func describerMap(c *client.Client, kclient kclient.Interface, host string) map[unversioned.GroupKind]kctl.Describer {
m := map[unversioned.GroupKind]kctl.Describer{
buildapi.Kind("Build"): &BuildDescriber{c, kclient},
buildapi.Kind("BuildConfig"): &BuildConfigDescriber{c, host},
deployapi.Kind("DeploymentConfig"): &DeploymentConfigDescriber{c, kclient, nil},
authorizationapi.Kind("Identity"): &IdentityDescriber{c},
imageapi.Kind("Image"): &ImageDescriber{c},
imageapi.Kind("ImageStream"): &ImageStreamDescriber{c},
imageapi.Kind("ImageStreamTag"): &ImageStreamTagDescriber{c},
imageapi.Kind("ImageStreamImage"): &ImageStreamImageDescriber{c},
routeapi.Kind("Route"): &RouteDescriber{c, kclient},
projectapi.Kind("Project"): &ProjectDescriber{c, kclient},
templateapi.Kind("Template"): &TemplateDescriber{c, meta.NewAccessor(), kapi.Scheme, nil},
authorizationapi.Kind("Policy"): &PolicyDescriber{c},
authorizationapi.Kind("PolicyBinding"): &PolicyBindingDescriber{c},
authorizationapi.Kind("RoleBinding"): &RoleBindingDescriber{c},
authorizationapi.Kind("Role"): &RoleDescriber{c},
authorizationapi.Kind("ClusterPolicy"): &ClusterPolicyDescriber{c},
authorizationapi.Kind("ClusterPolicyBinding"): &ClusterPolicyBindingDescriber{c},
authorizationapi.Kind("ClusterRoleBinding"): &ClusterRoleBindingDescriber{c},
authorizationapi.Kind("ClusterRole"): &ClusterRoleDescriber{c},
oauthapi.Kind("OAuthAccessToken"): &OAuthAccessTokenDescriber{c},
userapi.Kind("User"): &UserDescriber{c},
userapi.Kind("Group"): &GroupDescriber{c.Groups()},
userapi.Kind("UserIdentityMapping"): &UserIdentityMappingDescriber{c},
quotaapi.Kind("ClusterResourceQuota"): &ClusterQuotaDescriber{c},
quotaapi.Kind("AppliedClusterResourceQuota"): &AppliedClusterQuotaDescriber{c},
}
return m
}
func (s *REST) Update(ctx kapi.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
oldObj, err := s.Get(ctx, name)
if err != nil {
return nil, false, err
}
obj, err := objInfo.UpdatedObject(ctx, oldObj)
if err != nil {
return nil, false, err
}
project, ok := obj.(*api.Project)
if !ok {
return nil, false, fmt.Errorf("not a project: %#v", obj)
}
s.updateStrategy.PrepareForUpdate(obj, oldObj)
if errs := s.updateStrategy.ValidateUpdate(ctx, obj, oldObj); len(errs) > 0 {
return nil, false, kerrors.NewInvalid(projectapi.Kind("Project"), project.Name, errs)
}
namespace, err := s.client.Update(projectutil.ConvertProject(project))
if err != nil {
return nil, false, err
}
return projectutil.ConvertNamespace(namespace), false, nil
}
// Create registers the given Project.
func (s *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
project, ok := obj.(*api.Project)
if !ok {
return nil, fmt.Errorf("not a project: %#v", obj)
}
kapi.FillObjectMetaSystemFields(ctx, &project.ObjectMeta)
s.createStrategy.PrepareForCreate(obj)
if errs := s.createStrategy.Validate(ctx, obj); len(errs) > 0 {
return nil, kerrors.NewInvalid(projectapi.Kind("Project"), project.Name, errs)
}
namespace, err := s.client.Create(convertProject(project))
if err != nil {
return nil, err
}
return convertNamespace(namespace), nil
}
func TestAdmit(t *testing.T) {
tests := []struct {
config *requestlimitapi.ProjectRequestLimitConfig
user string
expectForbidden bool
}{
{
config: multiLevelConfig(),
user: "******",
},
{
config: multiLevelConfig(),
user: "******",
expectForbidden: true,
},
{
config: multiLevelConfig(),
user: "******",
},
{
config: multiLevelConfig(),
user: "******",
expectForbidden: true,
},
{
config: emptyConfig(),
user: "******",
},
{
config: singleDefaultConfig(),
user: "******",
expectForbidden: true,
},
{
config: singleDefaultConfig(),
user: "******",
},
{
config: nil,
user: "******",
},
}
for _, tc := range tests {
pCache := fakeProjectCache(map[string]projectCount{
"user1": {0, 1},
"user2": {2, 2},
"user3": {5, 3},
"user4": {1, 0},
})
client := &testclient.Fake{}
client.AddReactor("get", "users", userFn(map[string]labels.Set{
"user2": {"bronze": "yes"},
"user3": {"platinum": "yes"},
"user4": {"unknown": "yes"},
}))
reqLimit, err := NewProjectRequestLimit(tc.config)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
reqLimit.(oadmission.WantsOpenshiftClient).SetOpenshiftClient(client)
reqLimit.(oadmission.WantsProjectCache).SetProjectCache(pCache)
if err = reqLimit.(oadmission.Validator).Validate(); err != nil {
t.Fatalf("validation error: %v", err)
}
err = reqLimit.Admit(admission.NewAttributesRecord(
&projectapi.ProjectRequest{},
nil,
projectapi.Kind("ProjectRequest").WithVersion("version"),
"foo",
"name",
projectapi.Resource("projectrequests").WithVersion("version"),
"",
"CREATE",
&user.DefaultInfo{Name: tc.user}))
if err != nil && !tc.expectForbidden {
t.Errorf("Got unexpected error for user %s: %v", tc.user, err)
continue
}
if !apierrors.IsForbidden(err) && tc.expectForbidden {
t.Errorf("Expecting forbidden error for user %s and config %#v. Got: %v", tc.user, tc.config, err)
}
}
}
