Documentation ¶
Index ¶
- Constants
- func MakeTLSServer(config *ServerConfig, handler http.Handler) (*http.Server, error)
- type KongHTTPValidator
- func (validator KongHTTPValidator) ValidateConsumer(ctx context.Context, consumer configurationv1.KongConsumer) (bool, string, error)
- func (validator KongHTTPValidator) ValidateCredential(secret corev1.Secret) (bool, string, error)
- func (validator KongHTTPValidator) ValidatePlugin(ctx context.Context, k8sPlugin configurationv1.KongPlugin) (bool, string, error)
- type KongValidator
- type RequestHandler
- type ServerConfig
Constants ¶
const ( ErrTextConsumerUsernameEmpty = "username cannot be empty" ErrTextConsumerUnretrievable = "failed to fetch consumer from kong" ErrTextConsumerExists = "consumer already exists" ErrTextPluginNameEmpty = "plugin name cannot be empty" ErrTextPluginConfigInvalid = "could not parse plugin configuration" ErrTextPluginUsesBothConfigTypes = "plugin cannot use both Config and ConfigFrom" ErrTextPluginConfigViolatesSchema = "plugin failed schema validation" ErrTextPluginSecretConfigUnretrievable = "could not load secret plugin configuration" )
const DefaultAdmissionWebhookCertPath = "/admission-webhook/tls.crt"
const DefaultAdmissionWebhookKeyPath = "/admission-webhook/tls.key"
Variables ¶
This section is empty.
Functions ¶
func MakeTLSServer ¶
Types ¶
type KongHTTPValidator ¶
type KongHTTPValidator struct { ConsumerSvc kong.AbstractConsumerService PluginSvc kong.AbstractPluginService Logger logrus.FieldLogger SecretGetter kongstate.SecretGetter }
KongHTTPValidator implements KongValidator interface to validate Kong entities using the Admin API of Kong.
func (KongHTTPValidator) ValidateConsumer ¶
func (validator KongHTTPValidator) ValidateConsumer(ctx context.Context, consumer configurationv1.KongConsumer) (bool, string, error)
ValidateConsumer checks if consumer has a Username and a consumer with the same username doesn't exist in Kong. If an error occurs during validation, it is returned as the last argument. The first boolean communicates if the consumer is valid or not and string holds a message if the entity is not valid.
func (KongHTTPValidator) ValidateCredential ¶
ValidateCredential checks if the secret contains a credential meant to be installed in Kong. If so, then it verifies if all the required fields are present in it or not. If valid, it returns true with an empty string, else it returns false with the error messsage. If an error happens during validation, error is returned.
func (KongHTTPValidator) ValidatePlugin ¶
func (validator KongHTTPValidator) ValidatePlugin(ctx context.Context, k8sPlugin configurationv1.KongPlugin) (bool, string, error)
ValidatePlugin checks if k8sPlugin is valid. It does so by performing an HTTP request to Kong's Admin API entity validation endpoints. If an error occurs during validation, it is returned as the last argument. The first boolean communicates if k8sPluign is valid or not and string holds a message if the entity is not valid.
type KongValidator ¶
type KongValidator interface { ValidateConsumer(ctx context.Context, consumer configurationv1.KongConsumer) (bool, string, error) ValidatePlugin(ctx context.Context, plugin configurationv1.KongPlugin) (bool, string, error) ValidateCredential(secret corev1.Secret) (bool, string, error) }
KongValidator validates Kong entities.
type RequestHandler ¶
type RequestHandler struct { // Validator validates the entities that the k8s API-server asks // it the server to validate. Validator KongValidator Logger logrus.FieldLogger }
RequestHandler is an HTTP server that can validate Kong Ingress Controllers' Custom Resources using Kubernetes Admission Webhooks.
func (RequestHandler) ServeHTTP ¶
func (a RequestHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP parses AdmissionReview requests and responds back with the validation result of the entity.