add acr webhook

Signed-off-by: Somtochi Onyekwere <[email protected]>
fluxcd · Mar 5, 2021 · 4a68a61 · 4a68a61
1 parent fcbadf3
commit 4a68a61
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 1 deletion.
diff --git a/api/v1beta1/receiver_types.go b/api/v1beta1/receiver_types.go
@@ -26,7 +26,7 @@ import (
 type ReceiverSpec struct {
 	// Type of webhook sender, used to determine
 	// the validation procedure and payload deserialization.
-	// +kubebuilder:validation:Enum=generic;generic-hmac;github;gitlab;bitbucket;harbor;dockerhub;quay;gcr;nexus
+	// +kubebuilder:validation:Enum=generic;generic-hmac;github;gitlab;bitbucket;harbor;dockerhub;quay;gcr;nexus;acr
 	// +required
 	Type string `json:"type"`
 
@@ -73,6 +73,7 @@ const (
 	GCRReceiver         string = "gcr"
 	NexusReceiver       string = "nexus"
 	ReceiverKind        string = "Receiver"
+	ACRReceiver         string = "acr"
 )
 
 func ReceiverReady(receiver Receiver, reason, message, url string) Receiver {

diff --git a/config/crd/bases/notification.toolkit.fluxcd.io_receivers.yaml b/config/crd/bases/notification.toolkit.fluxcd.io_receivers.yaml
@@ -116,6 +116,7 @@ spec:
                 - quay
                 - gcr
                 - nexus
+                - acr
                 type: string
             required:
             - resources

diff --git a/docs/spec/v1beta1/receiver.md b/docs/spec/v1beta1/receiver.md
@@ -48,6 +48,7 @@ const (
 	QuayReceiver        string = "quay"
 	GCRReceiver         string = "gcr"
 	NexusReceiver       string = "nexus"
+	ACRReceiver         string = "acr"
 )
 ```
 
@@ -340,3 +341,23 @@ Note that the controller decodes the JWT from the authorization
 header of the push request and verifies it against the GCP API.
 For more information, take a look at this
 [documentation](https://cloud.google.com/pubsub/docs/push?&_ga=2.123897930.-1945316571.1602156486#authentication_and_authorization).
+
+### ACR receiver
+
+```yaml
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Receiver
+metadata:
+  name: acr-receiver
+  namespace: default
+spec:
+  type: acr
+  secretRef:
+    name: webhook-token
+  resources:
+    - kind: ImageRepository
+      name: webapp
+```
+
+Note that the controller doesn't verify the authenticity of the request as Azure doesn't provide any mechanism for verification. 
+You can take a look at the [Azure Container webhook reference](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-webhook-reference).
diff --git a/internal/server/receiver_handlers.go b/internal/server/receiver_handlers.go
@@ -313,6 +313,26 @@ func (s *ReceiverServer) validate(ctx context.Context, receiver v1beta1.Receiver
 			fmt.Sprintf("handling event from %s", p.RepositoryName),
 			"receiver", receiver.Name)
 		return nil
+	case v1beta1.ACRReceiver:
+		type target struct {
+			Repository string `json:"repository"`
+			Tag        string `json:"tag"`
+		}
+
+		type payload struct {
+			Action string `json:"action"`
+			Target target `json:"target"`
+		}
+
+		var p payload
+		if err := json.NewDecoder(r.Body).Decode(&p); err != nil {
+			return fmt.Errorf("cannot decode ACR webhook payload: %s", err)
+		}
+
+		s.logger.Info(
+			fmt.Sprintf("handling event from %s for tag %s", p.Target.Repository, p.Target.Tag),
+			"receiver", receiver.Name)
+		return nil
 	}
 
 	return fmt.Errorf("recevier type '%s' not supported", receiver.Spec.Type)