diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index edee6441..d67ba357 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -38,7 +38,7 @@ func getEnvOrDefault(key, defaultValue string) string { func main() { serviceName := getEnvOrDefault("WEBHOOK_SERVICE_NAME", "manual-approval-webhook") secretName := getEnvOrDefault("WEBHOOK_SECRET_NAME", "manual-approval-gate-webhook-certs") - webhookName := getEnvOrDefault("WEBHOOK_ADMISSION_CONTROLLER_NAME", "webhook.manual.approval.dev") + webhookName := getEnvOrDefault("WEBHOOK_ADMISSION_CONTROLLER_NAME", "validation.webhook.manual-approval.openshift-pipelines.org") systemNamespace := os.Getenv("SYSTEM_NAMESPACE") // Scope informers to the webhook's namespace instead of cluster-wide diff --git a/config/kubernetes/201-clusterrole.yaml b/config/kubernetes/201-clusterrole.yaml index e49c726a..dab9c29a 100644 --- a/config/kubernetes/201-clusterrole.yaml +++ b/config/kubernetes/201-clusterrole.yaml @@ -89,7 +89,7 @@ rules: - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] # validation.webhook.approvaltask.openshift.org performs schema validation when you, for example, create TaskLoops. - resourceNames: ["webhook.manual.approval.dev"] + resourceNames: ["validation.webhook.manual-approval.openshift-pipelines.org"] # When there are changes to the configs or secrets, knative updates the validatingwebhook config # with the updated certificates or the refreshed set of rules. verbs: ["get", "list", "update", "patch", "watch"] diff --git a/config/kubernetes/400-webhook-controller.yaml b/config/kubernetes/400-webhook-controller.yaml index c3ee8d4e..3edc39f6 100644 --- a/config/kubernetes/400-webhook-controller.yaml +++ b/config/kubernetes/400-webhook-controller.yaml @@ -23,7 +23,7 @@ metadata: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: webhook.manual.approval.dev + name: validation.webhook.manual-approval.openshift-pipelines.org webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -32,7 +32,7 @@ webhooks: namespace: tekton-pipelines failurePolicy: Fail sideEffects: None - name: webhook.manual.approval.dev + name: validation.webhook.manual-approval.openshift-pipelines.org --- diff --git a/config/openshift/201-clusterrole.yaml b/config/openshift/201-clusterrole.yaml index a79fb30a..15e20970 100644 --- a/config/openshift/201-clusterrole.yaml +++ b/config/openshift/201-clusterrole.yaml @@ -90,7 +90,7 @@ rules: - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] # validation.webhook.approvaltask.openshift.org performs schema validation when you, for example, create TaskLoops. - resourceNames: ["webhook.manual.approval.dev"] + resourceNames: ["validation.webhook.manual-approval.openshift-pipelines.org"] # When there are changes to the configs or secrets, knative updates the validatingwebhook config # with the updated certificates or the refreshed set of rules. verbs: ["get", "list", "update", "patch", "watch", "delete", "create"] diff --git a/config/openshift/400-webhook-controller.yaml b/config/openshift/400-webhook-controller.yaml index fe073144..8458cf93 100644 --- a/config/openshift/400-webhook-controller.yaml +++ b/config/openshift/400-webhook-controller.yaml @@ -23,7 +23,7 @@ metadata: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: webhook.manual.approval.dev + name: validation.webhook.manual-approval.openshift-pipelines.org webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -32,7 +32,7 @@ webhooks: namespace: openshift-pipelines failurePolicy: Fail sideEffects: None - name: webhook.manual.approval.dev + name: validation.webhook.manual-approval.openshift-pipelines.org --- diff --git a/test/e2e_test.go b/test/e2e_test.go index 3a7b349f..34391d3c 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -296,7 +296,7 @@ func TestValidateUserUpdateOwnApprovalStatus(t *testing.T) { _, err = clients.ApprovalTaskClient.ApprovalTasks("default").Patch(context.TODO(), cr.GetName(), types.MergePatchType, patch, metav1.PatchOptions{}) - errMsg := `admission webhook "webhook.manual.approval.dev" denied the request: User can only update their own approval input` + errMsg := `admission webhook "validation.webhook.manual-approval.openshift-pipelines.org" denied the request: User can only update their own approval input` assert.Equal(t, errMsg, err.Error()) }) } @@ -369,7 +369,7 @@ func TestValidateUserDoesNotExists(t *testing.T) { _, err = clients.ApprovalTaskClient.ApprovalTasks("default").Patch(context.TODO(), cr.GetName(), types.MergePatchType, patch, metav1.PatchOptions{}) - errMsg := `admission webhook "webhook.manual.approval.dev" denied the request: User does not exist in the in the approval list` + errMsg := `admission webhook "validation.webhook.manual-approval.openshift-pipelines.org" denied the request: User does not exist in the in the approval list` assert.Equal(t, errMsg, err.Error()) }) } @@ -481,7 +481,7 @@ func TestValidateApprovalTaskHasReachedFinalState(t *testing.T) { } _, err = clients.ApprovalTaskClient.ApprovalTasks("default").Patch(context.TODO(), cr.GetName(), types.MergePatchType, patch, metav1.PatchOptions{}) - errMsg := `admission webhook "webhook.manual.approval.dev" denied the request: ApprovalTask has already reached it's final state` + errMsg := `admission webhook "validation.webhook.manual-approval.openshift-pipelines.org" denied the request: ApprovalTask has already reached it's final state` assert.Equal(t, errMsg, err.Error()) }) }