webhook

package
v1.12.0-RC2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2020 License: Apache-2.0 Imports: 54 Imported by: 1

Documentation

Index

Constants

View Source 
const (

	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyBlockType = "PRIVATE KEY"
	// PublicKeyBlockType is a possible value for pem.Block.Type.
	PublicKeyBlockType = "PUBLIC KEY"
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
)
View Source 
const (

	// AdmissionNameEnvVar is the constant for env variable ADMISSION_WEBHOOK_NAME
	// which is the name of the current admission webhook
	AdmissionNameEnvVar = "ADMISSION_WEBHOOK_NAME"
)

Variables

View Source 
var (

	// Ignore means that an error calling the webhook is ignored.
	Ignore = v1beta1.Ignore
	// Fail means that an error calling the webhook causes the admission to fail.
	Fail = v1beta1.Fail
	// WebhookFailurePolicye represents failure policy env name to make it configurable
	// via ENV
	WebhookFailurePolicy = "ADMISSION_WEBHOOK_FAILURE_POLICY"
)
View Source 
var DefaultEllipticCurve = elliptic.P256()

DefaultEllipticCurve specifies the default elliptic curve to be used for key generation

Functions

func ClaimBD 

func ClaimBD(newBdObj *ndmapis.BlockDevice, oldBD string, cspcOld *apis.CStorPoolCluster) error

ClaimBD claims a given BlockDevice

func EncodeCertPEM 

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data

func EncodePrivateKeyPEM 

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data

func GetAdmissionName 

func GetAdmissionName() (string, error)

GetAdmissionName return the admission server name

func GetAdmissionReference 

func GetAdmissionReference() (*metav1.OwnerReference, error)

GetAdmissionReference is a utility function to fetch a reference to the admission webhook deployment object

func GetNewBDFromRaidGroups 

func GetNewBDFromRaidGroups(newRG, oldRG *apis.RaidGroup) map[string]string

GetNewBDFromRaidGroups returns a map of new successor bd to old bd for replacement in a raid group

func GetNumberOfDiskReplaced 

func GetNumberOfDiskReplaced(newRG, oldRG *apis.RaidGroup) int

GetNumberOfDiskReplaced returns the nuber of disk replaced in raid group.

func GetSecret 

func GetSecret(
	namespace string,
	secretName string,
) (*corev1.Secret, error)

GetSecret fetches the secret resource in the given namespace.

func GetValidatorWebhook 

func GetValidatorWebhook(
	validator string,
) (*v1beta1.ValidatingWebhookConfiguration, error)

GetValidatorWebhook fetches the webhook validator resource in Openebs namespace.

func InitValidationServer 

func InitValidationServer(
	ownerReference metav1.OwnerReference,
) error

InitValidationServer creates secret, service and admission validation k8s resources. All these resources are created in the same namespace where openebs components is running.

func IsBlockDeviceReplacementCase 

func IsBlockDeviceReplacementCase(newRaidGroup, oldRaidGroup *apis.RaidGroup) bool

IsBlockDeviceReplacementCase returns true if the edit/update of CSPC can trigger a blockdevice replacement.

func IsMoreThanOneDiskReplaced 

func IsMoreThanOneDiskReplaced(newRG, oldRG *apis.RaidGroup) bool

IsMoreThanOneDiskReplaced returns true if more than one disk is replaced in the same raid group.

func IsRaidGroupCommon 

func IsRaidGroupCommon(rgOld, rgNew apis.RaidGroup) bool

IsRaidGroupCommon returns true if the provided raid groups are the same raid groups.

func New 

func New(p Parameters, kubeClient kubernetes.Interface,
	openebsClient clientset.Interface,
	snapClient snapclient.Interface) (
	*webhook, error)

New creates a new instance of a webhook. Prior to invoking this function, InitValidationServer function must be called to set up secret (for TLS certs) k8s resource. This function runs forever.

func NewSignedCert 

func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func StrPtr 

func StrPtr(s string) *string

StrPtr convert a string to a pointer

func ValidateSpecChanges 

func ValidateSpecChanges(commonPoolSpecs *poolspecs, bdr *BlockDeviceReplacement) (bool, string)

ValidateSpecChanges validates the changes in CSPC for changes in a raid group only if the update/edit of CSPC can trigger a block device replacement/pool expansion scenarios.

Types

type AdmissionResponse 

type AdmissionResponse struct {
	AR *v1beta1.AdmissionResponse
}

AdmissionResponse embeds K8S admission response API.

func BuildForAPIObject 

func BuildForAPIObject(ar *v1beta1.AdmissionResponse) *AdmissionResponse

BuildForAPIObject builds for api admission response object.

func NewAdmissionResponse 

func NewAdmissionResponse() *AdmissionResponse

NewAdmissionResponse returns an empty instance of AdmissionResponse.

func (*AdmissionResponse) SetAllowed 

func (ar *AdmissionResponse) SetAllowed() *AdmissionResponse

SetAllowed sets allowed to true.

func (*AdmissionResponse) UnSetAllowed 

func (ar *AdmissionResponse) UnSetAllowed() *AdmissionResponse

UnSetAllowed sets allowed to false.

func (*AdmissionResponse) WithResultAsFailure 

func (ar *AdmissionResponse) WithResultAsFailure(err error, code int32) *AdmissionResponse

WithResultAsFailure sets failure result.

func (*AdmissionResponse) WithResultAsSuccess 

func (ar *AdmissionResponse) WithResultAsSuccess(code int32) *AdmissionResponse

WithResultAsSuccess sets success result.

type BlockDeviceReplacement 

type BlockDeviceReplacement struct {
	// OldCSPC is the persisted CSPC in etcd.
	OldCSPC *apis.CStorPoolCluster
	// NewCSPC is the CSPC after it has been modified but yet not persisted to etcd.
	NewCSPC *apis.CStorPoolCluster
}

BlockDeviceReplacement contains old and new CSPC to validate for block device replacement

func NewBlockDeviceReplacement 

func NewBlockDeviceReplacement() *BlockDeviceReplacement

NewBlockDeviceReplacement returns an empty BlockDeviceReplacement object.

func (*BlockDeviceReplacement) AreNewBDsValid 

func (bdr *BlockDeviceReplacement) AreNewBDsValid(newRG, oldRG *apis.RaidGroup, oldcspc *apis.CStorPoolCluster) bool

AreNewBDsValid returns true if the new BDs are valid BDs for replacement.

func (*BlockDeviceReplacement) GetBDCOfBD 

func (bdr *BlockDeviceReplacement) GetBDCOfBD(bdName string) (*bdc.BlockDeviceClaim, error)

GetBDCOfBD returns the BDC object for corresponding BD.

func (*BlockDeviceReplacement) GetPredecessorBDIfAny 

func (bdr *BlockDeviceReplacement) GetPredecessorBDIfAny(cspcOld *apis.CStorPoolCluster) (map[string]bool, error)

GetPredecessorBDIfAny returns a map of predecessor BDs if any in the current CSPC Note: Predecessor BDs in a CSPC are those BD for which a new BD has appeared in the CSPC and 

replacement is still in progress

For example, (b1,b2) is a group in cspc which has been changed to ( b3,b2 ) [Notice that b1 got replaced by b3], now b1 is not present in CSPC but the replacement is still in progress in background. In this case b1 is a predecessor BD.

func (*BlockDeviceReplacement) IsBDReplacementValid 

func (bdr *BlockDeviceReplacement) IsBDReplacementValid(newRG, oldRG *apis.RaidGroup) (bool, string)

IsBDReplacementValid validates for BD replacement.

func (*BlockDeviceReplacement) IsBDValid 

func (bdr *BlockDeviceReplacement) IsBDValid(bd string, bdc *bdc.BlockDeviceClaim, oldcspc *apis.CStorPoolCluster) bool

IsBDValid returns true if the new BD is a valid BD for replacement.

func (*BlockDeviceReplacement) IsExistingReplacmentInProgress 

func (bdr *BlockDeviceReplacement) IsExistingReplacmentInProgress(oldRG *apis.RaidGroup) (bool, error)

IsExistingReplacmentInProgress returns true if a block device in raid group is under active replacement.

func (*BlockDeviceReplacement) IsNewBDPresentOnCurrentCSPC 

func (bdr *BlockDeviceReplacement) IsNewBDPresentOnCurrentCSPC(newRG, oldRG *apis.RaidGroup) bool

IsNewBDPresentOnCurrentCSPC returns true if the new/incoming BD that will be used for replacement is already present in CSPC.

func (*BlockDeviceReplacement) IsPoolSpecChangeValid 

func (bdr *BlockDeviceReplacement) IsPoolSpecChangeValid(oldPoolSpec, newPoolSpec *apis.PoolSpec) (bool, string)

IsPoolSpecChangeValid validates the pool specs on CSPC for raid groups changes case

func (*BlockDeviceReplacement) WithNewCSPC 

func (bdr *BlockDeviceReplacement) WithNewCSPC(newCSPC *apis.CStorPoolCluster) *BlockDeviceReplacement

WithNewCSPC sets the new CSPC as a result of CSPC modification which is not yet persisted, into the BlockDeviceReplacement object

func (*BlockDeviceReplacement) WithOldCSPC 

func (bdr *BlockDeviceReplacement) WithOldCSPC(oldCSPC *apis.CStorPoolCluster) *BlockDeviceReplacement

WithOldCSPC sets the old persisted CSPC into the BlockDeviceReplacement object.

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder is the builder object for Builder

func NewBuilder 

func NewBuilder() *Builder

NewBuilder returns new instance of builder

type KeyPair 

type KeyPair struct {
	Key  *rsa.PrivateKey
	Cert *x509.Certificate
}

KeyPair ...

func NewCA 

func NewCA(name string) (*KeyPair, error)

NewCA ...

func NewClientKeyPair 

func NewClientKeyPair(ca *KeyPair, commonName string, organizations []string) (*KeyPair, error)

NewClientKeyPair ...

func NewServerKeyPair 

func NewServerKeyPair(ca *KeyPair, commonName, svcName, svcNamespace, dnsDomain string, ips, hostnames []string) (*KeyPair, error)

NewServerKeyPair ...

type Parameters 

type Parameters struct {
	// Port is webhook server port
	Port int
	//CertFile is path to the x509 certificate for https
	CertFile string
	//KeyFile is path to the x509 private key matching `CertFile`
	KeyFile string
}

Parameters are server configures parameters

type PoolValidator 

type PoolValidator struct {
	// contains filtered or unexported fields
}

PoolValidator is build to validate pool spec, raid groups and blockdevices

func NewPoolSpecValidator 

func NewPoolSpecValidator() *PoolValidator

NewPoolSpecValidator returns new instance of poolValidator

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.