The highest tagged major version is v3.

admission

package

v2.10.1 Latest Latest Go to latest Published: Jun 27, 2023 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kong/kubernetes-ingress-controller

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func MakeTLSServer(ctx context.Context, config *ServerConfig, handler http.Handler, ...) (*http.Server, error)
type AdminAPIServicesProvider
type DefaultAdminAPIServicesProvider
- func NewDefaultAdminAPIServicesProvider(gatewaysProvider GatewayClientsProvider) *DefaultAdminAPIServicesProvider
- func (p DefaultAdminAPIServicesProvider) GetConsumersService() (kong.AbstractConsumerService, bool)
- func (p DefaultAdminAPIServicesProvider) GetPluginsService() (kong.AbstractPluginService, bool)
type GatewayClientsProvider
type KongHTTPValidator
- func NewKongHTTPValidator(logger logrus.FieldLogger, managerClient client.Client, ingressClass string, ...) KongHTTPValidator
type KongValidator
type RequestHandler
- func (h RequestHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type ResponseBuilder
- func NewResponseBuilder(uid k8stypes.UID) *ResponseBuilder
type ServerConfig

Constants ¶

View Source

const (
	ErrTextConsumerCredentialSecretNotFound   = "consumer referenced non-existent credentials secret"
	ErrTextConsumerCredentialValidationFailed = "consumer credential failed validation"
	ErrTextConsumerExists                     = "consumer already exists"
	ErrTextConsumerUnretrievable              = "failed to fetch consumer from kong"
	ErrTextConsumerUsernameEmpty              = "username cannot be empty"
	ErrTextFailedToRetrieveSecret             = "could not retrieve secrets from the kubernets API" //nolint:gosec
	ErrTextPluginConfigInvalid                = "could not parse plugin configuration"
	ErrTextPluginConfigValidationFailed       = "unable to validate plugin schema"
	ErrTextPluginConfigViolatesSchema         = "plugin failed schema validation: %s"
	ErrTextPluginNameEmpty                    = "plugin name cannot be empty"
	ErrTextPluginSecretConfigUnretrievable    = "could not load secret plugin configuration"
	ErrTextPluginUsesBothConfigTypes          = "plugin cannot use both Config and ConfigFrom"
)

View Source

const (
	ErrTextCantRetrieveGatewayClass    = "gatewayclass for this gateway could not be retrieved"
	ErrTextInvalidGatewayConfiguration = "gateway metadata and/or spec are invalid"
)

View Source

const (
	DefaultAdmissionWebhookCertPath = "/admission-webhook/tls.crt"
	DefaultAdmissionWebhookKeyPath  = "/admission-webhook/tls.key"
)

Variables ¶

This section is empty.

Functions ¶

func MakeTLSServer ¶

func MakeTLSServer(ctx context.Context, config *ServerConfig, handler http.Handler,
	log logrus.FieldLogger,
) (*http.Server, error)

Types ¶

type AdminAPIServicesProvider ¶ added in v2.9.0

type AdminAPIServicesProvider interface {
	GetConsumersService() (kong.AbstractConsumerService, bool)
	GetPluginsService() (kong.AbstractPluginService, bool)
}

AdminAPIServicesProvider provides KongHTTPValidator with Kong Admin API services that are needed to perform validation against entities stored by the Gateway.

type DefaultAdminAPIServicesProvider ¶ added in v2.9.0

type DefaultAdminAPIServicesProvider struct {
	// contains filtered or unexported fields
}

DefaultAdminAPIServicesProvider allows getting Admin API services that require having at least one Gateway discovered. In the case there's no Gateways, it will return `false` from every method, signalling there's no Gateway available.

func NewDefaultAdminAPIServicesProvider ¶ added in v2.9.0

func NewDefaultAdminAPIServicesProvider(gatewaysProvider GatewayClientsProvider) *DefaultAdminAPIServicesProvider

func (DefaultAdminAPIServicesProvider) GetConsumersService ¶ added in v2.9.0

func (p DefaultAdminAPIServicesProvider) GetConsumersService() (kong.AbstractConsumerService, bool)

func (DefaultAdminAPIServicesProvider) GetPluginsService ¶ added in v2.9.0

func (p DefaultAdminAPIServicesProvider) GetPluginsService() (kong.AbstractPluginService, bool)

type GatewayClientsProvider ¶ added in v2.9.0

type GatewayClientsProvider interface {
	GatewayClients() []*adminapi.Client
}

GatewayClientsProvider returns the most recent set of Gateway Admin API clients.

type KongHTTPValidator ¶

type KongHTTPValidator struct {
	Logger                   logrus.FieldLogger
	SecretGetter             kongstate.SecretGetter
	ManagerClient            client.Client
	AdminAPIServicesProvider AdminAPIServicesProvider
	// contains filtered or unexported fields
}

KongHTTPValidator implements KongValidator interface to validate Kong entities using the Admin API of Kong.

func NewKongHTTPValidator ¶ added in v2.1.0

func NewKongHTTPValidator(
	logger logrus.FieldLogger,
	managerClient client.Client,
	ingressClass string,
	servicesProvider AdminAPIServicesProvider,
) KongHTTPValidator

NewKongHTTPValidator provides a new KongHTTPValidator object provided a controller-runtime client which will be used to retrieve reference objects such as consumer credentials secrets. If you do not pass a cached client here, the performance of this validator can get very poor at high scales.

func (KongHTTPValidator) ValidateClusterPlugin ¶

func (validator KongHTTPValidator) ValidateClusterPlugin(
	ctx context.Context,
	k8sPlugin kongv1.KongClusterPlugin,
) (bool, string, error)

ValidateClusterPlugin transfers relevant fields from a KongClusterPlugin into a KongPlugin and then returns the result of ValidatePlugin for the derived KongPlugin.

func (KongHTTPValidator) ValidateConsumer ¶

func (validator KongHTTPValidator) ValidateConsumer(
	ctx context.Context,
	consumer kongv1.KongConsumer,
) (bool, string, error)

ValidateConsumer checks if consumer has a Username and a consumer with the same username doesn't exist in Kong. If an error occurs during validation, it is returned as the last argument. The first boolean communicates if the consumer is valid or not and string holds a message if the entity is not valid.

func (KongHTTPValidator) ValidateCredential ¶

func (validator KongHTTPValidator) ValidateCredential(
	ctx context.Context,
	secret corev1.Secret,
) (bool, string, error)

ValidateCredential checks if the secret contains a credential meant to be installed in Kong. If so, then it verifies if all the required fields are present in it or not. If valid, it returns true with an empty string, else it returns false with the error messsage. If an error happens during validation, error is returned.

func (KongHTTPValidator) ValidateGateway ¶ added in v2.1.0

func (validator KongHTTPValidator) ValidateGateway(
	ctx context.Context, gateway gatewaycontroller.Gateway,
) (bool, string, error)

func (KongHTTPValidator) ValidateHTTPRoute ¶ added in v2.2.0

func (validator KongHTTPValidator) ValidateHTTPRoute(
	ctx context.Context, httproute gatewaycontroller.HTTPRoute,
) (bool, string, error)

func (KongHTTPValidator) ValidatePlugin ¶

func (validator KongHTTPValidator) ValidatePlugin(
	ctx context.Context,
	k8sPlugin kongv1.KongPlugin,
) (bool, string, error)

ValidatePlugin checks if k8sPlugin is valid. It does so by performing an HTTP request to Kong's Admin API entity validation endpoints. If an error occurs during validation, it is returned as the last argument. The first boolean communicates if k8sPluign is valid or not and string holds a message if the entity is not valid.

type KongValidator ¶

type KongValidator interface {
	ValidateConsumer(ctx context.Context, consumer kongv1.KongConsumer) (bool, string, error)
	ValidatePlugin(ctx context.Context, plugin kongv1.KongPlugin) (bool, string, error)
	ValidateClusterPlugin(ctx context.Context, plugin kongv1.KongClusterPlugin) (bool, string, error)
	ValidateCredential(ctx context.Context, secret corev1.Secret) (bool, string, error)
	ValidateGateway(ctx context.Context, gateway gatewaycontroller.Gateway) (bool, string, error)
	ValidateHTTPRoute(ctx context.Context, httproute gatewaycontroller.HTTPRoute) (bool, string, error)
}

KongValidator validates Kong entities.

type RequestHandler ¶

type RequestHandler struct {
	// Validator validates the entities that the k8s API-server asks
	// it the server to validate.
	Validator KongValidator

	Logger logrus.FieldLogger
}

RequestHandler is an HTTP server that can validate Kong Ingress Controllers' Custom Resources using Kubernetes Admission Webhooks.

func (RequestHandler) ServeHTTP ¶

func (h RequestHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP parses AdmissionReview requests and responds back with the validation result of the entity.

type ResponseBuilder ¶ added in v2.8.0

type ResponseBuilder struct {
	// contains filtered or unexported fields
}

func NewResponseBuilder ¶ added in v2.8.0

func NewResponseBuilder(uid k8stypes.UID) *ResponseBuilder

func (*ResponseBuilder) Allowed ¶ added in v2.8.0

func (r *ResponseBuilder) Allowed(allowed bool) *ResponseBuilder

func (*ResponseBuilder) Build ¶ added in v2.8.0

func (r *ResponseBuilder) Build() *admissionv1.AdmissionResponse

func (*ResponseBuilder) WithMessage ¶ added in v2.8.0

func (r *ResponseBuilder) WithMessage(msg string) *ResponseBuilder

func (*ResponseBuilder) WithWarning ¶ added in v2.8.0

func (r *ResponseBuilder) WithWarning(warning string) *ResponseBuilder

type ServerConfig ¶

type ServerConfig struct {
	ListenAddr string

	CertPath string
	Cert     string

	KeyPath string
	Key     string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL