Fix webhook bug and add test

Update cryptography to 3.2
intel · Dec 18, 2020 · 3c46d97 · 3c46d97
1 parent 7ce9ae9
commit 3c46d97
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 1 deletion.
diff --git a/intel/webhook.py b/intel/webhook.py
@@ -154,13 +154,16 @@ def mutate(admission_review, mutations_file):
 
         # apply mutation to containers
         for i in range(len(pod['spec']['containers'])):
+            # Need to reload mutations as they were geting changed
+            mutations = load_mutations(mutations_file)
             container = pod['spec']['containers'][i]
 
             pod['spec']['containers'][i] = apply_mutation(container, mutations)
 
         # apply mutation to initContainers which may not exist
         try:
             for i in range(len(pod['spec']['initContainers'])):
+                mutations = load_mutations(mutations_file)
                 container = pod['spec']['initContainers'][i]
 
                 pod['spec']['initContainers'][i] = \

diff --git a/requirements.txt b/requirements.txt
@@ -8,7 +8,7 @@ urllib3==1.25.9
 pytest<=3.3.2
 pytest-cov>=2.4.0, <2.6.1
 coverage<=4.5.4
-cryptography==3.1.1
+cryptography==3.2
 yamlreader==3.0.4
 pluggy>=0.5, <0.7
 packaging==17.1

diff --git a/tests/unit/test_webhook.py b/tests/unit/test_webhook.py
@@ -2,6 +2,8 @@
 import pytest
 import os
 from yamlreader import YamlReaderError
+import json
+import base64
 
 from intel import webhook, util
 
@@ -36,6 +38,20 @@ def get_cmk_container2():
     return fake_cmk_container
 
 
+def get_cmk_container3():
+    fake_cmk_container = {
+        "resources": {
+            "requests": {
+                webhook.CMK_ER_NAME[0]: "1"
+            },
+            "limits": {
+                webhook.CMK_ER_NAME[0]: "1"
+            },
+        }
+    }
+    return fake_cmk_container
+
+
 def get_admission_review():
     admission_review = {
         "request": {
@@ -236,3 +252,28 @@ def test_webhook_mutate_container_merge_fail(caplog):
                MagicMock(side_effect=[None, YamlReaderError])):
         with pytest.raises(webhook.MutationError):
             webhook.mutate(ar, conf_file)
+
+
+def test_webhook_mutate_success_core_number_mismatch():
+    conf_file = os.path.join(util.cmk_root(), "tests", "data",
+                             "webhook", MUTATIONS_YAML)
+
+    ar = get_admission_review()
+    ar['request']['object']['spec'] = {
+        "containers": [get_cmk_container3(), get_cmk_container()]
+    }
+
+    request_uid = ar['request']['uid']
+    webhook.mutate(ar, conf_file)
+
+    assert "response" in ar
+    assert "request" not in ar
+    assert ar['response']['uid'] == request_uid
+    assert ar['response']['allowed']
+    assert "patch" in ar['response']
+
+    patch = json.loads(base64.b64decode(ar['response']['patch']))
+    containers = patch[1]['value']['containers']
+    assert len(containers) == 2
+    assert containers[0]['env'][1]['value'] == "1"
+    assert containers[1]['env'][1]['value'] == "2"