Commit Graph

25 Commits

Author SHA1 Message Date
Madhav Jivrajani 7c924dc3c8 webhook: alter regex to account for x509sha1 GODEBUG removal
go1.24 removes the x509sha1 GODEBUG variable, and with it the
support for SHA-1 signed certs. This commit alters the regex
in unit tests to account for that and prep for go1.24.

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>

Kubernetes-commit: cff0f4009f17c84141553c143872d47756209f4d
2024-12-30 13:39:17 -08:00
Stephen Kitt 7fb4ad7511 api-machinery: stop using deprecated io/ioutil
This replaces deprecated ioutil functions as follows:

* ioutil.ReadAll -> io.ReadAll
* ioutil.ReadFile -> os.ReadFile
* ioutil.TempDir -> os.MkdirTemp
* ioutil.TempFile -> os.CreateTemp
* ioutil.WriteFile -> os.WriteFile

Signed-off-by: Stephen Kitt <skitt@redhat.com>

Kubernetes-commit: b60a3a58df2791ae67764f6325be31aea5eca5a0
2023-05-02 15:08:18 +02:00
HirazawaUi 709ca925ae fix fd leaks and failed file removing for pkg controller-manager and apiserver
Kubernetes-commit: 982d2966cd33d79026a5d111dcb8bfeae62e657f
2023-05-03 01:36:00 +08:00
HirazawaUi 43131be536 update webhook test to go 1.21
Kubernetes-commit: b6364dddfe65d0aa1f34e8fb36a8111212efd47c
2023-05-21 21:32:45 +08:00
Jordan Liggitt 5f8feb467c Tolerate additional error messages in TLS unit tests
Kubernetes-commit: cff4eeef9f1880b42b8c3d3b8f3a27a89540dbe0
2022-03-29 08:57:31 -04:00
Stanislav Laznicka cd3019f777 webhooks, aggregation: add metrics to count certs with SHA1 signatures
Extends the certificate attribute deprecation RoundTrippers wrapper with
a checker that counts certificates with sha-1 signatures in server responses.

Non-root non-self-signed SHA-1 certificate signatures were deprecated in
Golang 1.18.

Kubernetes-commit: 499ee65a9b0cd45d41716b513fae0d537f7f9c88
2022-03-24 01:08:02 -04:00
Monis Khan 2d35015235 webhook: use rest.Config instead of kubeconfig file as input
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file.  This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format.  This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: fef7d0ef1e1fbff65e8d445256036704bb9dbcbd
2021-07-23 11:15:47 -04:00
Jordan Liggitt bbc4211158 Update unit tests to handle go1.17 certificate parsing error messages
Kubernetes-commit: 0e925f266f78d72ed05a5a2fe48faa5e2a87d107
2021-08-17 11:24:03 -04:00
Monis Khan 5289a15a1a client-go transport: assert that final CA data is valid
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 440ea3ef49e0ac77353ceeaebc2aad6c995d5b35
2021-05-03 10:11:54 -04:00
Stanislav Laznicka 7eb7056b38 webhooks,aggregation: add metrics to count certs missing SAN
Adds counters to generic webhook code and to the kube aggregator
so that it is possible to effectively measure the impact of
Golang 1.15's deprecation of x509 cert CN hostname
verification.

Kubernetes-commit: 9d6a19efff05a40081337a2fcb3dce6331b04022
2020-10-06 13:02:52 +02:00
Abu Kashem 3ba02b7f93 handle webhook authenticator and authorizer error
webhook.WithExponentialBackoff returns an error, and the priority is:
- A: if the last invocation of the webhook function returned an error
  that error should be returned, otherwise
- B: the error associated with the context if it has been canceled or
  it has expired, or the ErrWaitTimeout returned by the wait package
  once all retries have been exhausted.

caller should check the error returned by webhook.WithExponentialBackoff
to handle both A and B. Currently, we only handle A.

Kubernetes-commit: ae2b353fbf519b29d168c534f88c373fd67a1c31
2021-01-07 16:14:18 -05:00
Ken Sipe 0da065589a fix S1023 redundant return statement
Signed-off-by: Ken Sipe <kensipe@gmail.com>

Kubernetes-commit: 1d795002919675b8cf3bf462b6543fef843b5b54
2020-06-25 17:29:42 -05:00
Abu Kashem 5254108841 make backoff parameters configurable for webhook
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.

Kubernetes-commit: 53a1307f68ccf6c9ffd252eeea2b333e818c1103
2020-10-30 11:25:32 -04:00
Abu Kashem 67f1bb6022 Webhook: handle error when calling wait.ExponentialBackoff
- Inside WithExponentialBackoff function, handle error returned
by wait.ExponentialBackoff.
- Ensure that the wait time is bound to the given context.

Kubernetes-commit: f8e35de156f212b6989b465e608dd99b525bd5dc
2020-10-26 11:37:11 -04:00
Jefftree aa55f94611 authentication webhook via network proxy
Kubernetes-commit: d318e52ffe0ba156a96cb5507026de6827d543ca
2019-12-03 15:20:49 -08:00
Mike Danese 5737088b7f refactor
Kubernetes-commit: d55d6175f8e2cfdab0b79aac72046a652c2eb515
2020-01-27 18:19:44 -08:00
Jordan Liggitt 0ca78287c0 Propagate context to ExponentialBackoff
Kubernetes-commit: 4c686ddc1c5f9bc5c28d711dd56551b1ac003faa
2019-09-24 09:43:04 -04:00
Christoph Blecker 92e87e143a Update gofmt for go1.11
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
2018-10-05 12:59:38 -07:00
David Eads c41d1d0993 simplify api registration
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
2018-05-07 08:32:20 -04:00
David Eads bf8532c54e remove KUBE_API_VERSIONS
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
2018-04-25 16:07:15 -04:00
halfcrazy 6f8c3a80da fix typo in package apiserver
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
2018-02-01 03:04:33 +08:00
Di Xu acf3570864 forbid unnamed context
Kubernetes-commit: 792a2299362ebadc9ca68c72347884330db23b2a
2017-12-04 14:39:05 +08:00
Eric Chiang 1f5bdb8525 generic webhook: set a default timeout for webhook requests
Add a 30 second timeout for all HTTP requests that the webhook sends
so they timeout instead of hanging forever.

Kubernetes-commit: 2de3ee5c48503d3b3214aef55ae7fd0dacc40457
2017-10-11 17:44:29 -07:00
Chao Xu e84e32eaa5 remove references to client-go/pkg/api
Kubernetes-commit: d978f22e04519f6eecfde839110c398dc28d4e8e
2017-05-03 20:36:26 +00:00
Jeremy Whitlock 02115850aa apiserver: add pkg/util/webhook tests
This commit adds tests for pkg/util/webhooks.  The purpose of this was
not only for better code coverage but also to alleviate the need for
consumers to write their own tests for core functionality.

Kubernetes-commit: d15dba7e8bff943d91ba6f58fcb0dfefa357a7f1
2017-04-26 20:36:15 +00:00