webhook

package
v1.10.0-RC1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 8, 2020 License: Apache-2.0 Imports: 40 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyBlockType = "PRIVATE KEY"
	// PublicKeyBlockType is a possible value for pem.Block.Type.
	PublicKeyBlockType = "PUBLIC KEY"
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
)
View Source
const (

	// AdmissionNameEnvVar is the constant for env variable ADMISSION_WEBHOOK_NAME
	// which is the name of the current admission webhook
	AdmissionNameEnvVar = "ADMISSION_WEBHOOK_NAME"
)

Variables

View Source
var (

	// Ignore means that an error calling the webhook is ignored.
	Ignore = admissionregistration.Ignore
	// Fail means that an error calling the webhook causes the admission to fail.
	Fail = admissionregistration.Fail
)
View Source
var (
	// SupportedPRaidType is a map holding the supported raid configurations
	// Value of the keys --
	// 1. In case of striped this is the minimum number of disk required.
	// 2. In all other cases this is the exact number of disks required.
	SupportedPRaidType = map[cstor.PoolType]validateRaidBDCount{
		cstor.PoolStriped:  isStripedBDCountValid,
		cstor.PoolMirrored: isMirroredBDCountValid,
		cstor.PoolRaidz:    isRaidzBDCountValid,
		cstor.PoolRaidz2:   isRaidz2BDCountValid,
	}
	// SupportedCompression is a map holding the supported compressions
	// TODO: confirm all the compression types supported by control plane
	// and update the map accordingly
	SupportedCompression = map[string]bool{
		"":    true,
		"off": true,
		"lz":  true,
	}
)
View Source
var DefaultEllipticCurve = elliptic.P256()

DefaultEllipticCurve specifies the default elliptic curve to be used for key generation

Functions

func ByteCount

func ByteCount(b uint64) string

ByteCount converts bytes into corresponding unit

func EncodeCertPEM

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data

func EncodePrivateKeyPEM

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data

func GetAdmissionName

func GetAdmissionName() (string, error)

GetAdmissionName return the admission server name

func GetAdmissionReference

func GetAdmissionReference(kubeClient kubernetes.Interface) (*metav1.OwnerReference, error)

GetAdmissionReference is a utility function to fetch a reference to the admission webhook deployment object

func GetDesiredReplicaPoolNames

func GetDesiredReplicaPoolNames(cvc *cstor.CStorVolumeConfig) []string

GetDesiredReplicaPoolNames returns list of desired pool names

func GetHostNameFromLabelSelector

func GetHostNameFromLabelSelector(labels map[string]string, kubeClient kubernetes.Interface) (string, error)

GetHostNameFromLabelSelector returns the node name selected by provided labels

func GetNewBDFromRaidGroups

func GetNewBDFromRaidGroups(newRG, oldRG *cstor.RaidGroup) map[string]string

GetNewBDFromRaidGroups returns a map of new successor bd to old bd for replacement in a raid group

func GetNumberOfDiskReplaced

func GetNumberOfDiskReplaced(newRG, oldRG *cstor.RaidGroup) int

GetNumberOfDiskReplaced returns the nuber of disk replaced in raid group.

func GetSecret

func GetSecret(
	namespace string,
	secretName string,
	kubeClient kubernetes.Interface,
) (*corev1.Secret, error)

GetSecret fetches the secret resource in the given namespace.

func GetValidatorWebhook

func GetValidatorWebhook(
	validator string, kubeClient kubernetes.Interface,
) (*admissionregistration.ValidatingWebhookConfiguration, error)

GetValidatorWebhook fetches the webhook validator resource in Openebs namespace.

func InitValidationServer

func InitValidationServer(
	ownerReference metav1.OwnerReference,
	k kubernetes.Interface,
) error

InitValidationServer creates secret, service and admission validation k8s resources. All these resources are created in the same namespace where openebs components is running.

func IsBlockDeviceReplacementCase

func IsBlockDeviceReplacementCase(newRaidGroup, oldRaidGroup *cstor.RaidGroup) bool

IsBlockDeviceReplacementCase returns true if the edit/update of CSPC can trigger a blockdevice replacement.

func IsMoreThanOneDiskReplaced

func IsMoreThanOneDiskReplaced(newRG, oldRG *cstor.RaidGroup) bool

IsMoreThanOneDiskReplaced returns true if more than one disk is replaced in the same raid group.

func IsRaidGroupCommon

func IsRaidGroupCommon(rgOld, rgNew cstor.RaidGroup) bool

IsRaidGroupCommon returns true if the provided raid groups are the same raid groups.

func IsUniqueList

func IsUniqueList(list []string) bool

IsUniqueList returns true if values in list are not repeated else return false

func New

func New(p Parameters, kubeClient kubernetes.Interface,
	openebsClient clientset.Interface) (
	*webhook, error)

New creates a new instance of a webhook. Prior to invoking this function, InitValidationServer function must be called to set up secret (for TLS certs) k8s resource. This function runs forever.

func NewSignedCert

func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func StrPtr

func StrPtr(s string) *string

StrPtr convert a string to a pointer

func ValidateSpecChanges

func ValidateSpecChanges(commonPoolSpecs *poolspecs, pOps *PoolOperations) (bool, string)

ValidateSpecChanges validates the changes in CSPC for changes in a raid group only if the update/edit of CSPC can trigger a block device replacement/pool expansion scenarios.

Types

type AdmissionResponse

type AdmissionResponse struct {
	AR *v1beta1.AdmissionResponse
}

AdmissionResponse embeds K8S admission response API.

func BuildForAPIObject

func BuildForAPIObject(ar *v1beta1.AdmissionResponse) *AdmissionResponse

BuildForAPIObject builds for api admission response object.

func NewAdmissionResponse

func NewAdmissionResponse() *AdmissionResponse

NewAdmissionResponse returns an empty instance of AdmissionResponse.

func (*AdmissionResponse) SetAllowed

func (ar *AdmissionResponse) SetAllowed() *AdmissionResponse

SetAllowed sets allowed to true.

func (*AdmissionResponse) UnSetAllowed

func (ar *AdmissionResponse) UnSetAllowed() *AdmissionResponse

UnSetAllowed sets allowed to false.

func (*AdmissionResponse) WithResultAsFailure

func (ar *AdmissionResponse) WithResultAsFailure(err error, code int32) *AdmissionResponse

WithResultAsFailure sets failure result.

func (*AdmissionResponse) WithResultAsSuccess

func (ar *AdmissionResponse) WithResultAsSuccess(code int32) *AdmissionResponse

WithResultAsSuccess sets success result.

type Builder

type Builder struct {
	// contains filtered or unexported fields
}

Builder is the builder object for Builder

func NewBuilder

func NewBuilder() *Builder

NewBuilder returns new instance of builder

type KeyPair

type KeyPair struct {
	Key  *rsa.PrivateKey
	Cert *x509.Certificate
}

KeyPair ...

func NewCA

func NewCA(name string) (*KeyPair, error)

NewCA ...

func NewClientKeyPair

func NewClientKeyPair(ca *KeyPair, commonName string, organizations []string) (*KeyPair, error)

NewClientKeyPair ...

func NewServerKeyPair

func NewServerKeyPair(ca *KeyPair, commonName, svcName, svcNamespace, dnsDomain string, ips, hostnames []string) (*KeyPair, error)

NewServerKeyPair ...

type Parameters

type Parameters struct {
	// Port is webhook server port
	Port int
	//CertFile is path to the x509 certificate for https
	CertFile string
	//KeyFile is path to the x509 private key matching `CertFile`
	KeyFile string
}

Parameters are server configures parameters

type PoolOperations

type PoolOperations struct {
	// OldCSPC is the persisted CSPC in etcd.
	OldCSPC *cstor.CStorPoolCluster
	// NewCSPC is the CSPC after it has been modified but yet not persisted to etcd.
	NewCSPC *cstor.CStorPoolCluster
	// contains filtered or unexported fields
}

PoolOperations contains old and new CSPC to validate for pool operations

func NewPoolOperations

func NewPoolOperations(k kubernetes.Interface, c clientset.Interface) *PoolOperations

NewPoolOperations returns an empty PoolOperations object.

func (*PoolOperations) AreNewBDsValid

func (pOps *PoolOperations) AreNewBDsValid(newRG, oldRG *cstor.RaidGroup, oldcspc *cstor.CStorPoolCluster) bool

AreNewBDsValid returns true if the new BDs are valid BDs for replacement.

func (*PoolOperations) ArePoolSpecChangesValid

func (pOps *PoolOperations) ArePoolSpecChangesValid(oldPoolSpec, newPoolSpec *cstor.PoolSpec) (bool, string)

ArePoolSpecChangesValid validates the pool specs on CSPC for raid groups changes(day-2-operations). Steps performed in this function

  1. Get common raidgroups with index matching from old and new spec.
  2. Iterate over common old and new raid groups and perform following steps: 2.1 Validate raid group changes. 2.1.1: Verify and return error when new block device added or removed from existing raid groups for other than stripe pool type. 2.2 Validate changes for blockdevice replacement scenarios(openebs/openebs#2846).
  3. Validate vertical pool expansions if there are any new raidgroups or blockdevices added.

func (*PoolOperations) ClaimBD

func (pOps *PoolOperations) ClaimBD(newBdObj *openebsapis.BlockDevice, oldBD string) error

ClaimBD claims a given BlockDevice

func (*PoolOperations) GetBDCOfBD

func (pOps *PoolOperations) GetBDCOfBD(bdName string) (*openebsapis.BlockDeviceClaim, error)

GetBDCOfBD returns the BDC object for corresponding BD.

func (*PoolOperations) GetPredecessorBDIfAny

func (pOps *PoolOperations) GetPredecessorBDIfAny(cspcOld *cstor.CStorPoolCluster) (map[string]bool, error)

GetPredecessorBDIfAny returns a map of predecessor BDs if any in the current CSPC Note: Predecessor BDs in a CSPC are those BD for which a new BD has appeared in the CSPC and

replacement is still in progress

For example, (b1,b2) is a group in cspc which has been changed to ( b3,b2 ) [Notice that b1 got replaced by b3], now b1 is not present in CSPC but the replacement is still in progress in background. In this case b1 is a predecessor BD.

func (*PoolOperations) IsBDReplacementValid

func (pOps *PoolOperations) IsBDReplacementValid(newRG, oldRG *cstor.RaidGroup, oldRgType string) (bool, string)

IsBDReplacementValid validates for BD replacement.

func (*PoolOperations) IsBDValid

func (pOps *PoolOperations) IsBDValid(bd string, bdc *openebsapis.BlockDeviceClaim, oldcspc *cstor.CStorPoolCluster) bool

IsBDValid returns true if the new BD is a valid BD for replacement.

func (*PoolOperations) IsExistingReplacmentInProgress

func (pOps *PoolOperations) IsExistingReplacmentInProgress(oldRG *cstor.RaidGroup) (bool, error)

IsExistingReplacmentInProgress returns true if a block device in raid group is under active replacement.

func (*PoolOperations) IsNewBDPresentOnCurrentCSPC

func (pOps *PoolOperations) IsNewBDPresentOnCurrentCSPC(newRG, oldRG *cstor.RaidGroup) bool

IsNewBDPresentOnCurrentCSPC returns true if the new/incoming BD that will be used for replacement is already present in CSPC.

func (*PoolOperations) WithNewCSPC

func (pOps *PoolOperations) WithNewCSPC(newCSPC *cstor.CStorPoolCluster) *PoolOperations

WithNewCSPC sets the new CSPC as a result of CSPC modification which is not yet persisted, into the PoolOperations object

func (*PoolOperations) WithOldCSPC

func (pOps *PoolOperations) WithOldCSPC(oldCSPC *cstor.CStorPoolCluster) *PoolOperations

WithOldCSPC sets the old persisted CSPC into the PoolOperations object.

type PoolValidator

type PoolValidator struct {
	// contains filtered or unexported fields
}

PoolValidator is build to validate pool spec, raid groups and blockdevices

func NewPoolSpecValidator

func NewPoolSpecValidator() *PoolValidator

NewPoolSpecValidator returns new instance of poolValidator

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL