admissionwebhook

package
v1.19.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 10, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrAPIKeyMissing indicates that API key is missing in webhook request
	ErrAPIKeyMissing = fmt.Errorf("apiKey is missing in validating admission webhook url")

	// ErrAPIKeyEnvNotSet indicates K8S_WEBHOOK_API_KEY is not set in terrascan server env
	ErrAPIKeyEnvNotSet = fmt.Errorf("variable K8S_WEBHOOK_API_KEY not set in terrascan server environment")

	// ErrUnauthorized means user is not authorized to make this call
	ErrUnauthorized = fmt.Errorf("invalid API key in validating admission webhook url")

	// ErrEmptyAdmissionReview empty admission review request
	ErrEmptyAdmissionReview = fmt.Errorf("empty admission review request")
)

Functions

This section is empty.

Types

type AdmissionWebhook

type AdmissionWebhook interface {

	// Authorize checks if the incoming webhooks have valid apiKey
	Authorize(apiKey string) error

	// DecodeAdmissionReviewRequest reads the incoming admission request body
	// and decodes it into an AdmissionReviewRequest struct
	DecodeAdmissionReviewRequest(payload []byte) (admissionv1.AdmissionReview, error)

	// ProcessWebhook processes the incoming AdmissionReview and creates
	// a AdmissionResponse
	ProcessWebhook(review admissionv1.AdmissionReview, serverURL string) (*admissionv1.AdmissionReview, error)
}

AdmissionWebhook interface needs to be implemented by all k8s admission webhooks i.e validating and mutating webhooks

func NewValidatingWebhook

func NewValidatingWebhook(body []byte, notificationWebhookURL, notificationWebhookToken, repoURL, repoRef string) AdmissionWebhook

NewValidatingWebhook returns a new, empty ValidatingWebhook struct

type ValidatingWebhook

type ValidatingWebhook struct {
	// contains filtered or unexported fields
}

ValidatingWebhook handles the incoming validating admission webhook from the kubernetes API server and decides whether the admission request from the kubernetes client should be allowed or not

func (ValidatingWebhook) Authorize

func (w ValidatingWebhook) Authorize(apiKey string) error

Authorize checks if the incoming webhooks have valid apiKey

func (ValidatingWebhook) DecodeAdmissionReviewRequest

func (w ValidatingWebhook) DecodeAdmissionReviewRequest(requestBody []byte) (admissionv1.AdmissionReview, error)

DecodeAdmissionReviewRequest reads the incoming admission request body, decodes it and returns an AdmissionReviewRequest struct

func (ValidatingWebhook) ProcessWebhook

func (w ValidatingWebhook) ProcessWebhook(review admissionv1.AdmissionReview, serverURL string) (*admissionv1.AdmissionReview, error)

ProcessWebhook processes the incoming AdmissionReview and creates a response

type WebhookDenyRuleMatcher

type WebhookDenyRuleMatcher struct {
}

WebhookDenyRuleMatcher helps in matching violated rules with k8s denied admission control rules

func (*WebhookDenyRuleMatcher) Match

func (g *WebhookDenyRuleMatcher) Match(violation results.Violation, denyRules config.K8sAdmissionControl) bool

Match should check if one of the violations found is relevant for the specified K8s deny rules

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL