webhook

package
v0.0.0-...-75da391 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 5, 2019 License: Apache-2.0 Imports: 29 Imported by: 0

README

Webhook

Webhook based API-Coverage tool uses ValidatingAdmissionWebhook which is a web-server that the K8 API-Server calls into for every API-Object update to verify if the object is valid before storing it into its datastore. Each validation request has the json representation of the object being created/modified, that the tool uses to capture coverage data. webhook package inside this folder provides a mechanism for individual repos to setup ValidatingAdmissionWebhook.

APICoverageWebhook type inside the package encapsulates necessary configuration details and helper methods required to setup the webhook. Each repo is expected to call into SetupWebhook() providing following three parameters:

  1. http.Handler: This is the http handler (that implements ServeHTTP( w http.ResponseWriter, r *http.Request)) that the web server created by APICoverageWebhook uses.
  2. rules: This is an array of RuleWithOperations objects from the k8s.io/api/admissionregistration/v1beta1 package that the webhook uses for validation on each API Object update. e.g: knative-serving while calling this method would provide rules that will handle API Objects like Service, Configuration, Route and Revision.
  3. namespace: Namespace name where the webhook would be installed.
  4. stop channel: Channel to terminate webhook's web server.

SetupWebhook() method in its implementation creates a TLS based web server and registers the webhook by creating a ValidatingWebhookConfiguration object inside the K8 cluster.

APICoverageRecorder type inside the package encapsulates the apicoverage recording capabilities. Repo using this type is expected to set:

  1. ResourceForest: Specifying the version and initializing the ResourceTrees
  2. ResourceMap: Identifying the resources whose APICoverage needs to be calculated.
  3. NodeRules: NodeRules that are applicable for the repo.
  4. FieldRules: FieldRules that are applicable for the repo.
  5. DisplayRules: DisplayRules to be used by GetResourceCoverage method.

Documentation

Index

Constants

View Source
const (
	// ResourceQueryParam query param name to provide the resource.
	ResourceQueryParam = "resource"

	// ResourceCoverageEndPoint is the endpoint for Resource Coverage API
	ResourceCoverageEndPoint = "/resourcecoverage"

	// TotalCoverageEndPoint is the endpoint for Total Coverage API
	TotalCoverageEndPoint = "/totalcoverage"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type APICoverageRecorder

type APICoverageRecorder struct {
	Logger         *zap.SugaredLogger
	ResourceForest resourcetree.ResourceForest
	ResourceMap    map[schema.GroupVersionKind]webhook.GenericCRD
	NodeRules      resourcetree.NodeRules
	FieldRules     resourcetree.FieldRules
	DisplayRules   view.DisplayRules
	// contains filtered or unexported fields
}

APICoverageRecorder type contains resource tree to record API coverage for resources.

func (*APICoverageRecorder) GetResourceCoverage

func (a *APICoverageRecorder) GetResourceCoverage(w http.ResponseWriter, r *http.Request)

GetResourceCoverage retrieves resource coverage data for the passed in resource via query param.

func (*APICoverageRecorder) GetTotalCoverage

func (a *APICoverageRecorder) GetTotalCoverage(w http.ResponseWriter, r *http.Request)

GetTotalCoverage goes over all the resources setup for the apicoverage tool and returns total coverage values.

func (*APICoverageRecorder) Init

func (a *APICoverageRecorder) Init()

Init initializes the resources trees for set resources.

func (*APICoverageRecorder) RecordResourceCoverage

func (a *APICoverageRecorder) RecordResourceCoverage(w http.ResponseWriter, r *http.Request)

RecordResourceCoverage updates the resource tree with the request.

type APICoverageWebhook

type APICoverageWebhook struct {
	// WebhookName is the name of the validation webhook we create to intercept API calls.
	WebhookName string

	// ServiceName is the name of K8 service under which the webhook runs.
	ServiceName string

	// DeploymentName is the deployment name for the webhook.
	DeploymentName string

	// Namespace is the namespace in which everything above lives.
	Namespace string

	// Port where the webhook is served.
	Port int

	// RegistrationDelay controls how long validation requests
	// occurs after the webhook is started. This is used to avoid
	// potential races where registration completes and k8s apiserver
	// invokes the webhook before the HTTP server is started.
	RegistrationDelay time.Duration

	// ClientAuthType declares the policy the webhook server will follow for TLS Client Authentication.
	ClientAuth tls.ClientAuthType

	// CaCert is the CA Cert for the webhook server.
	CaCert []byte

	// FailurePolicy policy governs the webhook validation decisions.
	FailurePolicy admissionregistrationv1beta1.FailurePolicyType

	// Logger is the configured logger for the webhook.
	Logger *zap.SugaredLogger

	// KubeClient is the K8 client to the target cluster.
	KubeClient kubernetes.Interface
}

APICoverageWebhook encapsulates necessary configuration details for the api-coverage webhook.

func BuildWebhookConfiguration

func BuildWebhookConfiguration(componentCommonName string, webhookName string, namespace string) *APICoverageWebhook

BuildWebhookConfiguration builds the APICoverageWebhook object using the provided names.

func (*APICoverageWebhook) SetupWebhook

func (acw *APICoverageWebhook) SetupWebhook(handler http.Handler, resources map[schema.GroupVersionKind]webhook.GenericCRD, namespace string, stop <-chan struct{}) error

SetupWebhook sets up the webhook with the provided http.handler, resourcegroup Map, namespace and stop channel.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL