skaven81
Copy link
Author

I see! So gator actually does support testing DELETE operations, but I had a malformed admission review object.

Yes, I agree that a better error message would be great! And perhaps some examples on the Gatekeeper website showing how to construct tests with both AdmissionReview objects as well as concrete resources.

@acpana acpana mentioned this issue Oct 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@acpana acpana

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: examples, fix:improve gator err msg acpana/gatekeeper
2 participants
@skaven81 @acpana