New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow multiple webhooks to be used #882
Conversation
95992fc
to
14bd93c
Compare
a13e671
to
788ce4e
Compare
Codecov Report
@@ Coverage Diff @@
## master #882 +/- ##
==========================================
+ Coverage 43.46% 43.71% +0.25%
==========================================
Files 47 48 +1
Lines 3173 3175 +2
==========================================
+ Hits 1379 1388 +9
+ Misses 1598 1595 -3
+ Partials 196 192 -4
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
788ce4e
to
2b667a0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1 note, 1 nit :)
87233fc
to
3674cb7
Compare
On Wed, Oct 28, 2020 at 10:33 PM Sertaç Özercan ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In
vendor/github.com/open-policy-agent/cert-controller/pkg/rotator/rotator.go
<#882 (comment)>
:
> @@ -45,18 +45,42 @@ const (
var crLog = logf.Log.WithName("cert-rotation")
-var vwhGVK = schema.GroupVersionKind{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingWebhookConfiguration"}
is there a corresponding cert-controller pr for this? how do we align
this?
open-policy-agent/cert-controller#11
An update to go.mod is part of the PR
… —
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#882 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD3ZIKCGDOJBHIGX27EUUUDSNCE3PANCNFSM4SMP5FHA>
.
|
10a9dc4
to
e1d240e
Compare
pkg/webhook/policy.go
Outdated
@@ -243,33 +210,25 @@ func (h *validationHandler) getDenyMessages(res []*rtypes.Result, req admission. | |||
logging.Process, "admission", | |||
logging.EventType, "violation", | |||
logging.ConstraintName, r.Constraint.GetName(), | |||
logging.ConstraintGroup, r.Constraint.GroupVersionKind().Group, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we removing group/version from the log lines and events?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My bad (late night commits should be forbidden)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LOL no worries, thought I missed something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like group/version are still missing?
0000426
to
572dd3b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1 comment about group/version
pkg/webhook/policy.go
Outdated
@@ -243,33 +210,25 @@ func (h *validationHandler) getDenyMessages(res []*rtypes.Result, req admission. | |||
logging.Process, "admission", | |||
logging.EventType, "violation", | |||
logging.ConstraintName, r.Constraint.GetName(), | |||
logging.ConstraintGroup, r.Constraint.GroupVersionKind().Group, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like group/version are still missing?
cb67b23
to
d7bf67f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like all of my comments have been addressed. Is there any other outstanding work here?
No, all done in this one. |
PR looks great! Please resolve conflicts in go.mod. |
The PR prepares gatekeeper to be able to create multiple webhooks. Common webhook code was extracted to a separate file, and an update to cert rotator is used that allows to update multiple webhooks. Tested: Gatekeeper with the changes was run. An incoming resource was successfuly denied request due to gatekeeper policy. Signed-off-by: mmirecki <mmirecki@redhat.com>
d7bf67f
to
8886edb
Compare
Done |
The PR prepares gatekeeper to be able to create multiple webhooks. Common webhook code was extracted to a separate file, and an update to cert rotator is used that allows to update multiple webhooks. Tested: Gatekeeper with the changes was run. An incoming resource was successfuly denied request due to gatekeeper policy. Signed-off-by: mmirecki <mmirecki@redhat.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Signed-off-by: juliankatz <juliankatz@google.com>
The PR prepares gatekeeper to be able to create multiple webhooks. Common webhook code was extracted to a separate file, and an update to cert rotator is used that allows to update multiple webhooks. Tested: Gatekeeper with the changes was run. An incoming resource was successfuly denied request due to gatekeeper policy. Signed-off-by: mmirecki <mmirecki@redhat.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
The PR prepares gatekeeper to be able to create multiple webhooks. Common webhook code was extracted to a separate file, and an update to cert rotator is used that allows to update multiple webhooks. Tested: Gatekeeper with the changes was run. An incoming resource was successfuly denied request due to gatekeeper policy. Signed-off-by: mmirecki <mmirecki@redhat.com> Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
#982) * Allow multiple webhooks to be created (#882) The PR prepares gatekeeper to be able to create multiple webhooks. Common webhook code was extracted to a separate file, and an update to cert rotator is used that allows to update multiple webhooks. Tested: Gatekeeper with the changes was run. An incoming resource was successfuly denied request due to gatekeeper policy. Signed-off-by: mmirecki <mmirecki@redhat.com> Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> * Scope secrets cache to single namespace (#972) Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: #831 Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Max Smythe <smythe@google.com> * Fix e2e test flakiness (#964) * Fix e2e test flakiness Signed-off-by: Max Smythe <smythe@google.com> Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Marcin Mirecki <mmirecki@redhat.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
The PR prepares gatekeeper to be able to create multiple
webhooks. Common webhook code was extracted to a separate
file, and an update to cert rotator is used that allows
to update multiple webhooks.
Tested:
Gatekeeper with the changes was run. An incoming resource
was successfuly denied request due to gatekeeper policy.
An example of adding a new webhook with these changes can be seen in PR 881. This PR adds a mutating webhook .