validating

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2020 License: Apache-2.0 Imports: 11 Imported by: 4

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewWebhook 

func NewWebhook(cfg WebhookConfig, validator Validator, ot opentracing.Tracer, recorder metrics.Recorder, logger log.Logger) (webhook.Webhook, error)

NewWebhook is a validating webhook and will return a webhook ready for a type of resource it will validate the received resources.

Types

type Chain 

type Chain struct {
	// contains filtered or unexported fields
}

Chain is a chain of validators that will execute secuentially all the validators that have been added to it. It satisfies Mutator interface.

func NewChain 

func NewChain(logger log.Logger, validators ...Validator) *Chain

NewChain returns a new chain.

func (*Chain) Validate 

func (c *Chain) Validate(ctx context.Context, obj metav1.Object) (bool, ValidatorResult, error)

Validate will execute all the validation chain.

type Validator 

type Validator interface {
	// Validate will received a pointer to an object, validators can be
	// grouped in chains, that's why a stop boolean to stop executing the chain
	// can be returned the validator, the valid parameter will denotate if the
	// object is valid (if not valid the chain will be stopped also) and a error.
	Validate(context.Context, metav1.Object) (stop bool, valid ValidatorResult, err error)
}

Validator knows how to validate the received kubernetes object.

Example (ChainValidatingWebhook)

chainValidatingWebhook shows how you would create a validating chain. 

package main

import (
	"context"

	corev1 "k8s.io/api/core/v1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	"github.com/slok/kubewebhook/pkg/log"
	"github.com/slok/kubewebhook/pkg/webhook/validating"
)

func main() {
	fakeVal := validating.ValidatorFunc(func(_ context.Context, obj metav1.Object) (bool, validating.ValidatorResult, error) {
		return false, validating.ValidatorResult{}, nil
	})

	fakeVal2 := validating.ValidatorFunc(func(_ context.Context, obj metav1.Object) (bool, validating.ValidatorResult, error) {
		return false, validating.ValidatorResult{}, nil
	})

	fakeVal3 := validating.ValidatorFunc(func(_ context.Context, obj metav1.Object) (bool, validating.ValidatorResult, error) {
		return false, validating.ValidatorResult{}, nil
	})

	// Create a validator that is a chain of multiple validators.
	valChain := validating.NewChain(log.Dummy, fakeVal, fakeVal2, fakeVal3)

	// Create webhook (usage of webhook not in this example).
	cfg := validating.WebhookConfig{
		Name: "podWebhook",
		Obj:  &corev1.Pod{},
	}

	_, _ = validating.NewWebhook(cfg, valChain, nil, nil, nil)
}

Output:
Example (IngressHostValidatingWebhook)

IngressHostValidatingWebhook shows how you would create a ingress validating webhook that checks if an ingress has any rule with an invalid host that doesn't match the valid host regex and if is invalid will not accept the ingress. 

package main

import (
	"context"
	"fmt"
	"regexp"

	extensionsv1beta1 "k8s.io/api/extensions/v1beta1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	"github.com/slok/kubewebhook/pkg/webhook/validating"
)

func main() {
	// Create the regex to validate the hosts.
	validHost := regexp.MustCompile(`^.*\.batman\.best\.superhero\.io$`)

	// Create our validator that will check the host on each rule of the received ingress to
	// allow or disallow the ingress.
	ivh := validating.ValidatorFunc(func(_ context.Context, obj metav1.Object) (bool, validating.ValidatorResult, error) {
		ingress, ok := obj.(*extensionsv1beta1.Ingress)

		if !ok {
			return false, validating.ValidatorResult{}, fmt.Errorf("not an ingress")
		}

		for _, r := range ingress.Spec.Rules {
			if !validHost.MatchString(r.Host) {
				res := validating.ValidatorResult{
					Valid:   false,
					Message: fmt.Sprintf("%s ingress host doesn't match %s regex", r.Host, validHost),
				}
				return false, res, nil
			}
		}

		res := validating.ValidatorResult{
			Valid:   true,
			Message: "all hosts in the ingress are valid",
		}
		return false, res, nil
	})

	// Create webhook (usage of webhook not in this example).
	cfg := validating.WebhookConfig{
		Name: "example",
		Obj:  &extensionsv1beta1.Ingress{},
	}
	_, _ = validating.NewWebhook(cfg, ivh, nil, nil, nil)
}

Output:
Example (TracedValidatingWebhook)

TracedValidatingWebhook shows how you would create a validating webhook that can be traced and also traces the webhook validators with Opentracing. 

package main

import (
	"context"

	opentracing "github.com/opentracing/opentracing-go"
	corev1 "k8s.io/api/core/v1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	"github.com/slok/kubewebhook/pkg/webhook/validating"
)

func main() {
	// Fake the tracer with a noop tracer (this should be the
	// Opentracing tracer implementation).
	tracer := &opentracing.NoopTracer{}

	fakeVal := validating.ValidatorFunc(func(_ context.Context, obj metav1.Object) (bool, validating.ValidatorResult, error) {
		return false, validating.ValidatorResult{}, nil
	})

	// This is optional, if you don't wrap the validator with a tracing validator
	// the trace generated by the webhook will not trace the internal chain of
	// validators, in this case the chain is only this validator.
	tracedFakeVal := validating.TraceValidator(tracer, "fakeValidator", fakeVal)

	// Create webhook (usage of webhook not in this example).
	cfg := validating.WebhookConfig{
		Name: "podWebhook",
		Obj:  &corev1.Pod{},
	}

	// Passing a valid tracer  will trace all the reviews handled by the webhook.
	_, _ = validating.NewWebhook(cfg, tracedFakeVal, tracer, nil, nil)
}

Output:

func TraceValidator added in v0.2.0 

func TraceValidator(tracer opentracing.Tracer, validatorName string, m Validator) Validator

TraceValidator will wrap the validator and trace the received validator. for example this helper can be used to trace each of the validators and get what parts of the validating chain is the bottleneck.

type ValidatorFunc 

type ValidatorFunc func(context.Context, metav1.Object) (stop bool, valid ValidatorResult, err error)

ValidatorFunc is a helper type to create validators from functions.

func (ValidatorFunc) Validate 

func (f ValidatorFunc) Validate(ctx context.Context, obj metav1.Object) (stop bool, valid ValidatorResult, err error)

Validate satisfies Validator interface.

type ValidatorResult 

type ValidatorResult struct {
	Valid   bool
	Message string
}

ValidatorResult is the result of a validator.

type WebhookConfig 

type WebhookConfig struct {
	// Name is the name of the webhook.
	Name string
	// Object is the object of the webhook, to use multiple types on the same webhook or
	// type inference, don't set this field (will be `nil`).
	Obj metav1.Object
}

WebhookConfig is the Validating webhook configuration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.