Skip to content
This repository has been archived by the owner on Dec 21, 2023. It is now read-only.

feat(webhook-service): Introduce keptn-webhook-config ConfigMap with denyList #7548

Merged
merged 30 commits into from May 2, 2022
Merged

feat(webhook-service): Introduce keptn-webhook-config ConfigMap with denyList #7548

merged 30 commits into from May 2, 2022

Conversation

odubajDT
Copy link
Contributor

@odubajDT odubajDT commented Apr 22, 2022
edited

This PR

  • introduces keptn-webhook-config ConfigMap with list of denied URLs for beta1 configurations
  • refactors existing validation of alpha1 configurations to be easily removable

Related Issues

Fixes #7239

Integration tests

https://github.com/keptn/keptn/actions/runs/2245478709
https://github.com/keptn/keptn/actions/runs/2256117177

@odubajDT odubajDT force-pushed the feat/7239/webhook-permissions branch from 86758a1 to 1dfa136 Compare April 22, 2022 10:32
@codecov
Copy link

codecov bot commented Apr 22, 2022
edited

Codecov Report

Merging #7548 (baa1ded) into master (79ab672) will increase coverage by 0.07%.
The diff coverage is 89.70%.

@@            Coverage Diff             @@
##           master    #7548      +/-   ##
==========================================
+ Coverage   59.59%   59.66%   +0.07%     
==========================================
  Files         553      556       +3     
  Lines       31600    31686      +86     
  Branches     1601     1601              
==========================================
+ Hits        18831    18905      +74     
- Misses      11463    11474      +11     
- Partials     1306     1307       +1
Impacted Files Coverage Δ
webhook-service/lib/curl_executor.go 92.90% <ø> (-4.56%) ⬇️
webhook-service/lib/ip_resolver.go 76.19% <76.19%> (ø)
webhook-service/handler/handler.go 87.69% <83.33%> (+0.80%) ⬆️
webhook-service/lib/denylist_provider.go 85.29% <85.29%> (ø)
webhook-service/lib/common.go 100.00% <100.00%> (ø)
webhook-service/lib/request_validator.go 100.00% <100.00%> (ø)
resource-service/pkg/nats/subscriber/sub.go 65.11% <0.00%> (+9.30%) ⬆️
Flag Coverage Δ
webhook-service 83.97% <89.70%> (-0.38%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@odubajDT odubajDT force-pushed the feat/7239/webhook-permissions branch 2 times, most recently from 52c9260 to 5c94df2 Compare April 25, 2022 11:28
@odubajDT odubajDT added CI:trigger-build-everything Trigger CI Build: Set BUILD_EVERYTHING=TRUE and removed CI:trigger-build-everything Trigger CI Build: Set BUILD_EVERYTHING=TRUE labels Apr 25, 2022
@odubajDT odubajDT force-pushed the feat/7239/webhook-permissions branch 2 times, most recently from ffbe4f7 to a986306 Compare April 29, 2022 08:05
@odubajDT odubajDT marked this pull request as ready for review April 29, 2022 08:07
@odubajDT odubajDT requested a review from a team as a code owner April 29, 2022 08:07
bacherfl
bacherfl reviewed Apr 29, 2022
View reviewed changes
webhook-service/go.mod Outdated Show resolved Hide resolved
warber
warber reviewed Apr 29, 2022
View reviewed changes
webhook-service/lib/common.go Show resolved Hide resolved
webhook-service/lib/curl_validator.go Outdated Show resolved Hide resolved
webhook-service/lib/curl_validator.go Outdated Show resolved Hide resolved
webhook-service/lib/denylist_provider.go Outdated Show resolved Hide resolved
webhook-service/lib/denylist_provider.go Outdated Show resolved Hide resolved
webhook-service/lib/ip_resolver.go Outdated Show resolved Hide resolved
webhook-service/lib/ip_resolver.go Outdated Show resolved Hide resolved
@odubajDT odubajDT force-pushed the feat/7239/webhook-permissions branch from 0d5f517 to 982068e Compare April 29, 2022 12:07
bacherfl
bacherfl previously approved these changes Apr 29, 2022
View reviewed changes
Copy link
Member

@bacherfl bacherfl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm,, but let's also wait for Bernd's review and the integration tests

@odubajDT odubajDT requested a review from warber April 29, 2022 12:18
warber
warber reviewed May 1, 2022
View reviewed changes
webhook-service/lib/ip_resolver.go Outdated Show resolved Hide resolved
webhook-service/lib/denylist_provider.go Outdated Show resolved Hide resolved
webhook-service/lib/ip_resolver.go Outdated Show resolved Hide resolved
webhook-service/lib/common.go Show resolved Hide resolved
webhook-service/lib/ip_resolver.go Outdated Show resolved Hide resolved
webhook-service/lib/request_validator.go Outdated Show resolved Hide resolved
@odubajDT
feat(webhook-service): Introduce keptn-webhook-config ConfigMap with …
a81c5f7 
…denyList

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
polish implementation
6573e16 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
use kubeutils from go-utils
fc39e9c 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
polishing
117db9c 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
refactoring
07ed28e 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
introduce validator and mocking
81d3546 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
unit tests
1f5b889 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
odubajDT added 20 commits May 1, 2022 18:14
@odubajDT
minor fix
b905dab 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
return fix
e57d4a3 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
refactoring
11c28a9 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
polish
4c2b1db 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
complete refactoring
4cff1c1 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
fix
8cbf93f 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
introduce ip_resolver mock
260c231 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
small polishing
1b458cb 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
minor fix
24ce99c 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
adapt helm-charts
617b2c1 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
unit tests for denylistprovider
84879dd 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
minor fix
91e61c3 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
pr review
e8f932b 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
renaming curl validator
9d5e3d6 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
rename ipresolver
bea1574 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
renaming
d1f67d8 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
refactoring
a148093 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
go mod tidy
69165a8 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
added validatinfail test
0226a4d 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT
pr review
e20366c 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT odubajDT force-pushed the feat/7239/webhook-permissions branch from 982068e to e20366c Compare May 1, 2022 16:15
warber
warber reviewed May 2, 2022
View reviewed changes
webhook-service/lib/ip_resolver.go Outdated Show resolved Hide resolved
webhook-service/lib/ip_resolver.go Outdated Show resolved Hide resolved
webhook-service/lib/denylist_provider.go Outdated Show resolved Hide resolved
webhook-service/lib/denylist_provider.go Outdated Show resolved Hide resolved
webhook-service/lib/ip_resolver_test.go Show resolved Hide resolved
@odubajDT
final pr review
baa1ded 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@odubajDT odubajDT removed the CI:trigger-build-everything Trigger CI Build: Set BUILD_EVERYTHING=TRUE label May 2, 2022
@sonarcloud
Copy link

sonarcloud bot commented May 2, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@odubajDT odubajDT merged commit b392dc0 into master May 2, 2022
@mowies mowies deleted the feat/7239/webhook-permissions branch May 4, 2022 06:01
bacherfl pushed a commit that referenced this pull request May 6, 2022
@odubajDT @bacherfl
feat(webhook-service): Introduce keptn-webhook-config ConfigMap with …
1886da5 
…denyList (#7548)

* feat(webhook-service): Introduce keptn-webhook-config ConfigMap with denyList

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* polish implementation

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* use kubeutils from go-utils

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* polishing

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* refactoring

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* introduce validator and mocking

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* unit tests

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* polishing

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* fix deploy/service.yaml

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* minor fix

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* return fix

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* refactoring

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* polish

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* complete refactoring

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* fix

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* introduce ip_resolver mock

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* small polishing

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* minor fix

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* adapt helm-charts

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* unit tests for denylistprovider

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* minor fix

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* pr review

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* renaming curl validator

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* rename ipresolver

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* renaming

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* refactoring

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* go mod tidy

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* added validatinfail test

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* pr review

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

* final pr review

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
Signed-off-by: Florian Bacher <florian.bacher@dynatrace.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@warber warber warber approved these changes

@bacherfl bacherfl bacherfl left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Core: webhook-service improve permissions
3 participants
@odubajDT @bacherfl @warber