NK-31: Refactoring

2025-03-29 10:55:05 +00:00 · 2019-03-21 18:14:26 +02:00 · 2019-03-21 18:14:26 +02:00 · 6662988124
commit 6662988124
parent 0ef675f3c1 c662f1c9db
5 changed files with 57 additions and 41 deletions
--- a/config/config.go
+++ b/config/config.go
@ -0,0 +1,17 @@
+package config
+
+const (
+	// These constants MUST be equal to the corresponding names in service definition in definitions/install.yaml
+	WebhookServiceNamespace = "kube-system"
+	WebhookServiceName = "kube-policy-svc"
+
+	WebhookConfigName = "nirmata-kube-policy-webhook-cfg"
+	MutationWebhookName = "webhook.nirmata.kube-policy"
+)
+
+var (
+	WebhookServicePath = "/mutate"
+	WebhookConfigLabels = map[string]string {
+		"app": "kube-policy",
+	}
+)
--- a/init.go
+++ b/init.go
@ -5,8 +5,8 @@ import (
 	"log"
 	"net/url"

+	"github.com/nirmata/kube-policy/config"
 	"github.com/nirmata/kube-policy/kubeclient"
-	"github.com/nirmata/kube-policy/constants"
 	"github.com/nirmata/kube-policy/utils"

 	rest "k8s.io/client-go/rest"
@ -48,14 +48,14 @@ func readTlsPairFromFiles(certFile, keyFile string) *utils.TlsPemPair {

 // Loads or creates PEM private key and TLS certificate for webhook server
 // Returns struct with key/certificate pair
-func initTlsPemsPair(config *rest.Config, client *kubeclient.KubeClient) (*utils.TlsPemPair, error) {
-	apiServerUrl, err := url.Parse(config.Host)
+func initTlsPemsPair(configuration *rest.Config, client *kubeclient.KubeClient) (*utils.TlsPemPair, error) {
+	apiServerUrl, err := url.Parse(configuration.Host)
 	if err != nil {
 		return nil, err
 	}
 	certProps := utils.TlsCertificateProps{
-		Service:       constants.WebhookServiceName,
-		Namespace:     constants.WebhookServiceNamespace,
+		Service:       config.WebhookServiceName,
+		Namespace:     config.WebhookServiceNamespace,
 		ApiServerHost: apiServerUrl.Hostname(),
 	}

--- a/main.go
+++ b/main.go
@ -64,8 +64,7 @@ func main() {
 	controller.Run(stopCh)

 	if err != nil {
-		log.Fatalf("Error running PolicyController! Error: %s\n", err)
-		return
+		log.Fatalf("Error running PolicyController: %s\n", err)
 	}

 	log.Println("Policy Controller has started")
--- a/server/server.go
+++ b/server/server.go
@ -12,11 +12,11 @@ import (
 	"os"
 	"time"

+	"github.com/nirmata/kube-policy/config"
 	"github.com/nirmata/kube-policy/controller"
 	"github.com/nirmata/kube-policy/kubeclient"
-	"github.com/nirmata/kube-policy/constants"
-	"github.com/nirmata/kube-policy/webhooks"
 	"github.com/nirmata/kube-policy/utils"
+	"github.com/nirmata/kube-policy/webhooks"

 	v1beta1 "k8s.io/api/admission/v1beta1"
 )
@ -40,23 +40,23 @@ type WebhookServerConfig struct {

 // NewWebhookServer creates new instance of WebhookServer accordingly to given configuration
 // Policy Controller and Kubernetes Client should be initialized in configuration
-func NewWebhookServer(config WebhookServerConfig, logger *log.Logger) (*WebhookServer, error) {
+func NewWebhookServer(configuration WebhookServerConfig, logger *log.Logger) (*WebhookServer, error) {
 	if logger == nil {
 		logger = log.New(os.Stdout, "HTTPS Server: ", log.LstdFlags|log.Lshortfile)
 	}

-	if config.TlsPemPair == nil || config.Controller == nil || config.Kubeclient == nil {
+	if configuration.TlsPemPair == nil || configuration.Controller == nil || configuration.Kubeclient == nil {
 		return nil, errors.New("WebhookServerConfig is not initialized properly")
 	}

 	var tlsConfig tls.Config
-	pair, err := tls.X509KeyPair(config.TlsPemPair.Certificate, config.TlsPemPair.PrivateKey)
+	pair, err := tls.X509KeyPair(configuration.TlsPemPair.Certificate, configuration.TlsPemPair.PrivateKey)
 	if err != nil {
 		return nil, err
 	}
 	tlsConfig.Certificates = []tls.Certificate{pair}

-	mw, err := webhooks.NewMutationWebhook(config.Kubeclient, config.Controller, logger)
+	mw, err := webhooks.NewMutationWebhook(configuration.Kubeclient, configuration.Controller, logger)
 	if err != nil {
 		return nil, err
 	}
@ -67,7 +67,7 @@ func NewWebhookServer(config WebhookServerConfig, logger *log.Logger) (*WebhookS
 	}

 	mux := http.NewServeMux()
-	mux.HandleFunc(constants.WebhookServicePath, ws.serve)
+	mux.HandleFunc(config.WebhookServicePath, ws.serve)

 	ws.server = http.Server{
 		Addr:         ":443", // Listen on port for HTTPS requests
@ -83,7 +83,7 @@ func NewWebhookServer(config WebhookServerConfig, logger *log.Logger) (*WebhookS

 // Main server endpoint for all requests
 func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
-	if r.URL.Path == constants.WebhookServicePath {
+	if r.URL.Path == config.WebhookServicePath {
 		admissionReview := ws.parseAdmissionReview(r, w)
 		if admissionReview == nil {
 			return
--- a/webhooks/registration.go
+++ b/webhooks/registration.go
@ -3,12 +3,12 @@ package webhooks
 import (
 	"io/ioutil"

-	"github.com/nirmata/kube-policy/constants"
+	"github.com/nirmata/kube-policy/config"

-	rest "k8s.io/client-go/rest"
-	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	adm "k8s.io/api/admissionregistration/v1beta1"
+	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	admreg "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1"
+	rest "k8s.io/client-go/rest"
 )

 func RegisterMutationWebhook(config *rest.Config) error {
@ -25,36 +25,36 @@ func RegisterMutationWebhook(config *rest.Config) error {
 	return nil
 }

-func constructWebhookConfig(config *rest.Config) *adm.MutatingWebhookConfiguration {
-	return &adm.MutatingWebhookConfiguration {
-		ObjectMeta: meta.ObjectMeta {
-			Name: constants.WebhookConfigName,
-			Labels: constants.WebhookConfigLabels,
+func constructWebhookConfig(configuration *rest.Config) *adm.MutatingWebhookConfiguration {
+	return &adm.MutatingWebhookConfiguration{
+		ObjectMeta: meta.ObjectMeta{
+			Name:   config.WebhookConfigName,
+			Labels: config.WebhookConfigLabels,
 		},
-		Webhooks: []adm.Webhook {
-			adm.Webhook {
-				Name: constants.MutationWebhookName,
-				ClientConfig: adm.WebhookClientConfig {
-					Service: &adm.ServiceReference {
-						Namespace: constants.WebhookServiceNamespace,
-						Name: constants.WebhookServiceName,
-						Path: &constants.WebhookServicePath,
+		Webhooks: []adm.Webhook{
+			adm.Webhook{
+				Name: config.MutationWebhookName,
+				ClientConfig: adm.WebhookClientConfig{
+					Service: &adm.ServiceReference{
+						Namespace: config.WebhookServiceNamespace,
+						Name:      config.WebhookServiceName,
+						Path:      &config.WebhookServicePath,
 					},
-					CABundle: ExtractCA(config),
+					CABundle: ExtractCA(configuration),
 				},
-				Rules: []adm.RuleWithOperations {
-					adm.RuleWithOperations {
-						Operations: []adm.OperationType {
+				Rules: []adm.RuleWithOperations{
+					adm.RuleWithOperations{
+						Operations: []adm.OperationType{
 							adm.Create,
 						},
-						Rule: adm.Rule {
-							APIGroups: []string {
+						Rule: adm.Rule{
+							APIGroups: []string{
 								"*",
 							},
-							APIVersions: []string {
+							APIVersions: []string{
 								"*",
 							},
-							Resources: []string {
+							Resources: []string{
 								"*/*",
 							},
 						},
@ -70,7 +70,7 @@ func ExtractCA(config *rest.Config) (result []byte) {

 	if fileName != "" {
 		result, err := ioutil.ReadFile(fileName)
-		
+
 		if err != nil {
 			return nil
 		}
@ -79,4 +79,4 @@ func ExtractCA(config *rest.Config) (result []byte) {
 	} else {
 		return config.TLSClientConfig.CAData
 	}
-}
+}