-
Notifications
You must be signed in to change notification settings - Fork 0
/
webhook.go
78 lines (68 loc) · 2.51 KB
/
webhook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package webhook
import (
"crypto/hmac"
"errors"
"net/http"
"strings"
kapi "k8s.io/kubernetes/pkg/api"
buildapi "github.com/openshift/origin/pkg/build/api"
)
const (
refPrefix = "refs/heads/"
DefaultConfigRef = "master"
)
var (
ErrSecretMismatch = errors.New("the provided secret does not match")
ErrHookNotEnabled = errors.New("the specified hook is not enabled")
)
// Plugin for Webhook verification is dependent on the sending side, it can be
// eg. github, bitbucket or else, so there must be a separate Plugin
// instance for each webhook provider.
type Plugin interface {
// Method extracts build information and returns:
// - newly created build object or nil if default is to be created
// - information whether to trigger the build itself
// - eventual error.
Extract(buildCfg *buildapi.BuildConfig, secret, path string, req *http.Request) (*buildapi.SourceRevision, []kapi.EnvVar, bool, error)
}
// GitRefMatches determines if the ref from a webhook event matches a build
// configuration
func GitRefMatches(eventRef, configRef string, buildSource *buildapi.BuildSource) bool {
if buildSource.Git != nil && len(buildSource.Git.Ref) != 0 {
configRef = buildSource.Git.Ref
}
eventRef = strings.TrimPrefix(eventRef, refPrefix)
configRef = strings.TrimPrefix(configRef, refPrefix)
return configRef == eventRef
}
// FindTriggerPolicy retrieves the BuildTrigger of a given type from a build
// configuration
func FindTriggerPolicy(triggerType buildapi.BuildTriggerType, config *buildapi.BuildConfig) (buildTriggers []buildapi.BuildTriggerPolicy, err error) {
err = ErrHookNotEnabled
for _, specTrigger := range config.Spec.Triggers {
if specTrigger.Type == triggerType {
buildTriggers = append(buildTriggers, specTrigger)
err = nil
}
}
return buildTriggers, err
}
// ValidateWebHookSecret validates the provided secret against all currently
// defined webhook secrets and if it is valid, returns its information.
func ValidateWebHookSecret(webHookTriggers []buildapi.BuildTriggerPolicy, secret string) (*buildapi.WebHookTrigger, error) {
for _, trigger := range webHookTriggers {
if trigger.Type == buildapi.GenericWebHookBuildTriggerType {
if !hmac.Equal([]byte(trigger.GenericWebHook.Secret), []byte(secret)) {
continue
}
return trigger.GenericWebHook, nil
}
if trigger.Type == buildapi.GitHubWebHookBuildTriggerType {
if !hmac.Equal([]byte(trigger.GitHubWebHook.Secret), []byte(secret)) {
continue
}
return trigger.GitHubWebHook, nil
}
}
return nil, ErrSecretMismatch
}