Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KO-384 Refactor out webhook and improve validation #103

Merged
merged 4 commits into from
Jun 4, 2020
Merged

KO-384 Refactor out webhook and improve validation #103

merged 4 commits into from
Jun 4, 2020

Conversation

eldondevat
Copy link
Contributor

@eldondevat eldondevat commented Jun 2, 2020
edited
Loading

This makes the webhook slightly more precise, in that we validate the namespace of the service that is used for the webhook is actually our namespace. I also added documentation on the webhook in the developer documentation folder. New additional validation happens here :

cass-operator/operator/cmd/manager/webhook.go

Line 34 in 81a86a8

if base64.StdEncoding.EncodeToString([]byte(contents)) == bundled {
and here:

cass-operator/operator/cmd/manager/webhook.go

Line 117 in 81a86a8

if found_namespace, _, err = unstructured.NestedString(webhook, "clientConfig", "service", "namespace"); found_namespace == namespace {

@johntrimble
Copy link
Collaborator

@eldondevat Is this PR just moving code to a different file? I'm totally on board with that I just want to make sure I didn't miss something.

eldondevat added 2 commits June 3, 2020 17:10
@eldondevat
Add documentation about the configuration of the validating webhook
fdef27f
@eldondevat
Include System Certs if available
81a86a8 
We should include the certificates in the standard system certificates
location if available. If we have customers who want to generically deploy
a specific internal set of certificates, being able to replace them in the
standard location may be preferable.
@eldondevat eldondevat requested a review from sandoichi as a code owner June 3, 2020 22:08
@eldondevat eldondevat changed the title KO-384 Refactor out webhook KO-384 Refactor out webhook and improve validation Jun 3, 2020
@eldondevat
Copy link
Contributor Author

Sorry @johntrimble I don't think this PR was really very precise before, and the single commit nature of it didn't make that easier, I've added some more detail. Thanks!

jimdickinson
jimdickinson approved these changes Jun 4, 2020
View reviewed changes
Copy link
Collaborator

@jimdickinson jimdickinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

johntrimble
johntrimble approved these changes Jun 4, 2020
View reviewed changes
Copy link
Collaborator

@johntrimble johntrimble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@eldondevat @jimdickinson
Fix spelling
bac58b4 
Co-authored-by: Jim Dickinson <[email protected]>
@eldondevat eldondevat merged commit 6656d1a into master Jun 4, 2020
@eldondevat eldondevat deleted the ko-384-more-precise-webhook-updating branch June 4, 2020 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johntrimble johntrimble johntrimble approved these changes

@jimdickinson jimdickinson jimdickinson approved these changes

@bradfordcp bradfordcp Awaiting requested review from bradfordcp bradfordcp is a code owner

@respringer respringer Awaiting requested review from respringer respringer is a code owner

@sandoichi sandoichi Awaiting requested review from sandoichi sandoichi is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eldondevat @johntrimble @jimdickinson