kyverno/webhooks/registration.go

package webhooks

import (
	"io/ioutil"

	"github.com/nirmata/kube-policy/constants"

	rest "k8s.io/client-go/rest"
	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
	adm "k8s.io/api/admissionregistration/v1beta1"
	admreg "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1"
)

func RegisterMutationWebhook(config *rest.Config) error {
	registrationClient, err := admreg.NewForConfig(config)
	if err != nil {
		return err
	}

	_, err = registrationClient.MutatingWebhookConfigurations().Create(constructWebhookConfig(config))
	if err != nil {
		return err
	}

	return nil
}

func constructWebhookConfig(config *rest.Config) *adm.MutatingWebhookConfiguration {
	return &adm.MutatingWebhookConfiguration {
		ObjectMeta: meta.ObjectMeta {
			Name: constants.WebhookConfigName,
			Labels: constants.WebhookConfigLabels,
		},
		Webhooks: []adm.Webhook {
			adm.Webhook {
				Name: constants.MutationWebhookName,
				ClientConfig: adm.WebhookClientConfig {
					Service: &adm.ServiceReference {
						Namespace: constants.WebhookServiceNamespace,
						Name: constants.WebhookServiceName,
						Path: &constants.WebhookServicePath,
					},
					CABundle: ExtractCA(config),
				},
				Rules: []adm.RuleWithOperations {
					adm.RuleWithOperations {
						Operations: []adm.OperationType {
							adm.Create,
						},
						Rule: adm.Rule {
							APIGroups: []string {
								"*",
							},
							APIVersions: []string {
								"*",
							},
							Resources: []string {
								"*/*",
							},
						},
					},
				},
			},
		},
	}
}

func ExtractCA(config *rest.Config) (result []byte) {
	fileName := config.TLSClientConfig.CAFile

	if fileName != "" {
		result, err := ioutil.ReadFile(fileName)
		
		if err != nil {
			return nil
		}

		return result
	} else {
		return config.TLSClientConfig.CAData
	}
}
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`package webhooks`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`import (`
			`"io/ioutil"`

NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`"github.com/nirmata/kube-policy/constants"`

NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`rest "k8s.io/client-go/rest"`
			`meta "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`adm "k8s.io/api/admissionregistration/v1beta1"`
			`admreg "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1"`
			`)`

NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`func RegisterMutationWebhook(config *rest.Config) error {`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`registrationClient, err := admreg.NewForConfig(config)`
			`if err != nil {`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`return err`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`}`

NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`_, err = registrationClient.MutatingWebhookConfigurations().Create(constructWebhookConfig(config))`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`if err != nil {`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`return err`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`}`

NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`return nil`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`}`

			`func constructWebhookConfig(config rest.Config) adm.MutatingWebhookConfiguration {`
			`return &adm.MutatingWebhookConfiguration {`
			`ObjectMeta: meta.ObjectMeta {`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`Name: constants.WebhookConfigName,`
			`Labels: constants.WebhookConfigLabels,`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`},`
			`Webhooks: []adm.Webhook {`
			`adm.Webhook {`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`Name: constants.MutationWebhookName,`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`ClientConfig: adm.WebhookClientConfig {`
NK-31: Fixed indentation 2019-03-21 16:56:03 +02:00			`Service: &adm.ServiceReference {`
NK-31: Put constants in separate file. Updated install.yaml definition to create Service and DaemonSet. Fixed bug with webhook registration. 2019-03-21 15:57:30 +02:00			`Namespace: constants.WebhookServiceNamespace,`
			`Name: constants.WebhookServiceName,`
			`Path: &constants.WebhookServicePath,`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`},`
NK-31: Added tests for CA extraction from clientset 2019-03-20 12:37:05 +02:00			`CABundle: ExtractCA(config),`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`},`
			`Rules: []adm.RuleWithOperations {`
			`adm.RuleWithOperations {`
			`Operations: []adm.OperationType {`
			`adm.Create,`
			`},`
			`Rule: adm.Rule {`
			`APIGroups: []string {`
			`"*",`
			`},`
			`APIVersions: []string {`
			`"*",`
			`},`
			`Resources: []string {`
			`"/",`
			`},`
			`},`
			`},`
			`},`
			`},`
			`},`
			`}`
			`}`

NK-31: Added tests for CA extraction from clientset 2019-03-20 12:37:05 +02:00			`func ExtractCA(config *rest.Config) (result []byte) {`
			`fileName := config.TLSClientConfig.CAFile`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00
NK-31: Fixed indentation 2019-03-21 16:56:03 +02:00			`if fileName != "" {`
NK-31: Added tests for CA extraction from clientset 2019-03-20 12:37:05 +02:00			`result, err := ioutil.ReadFile(fileName)`

NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`if err != nil {`
			`return nil`
			`}`

NK-31: Added tests for CA extraction from clientset 2019-03-20 12:37:05 +02:00			`return result`
			`} else {`
			`return config.TLSClientConfig.CAData`
NK-31: Implemented webhook registration logic. 2019-03-19 21:32:31 +02:00			`}`
			`}`