webhook

package
v2.12.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2025 License: Apache-2.0 Imports: 46 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyBlockType = "PRIVATE KEY"
	// PublicKeyBlockType is a possible value for pem.Block.Type.
	PublicKeyBlockType = "PUBLIC KEY"
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
)
View Source 
const (

	// AdmissionNameEnvVar is the constant for env variable ADMISSION_WEBHOOK_NAME
	// which is the name of the current admission webhook
	AdmissionNameEnvVar = "ADMISSION_WEBHOOK_NAME"
)

Variables

View Source 
var (

	// Ignore means that an error calling the webhook is ignored.
	Ignore = v1.Ignore
	// Fail means that an error calling the webhook causes the admission to fail.
	Fail = v1.Fail
	// SideEffectClassNone means that calling the webhook will have no side effects.
	SideEffectClassNone = v1.SideEffectClassNone
	// WebhookFailurePolicye represents failure policy env name to make it configurable
	// via ENV
	WebhookFailurePolicy = "ADMISSION_WEBHOOK_FAILURE_POLICY"
)
View Source 
var DefaultEllipticCurve = elliptic.P256()

DefaultEllipticCurve specifies the default elliptic curve to be used for key generation

Functions

func EncodeCertPEM 

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data

func EncodePrivateKeyPEM 

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data

func GetAdmissionName 

func GetAdmissionName() (string, error)

GetAdmissionName return the admission server name

func GetAdmissionReference 

func GetAdmissionReference() (*metav1.OwnerReference, error)

GetAdmissionReference is a utility function to fetch a reference to the admission webhook deployment object

func GetSecret 

func GetSecret(
	namespace string,
	secretName string,
) (*corev1.Secret, error)

GetSecret fetches the secret resource in the given namespace.

func GetValidatorWebhook 

func GetValidatorWebhook(
	validator string,
) (*v1.ValidatingWebhookConfiguration, error)

GetValidatorWebhook fetches the webhook validator resource in Openebs namespace.

func InitValidationServer 

func InitValidationServer(
	ownerReference metav1.OwnerReference,
) error

InitValidationServer creates secret, service and admission validation k8s resources. All these resources are created in the same namespace where openebs components is running.

func New 

func New(p Parameters, kubeClient kubernetes.Interface,
	openebsClient clientset.Interface,
	snapClient snapclient.Interface,
	ndmClient ndmclientset.Interface) (
	*webhook, error)

New creates a new instance of a webhook. Prior to invoking this function, InitValidationServer function must be called to set up secret (for TLS certs) k8s resource. This function runs forever.

func NewSignedCert 

func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func StrPtr 

func StrPtr(s string) *string

StrPtr convert a string to a pointer

Types

type AdmissionResponse 

type AdmissionResponse struct {
	AR *v1.AdmissionResponse
}

AdmissionResponse embeds K8S admission response API.

func BuildForAPIObject 

func BuildForAPIObject(ar *v1.AdmissionResponse) *AdmissionResponse

BuildForAPIObject builds for api admission response object.

func NewAdmissionResponse 

func NewAdmissionResponse() *AdmissionResponse

NewAdmissionResponse returns an empty instance of AdmissionResponse.

func (*AdmissionResponse) SetAllowed 

func (ar *AdmissionResponse) SetAllowed() *AdmissionResponse

SetAllowed sets allowed to true.

func (*AdmissionResponse) UnSetAllowed 

func (ar *AdmissionResponse) UnSetAllowed() *AdmissionResponse

UnSetAllowed sets allowed to false.

func (*AdmissionResponse) WithResultAsFailure 

func (ar *AdmissionResponse) WithResultAsFailure(err error, code int32) *AdmissionResponse

WithResultAsFailure sets failure result.

func (*AdmissionResponse) WithResultAsSuccess 

func (ar *AdmissionResponse) WithResultAsSuccess(code int32) *AdmissionResponse

WithResultAsSuccess sets success result.

type KeyPair 

type KeyPair struct {
	Key  *rsa.PrivateKey
	Cert *x509.Certificate
}

KeyPair ...

func NewCA 

func NewCA(name string) (*KeyPair, error)

NewCA ...

func NewClientKeyPair 

func NewClientKeyPair(ca *KeyPair, commonName string, organizations []string) (*KeyPair, error)

NewClientKeyPair ...

func NewServerKeyPair 

func NewServerKeyPair(ca *KeyPair, commonName, svcName, svcNamespace, dnsDomain string, ips, hostnames []string) (*KeyPair, error)

NewServerKeyPair ...

type Parameters 

type Parameters struct {
	// Port is webhook server port
	Port int
	//CertFile is path to the x509 certificate for https
	CertFile string
	//KeyFile is path to the x509 private key matching `CertFile`
	KeyFile string
}

Parameters are server configures parameters

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.