From 4887764947b01d5603c9482b581a08115e66c0ee Mon Sep 17 00:00:00 2001 From: stefanprodan Date: Fri, 3 Jul 2020 16:10:57 +0300 Subject: [PATCH] Move Receiver API to notification controller --- docs/spec/v1alpha1/README.md | 3 +- docs/spec/v1alpha1/receivers.md | 62 --------------------------------- 2 files changed, 2 insertions(+), 63 deletions(-) delete mode 100644 docs/spec/v1alpha1/receivers.md diff --git a/docs/spec/v1alpha1/README.md b/docs/spec/v1alpha1/README.md index cfcfca43..30ab6e44 100644 --- a/docs/spec/v1alpha1/README.md +++ b/docs/spec/v1alpha1/README.md @@ -16,4 +16,5 @@ This is the v1alpha1 API specification for defining the desired state sources of ## Consumers -* [kustomize-controller](https://github.com/fluxcd/kustomize-controller/) \ No newline at end of file +* [kustomize-controller](https://github.com/fluxcd/kustomize-controller/) +* [helm-controller](https://github.com/fluxcd/helm-controller/) diff --git a/docs/spec/v1alpha1/receivers.md b/docs/spec/v1alpha1/receivers.md deleted file mode 100644 index 0517fefe..00000000 --- a/docs/spec/v1alpha1/receivers.md +++ /dev/null @@ -1,62 +0,0 @@ -# Receivers - -The `Receiver` API defines a webhook receiver that triggers -a synchronization for a group of sources. - -## Specification - -```go -type ReceiverSpec struct { - // Type of webhook sender, used to determine - // the validation procedure and payload deserialization. - // +kubebuilder:validation:Enum=github;gitlab - // +required - Type string `json:"type"` - - // A list of sources to be notified about changes. - // +required - Sources []corev1.TypedLocalObjectReference `json:"sources"` -} -``` - -Webhook sender type: - -```go -const ( - GitHubWebhook string = "github" - GitLabWebhook string = "gitlab" -) -``` - -## Status - -```go -type ReceiverStatus struct { - // Generated webhook URL in the format - // of '/hook/sha256sum(token)'. - // +required - URL string `json:"url"` - - // Generate token used to validate the payload authenticity. - // +required - Token string `json:"token"` -} -``` - -## Implementation - -The source controller handles the webhook requests on a dedicated port. This port can be used to create -a Kubernetes LoadBalancer Service or Ingress to expose the receiver endpoint outside the cluster. - -When a `Receiver` is created, the controller generates a random token and -sets the `Receiver` status token and URL in the format `/hook/sha256sum(token)`. -The `ReceiverReconciler` creates an indexer for the SHA265 digest -so that it can be used as a field selector. - -When source controller receives a POST request: -* extract the SHA265 digest from the URL -* loads the `Receiver` using the digest field selector -* extracts the signature from HTTP headers based on `spec.type` -* validates the signature using `status.Token` based on `spec.type` -* extract the event type from the payload -* triggers a synchronization for `spec.sources` if the event type is `push`