Apiserversource webhook test

[aliok]

Part of #4921

Proposed Changes

• 🧹 Add a test that makes sure webhook kicks in to validate ApiServerSource updates

Pre-review Checklist

• At least 80% unit test coverage
• E2E tests for any new behavior
• Docs PR for any user-facing impact
• Spec PR for any new API feature
• Conformance test for any change to the spec

Release Note

Docs

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from aliok after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• test/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Merging #5327 (adb332e) into main (c2d6649) will decrease coverage by 0.59%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #5327      +/-   ##
==========================================
- Coverage   82.95%   82.36%   -0.60%     
==========================================
  Files         211      189      -22     
  Lines        6291     5902     -389     
==========================================
- Hits         5219     4861     -358     
+ Misses        742      720      -22     
+ Partials      330      321       -9     

Impacted Files	Coverage Δ
pkg/apis/sources/v1beta1/apiserver_conversion.go
pkg/apis/sources/v1beta1/sinkbinding_lifecycle.go
pkg/apis/sources/v1beta1/apiserver_types.go
pkg/apis/sources/v1beta1/container_lifecycle.go
pkg/apis/sources/v1beta1/ping_lifecycle.go
pkg/apis/sources/v1beta1/ping_validation.go
pkg/apis/sources/v1beta1/sinkbinding_defaults.go
pkg/apis/sources/v1beta1/apiserver_lifecycle.go
pkg/apis/sources/v1beta1/apiserver_validation.go
pkg/apis/sources/v1beta1/container_types.go
... and 12 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c2d6649...adb332e. Read the comment docs.

[aliok]

@vaikas Following up on #5304

I've added a test for ApiServerSource to make sure webhook is triggered and it does the validation correctly.
It doesn't do the entire validation checks for ApiServerSource. There's only 1 case that checks webhook rejects invalid spec. I guess that serves our purpose with the original problem: making sure webhook validation is configured correctly.

I didn't want to go beyond this point w/o checking with you first.

I wrote the test as if it is a conformance test but there is no spec for ApiServerSource in https://github.com/knative/specs/tree/main/specs/eventing. I see there's a task for that here: #4933.
I would rather do this same PR for other resources instead of the context switch to writing a spec. So, let's solve all the problems in this PR and I can write tests that check webhook validation configuration for other resources.

Question: The tests in apiserversource_validation_test.go checks all the validations. Should we retest these rules in the conformance tests?

[vaikas]

Thanks! Couple of tiny things since still in wip mode :)

[vaikas]

I wonder if above this we might want to make the comment about namespace being not used? Or above where you skipped it? Cause here when you create it with this namespace, it might not be clear to the user why L136 is not sinknamespace?

[aliok]

Actually, the namespace shouldn't be skipped here as ApiServerSource allows cross namespace sink. I was think it doesn't. So, I will cancel the skipping and also fix the test code.

[aliok]

I pushed a commit for not skipping the namespace.

[aliok]

I didn't want to add these for now in order not to waste time and focus on getting feedback on the general idea of the PR.

Would we ever need these? Happy to add code that handles these too, if necessary.

[aliok]

I wanted to extend and reuse the existing account_role here.
In the future if we need to add more functionality to this template, I would create a separate template; but it is manageable for now.

[n3wscott]

I would expect the source to have an install step or have the name of the resource passed in but I am not seeing either.

[n3wscott]

this will race with the update, likely you will test IsReady before the reconciler acts on the above Update and never see the resource go unready and then ready again.

[n3wscott]

this test does not seem to test what the spec is saying. The test confirms we can set the value, but the conformance line is talking about the shape of the event payload I believe, so your test will need to get more involved and see the event on the data plane side.

[n3wscott]

If you look at the broker/channel changes we found that this pattern of combining Install with GoesReady was not idea for test composition (my bad). I would recommend this being split into two methods: GoesReady which tests that the thing you pass is does go ready (and we have some helpers for that. and Install which installs the ApiServerSource resource.

[n3wscott]

👍 I like this testing pattern

[aliok]

/close

I will close this one. I will write a separate test that checks the webhook configuration.

[knative-prow-robot]

@aliok: Closed this PR.

In response to this:

/close

I will close this one. I will write a separate test that checks the webhook configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.