mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
154 lines
4.5 KiB
Go
154 lines
4.5 KiB
Go
package webhookconfig
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/nirmata/kyverno/pkg/config"
|
|
admregapi "k8s.io/api/admissionregistration/v1beta1"
|
|
"k8s.io/apimachinery/pkg/api/errors"
|
|
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
func (wrc *WebhookRegistrationClient) constructDebugMutatingWebhookConfig(caData []byte) *admregapi.MutatingWebhookConfiguration {
|
|
logger := wrc.log
|
|
url := fmt.Sprintf("https://%s%s", wrc.serverIP, config.MutatingWebhookServicePath)
|
|
logger.V(4).Info("Debug MutatingWebhookConfig registed", "url", url)
|
|
return &admregapi.MutatingWebhookConfiguration{
|
|
ObjectMeta: v1.ObjectMeta{
|
|
Name: config.MutatingWebhookConfigurationDebugName,
|
|
},
|
|
Webhooks: []admregapi.MutatingWebhook{
|
|
generateDebugMutatingWebhook(
|
|
config.MutatingWebhookName,
|
|
url,
|
|
caData,
|
|
true,
|
|
wrc.timeoutSeconds,
|
|
"*/*",
|
|
"*",
|
|
"*",
|
|
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
|
|
),
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wrc *WebhookRegistrationClient) constructMutatingWebhookConfig(caData []byte) *admregapi.MutatingWebhookConfiguration {
|
|
return &admregapi.MutatingWebhookConfiguration{
|
|
ObjectMeta: v1.ObjectMeta{
|
|
Name: config.MutatingWebhookConfigurationName,
|
|
OwnerReferences: []v1.OwnerReference{
|
|
wrc.constructOwner(),
|
|
},
|
|
},
|
|
Webhooks: []admregapi.MutatingWebhook{
|
|
generateMutatingWebhook(
|
|
config.MutatingWebhookName,
|
|
config.MutatingWebhookServicePath,
|
|
caData,
|
|
false,
|
|
wrc.timeoutSeconds,
|
|
"*/*",
|
|
"*",
|
|
"*",
|
|
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
|
|
),
|
|
},
|
|
}
|
|
}
|
|
|
|
//GetResourceMutatingWebhookConfigName provi
|
|
func (wrc *WebhookRegistrationClient) GetResourceMutatingWebhookConfigName() string {
|
|
if wrc.serverIP != "" {
|
|
return config.MutatingWebhookConfigurationDebugName
|
|
}
|
|
return config.MutatingWebhookConfigurationName
|
|
}
|
|
|
|
//RemoveResourceMutatingWebhookConfiguration removes mutating webhook configuration for all resources
|
|
func (wrc *WebhookRegistrationClient) RemoveResourceMutatingWebhookConfiguration() error {
|
|
configName := wrc.GetResourceMutatingWebhookConfigName()
|
|
logger := wrc.log.WithValues("kind", MutatingWebhookConfigurationKind, "name", configName)
|
|
// delete webhook configuration
|
|
err := wrc.client.DeleteResource(MutatingWebhookConfigurationKind, "", configName, false)
|
|
if errors.IsNotFound(err) {
|
|
logger.Error(err, "resource does not exit")
|
|
return nil
|
|
}
|
|
if err != nil {
|
|
logger.V(4).Info("failed to delete resource")
|
|
return err
|
|
}
|
|
logger.V(4).Info("deleted resource")
|
|
return nil
|
|
}
|
|
|
|
func (wrc *WebhookRegistrationClient) constructDebugValidatingWebhookConfig(caData []byte) *admregapi.ValidatingWebhookConfiguration {
|
|
url := fmt.Sprintf("https://%s%s", wrc.serverIP, config.ValidatingWebhookServicePath)
|
|
|
|
return &admregapi.ValidatingWebhookConfiguration{
|
|
ObjectMeta: v1.ObjectMeta{
|
|
Name: config.ValidatingWebhookConfigurationDebugName,
|
|
},
|
|
Webhooks: []admregapi.ValidatingWebhook{
|
|
generateDebugValidatingWebhook(
|
|
config.ValidatingWebhookName,
|
|
url,
|
|
caData,
|
|
true,
|
|
wrc.timeoutSeconds,
|
|
"*/*",
|
|
"*",
|
|
"*",
|
|
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
|
|
),
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wrc *WebhookRegistrationClient) constructValidatingWebhookConfig(caData []byte) *admregapi.ValidatingWebhookConfiguration {
|
|
return &admregapi.ValidatingWebhookConfiguration{
|
|
ObjectMeta: v1.ObjectMeta{
|
|
Name: config.ValidatingWebhookConfigurationName,
|
|
OwnerReferences: []v1.OwnerReference{
|
|
wrc.constructOwner(),
|
|
},
|
|
},
|
|
Webhooks: []admregapi.ValidatingWebhook{
|
|
generateValidatingWebhook(
|
|
config.ValidatingWebhookName,
|
|
config.ValidatingWebhookServicePath,
|
|
caData,
|
|
false,
|
|
wrc.timeoutSeconds,
|
|
"*/*",
|
|
"*",
|
|
"*",
|
|
[]admregapi.OperationType{admregapi.Create, admregapi.Update},
|
|
),
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wrc *WebhookRegistrationClient) GetResourceValidatingWebhookConfigName() string {
|
|
if wrc.serverIP != "" {
|
|
return config.ValidatingWebhookConfigurationDebugName
|
|
}
|
|
return config.ValidatingWebhookConfigurationName
|
|
}
|
|
|
|
func (wrc *WebhookRegistrationClient) RemoveResourceValidatingWebhookConfiguration() error {
|
|
configName := wrc.GetResourceValidatingWebhookConfigName()
|
|
logger := wrc.log.WithValues("kind", ValidatingWebhookConfigurationKind, "name", configName)
|
|
err := wrc.client.DeleteResource(ValidatingWebhookConfigurationKind, "", configName, false)
|
|
if errors.IsNotFound(err) {
|
|
logger.Error(err, "resource does not exist; deleted already")
|
|
return nil
|
|
}
|
|
if err != nil {
|
|
logger.Error(err, "failed to delete the resource")
|
|
return err
|
|
}
|
|
logger.Info("resource deleted")
|
|
return nil
|
|
}
|