rancher
/
webhook
mirror of https://github.com/rancher/webhook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
722 Commits 193 Branches 442 Tags 5.4 MiB
Commit Graph

278 Commits

Author SHA1 Message Date
Mary 49c06c746e
removing tls environment var (#1151) 
* removing var

* fixing unused variable - CI failure
 2025-10-30 17:46:37 -03:00
Andreas Kupries 1eb8e54c24
fix: validate the new project state for consistency (#1118) 
chore: additional unit tests
 2025-10-24 10:28:04 +02:00
Jake Hyde 948e9a55a4
Ensure operation is update when validating RKEConfig (#1145) 2025-10-17 14:47:17 -04:00
Peter Matseykanets 92a5c0672b
Fix the check for the password matching username (#1138) 2025-10-14 07:34:55 -04:00
Jake Hyde 99ad1f7b0a
[52223] Validate RKEConfig for provisioning cluster (#1137) 
* Validate RKEConfig for provisioning cluster

* Wait for azure config crd in testing

* go generate
 2025-10-13 14:58:11 -04:00
Raul Cabello Martin 0142fa39cc
fix admin can't deactivate itself (#1129) 
request.UserInfo.Username contains the user.Name not the user.Username

Enabled defaults to true if not initialized
 2025-10-07 17:04:05 +02:00
Apoorva Jagtap 9aaf74a4c0
Remove keyValueArgs dependency and preserve user-defined kube-apiserver-arg (#1096) 2025-10-01 00:13:48 +05:30
Jake Hyde ff31a0075a
Fix crash when rancherd patches local cluster (#1100) (#1105) 
Fix crash when rancherd patches local cluster
 2025-09-19 11:44:30 -04:00
renovate-rancher[bot] 7ac219ffda
Update dependency golangci/golangci-lint to v2 (main) (#841) 
* Update dependency golangci/golangci-lint to v2

* Migrate the golangci config file.

* Fix golangci-lint-flagged problems

Most of them fall in these categories:

* stop ignoring returned errors from function calls

* Apply deMorgan's law to complex negative boolean expressions

* Delete unused local variables and struct fields

* Successfully get the linter to stop complaining about
  uncommented global names

* If one import in a block has an import prefix, all must

* Deal with deprecated code

* Prefer switch-blocks to if/else if/...

* Remove unnecessary intermediate struct fields.

* Orphans are now deleted only via propagation-policy

* Stop checking goimports on generated files.

* Remove unused field comment

---------

Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
Co-authored-by: Eric Promislow <epromislow@suse.com>
 2025-09-18 11:39:45 -07:00
Mary cefc4a0c0f
48484 bug webhook error msg (#1046) 
* new env variable IGNORE_TLS_HANDSHAKE_ERROR

* bump dynamiclistener v0.7.1-rc1
 2025-09-09 16:48:02 -03:00
Jonathan Crowther 863afa796c
Extend the username uniqueness check to updates as well as creates (#1053) 
* Add the check and tests

* Update docs
 2025-09-03 13:00:26 -04:00
Raul Cabello Martin 97b8962de8
validate password for local users (#1015) 
- hash password
- check username does not exists
- user can't delete himself
- user can't deactivate himself
 2025-08-11 18:00:16 +02:00
Jack Luo a25920ab95
[2.13] add validation for etcd s3 cloud credential (#985) 2025-08-08 09:17:38 -07:00
Julia Bier caf743e29b
[main] Label admission-configuration-psact secret to be backed up (#998) 
* Label admission-configuration-psact secret to be backed up

* Include backup label in tests
 2025-08-07 23:21:25 -04:00
Luiz Rosa, ローザ b443bc7703
fix: removing imported cluster warning (#990) 
* fix: removing imported cluster warning

* removing test verification

* nit: adjust of commentaries and tests

* nit: updating comment and moving line

* updated validator comment
 2025-08-07 12:45:13 -03:00
Jonathan Crowther 2bafe7a2f5
Move username validation to happen before manage-users check (#1016) 2025-08-07 10:16:43 -04:00
Jonathan Crowther fb2a59c99c
Add update validation for User.UserName (#943) 
* Add update validation for User.UserName

* Fix unit test
 2025-07-18 09:08:13 -04:00
rancher-pr-and-push-webhook[bot] db9a379df2
[main] Sync webhook dependencies (#973) 
* Sync dependencies

* Rename RKEClusterSpecCommon to ClusterConfiguration

---------

Co-authored-by: rancher-pr-and-push-webhook[bot] <181785884+rancher-pr-and-push-webhook[bot]@users.noreply.github.com>
Co-authored-by: Tom Lebreux <tom.lebreux@suse.com>
 2025-07-16 10:47:51 -04:00
Harrison 326880feb8
Identify and block malformed NO_PROXY values (#962) 2025-07-02 18:52:04 -04:00
Josh Meranda e1e25ee742
[main] register AuditPolicy webhook validation handler (#961) 
* register AuditPolicy webhook validation handler

* satisfy golangci-lint

---------

Co-authored-by: joshmeranda <joshua.meranda@gmail.com>
 2025-07-01 17:47:13 -04:00
Josh Meranda aea1b7c94d
[main] Validate auditlog (#960) 
* add AuditPolicy to codegen

* go generate

* add validation checks and tests

* use external dependencies
 2025-06-30 11:43:20 -04:00
Yiannis Triantafyllopoulos fa2a2df54b
feat: Allow creation of fleetworkspace for existing namespace when annotation is present and set to true. (#932) 2025-06-06 14:56:21 +01:00
Apoorva Jagtap 9a1dc04680
Refactors keyValueArgs handling for improved efficiency (#928) 
This commit decouples parseFromRawArgs from the keyValueArgs receiver.
Simplifies the logic and results in improved performance.
Updates getKubeAPIServerArgs to return errors to the UI.

Follow up to https://github.com/rancher/webhook/pull/913
 2025-05-30 22:14:43 +05:30
Peter Matseykanets 475183c7a9
Don't require certificate if tls is on for ldap/ad authconfigs (#927) 
Ref: https://github.com/rancher/rancher/issues/50470
 2025-05-28 14:22:14 -04:00
Pratik Jagrut 77ff369737
fix: add matchCondition to invoke mutation webhook only for cloud-credential secret (#912) 2025-05-28 08:14:40 -04:00
Apoorva Jagtap 17b26eb37f
Refactors kube-apiserver argument handling to use typed struct instead of map (#913) 
The usage of key-value struct:
- ensures no key duplication, if any last occurrence takes precedence. 
- preserves the sequence of arguments passed in the cluster's machineConfigGlobal.
 2025-05-16 22:32:36 +05:30
Alessio Greggi 5df860b059
feat: updatepsa for project level (#798) 
* feat: updatepsa for project level

Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>
Co-authored-by: Jonathan Crowther <jonathan.crowther@suse.com>
 2025-05-05 17:34:40 +02:00
Andy Pitcher d00b5d8708
Fix create cluster error message (#891) 
*Parent: https://github.com/rancher/rancher/issues/43535
 2025-04-23 11:00:06 -07:00
rancher-pr-and-push-webhook[bot] fcd5f81d6a
[main] Sync webhook dependencies (#887) 
* Sync dependencies

* Remove wrangler v1

---------

Co-authored-by: rancher-pr-and-push-webhook[bot] <181785884+rancher-pr-and-push-webhook[bot]@users.noreply.github.com>
Co-authored-by: Tom Lebreux <tom.lebreux@suse.com>
 2025-04-15 10:21:52 -04:00
Jonathan Crowther f1f630ee63
Make sure to update the project with the generated name (#876) 2025-04-11 09:48:19 -04:00
Jonathan Crowther cdbe1c198c
Use backing namespace for projects (#869) 
* Use backing namespace for projects

* Move to caches in project mutator

* Fix error message

* Switch client names to cache
 2025-04-09 12:38:58 -04:00
Jonathan Crowther 2618ee01f1
Add new User validation webhook (#786) 
* Add new User validation

* Fix linter errors
 2025-03-10 12:01:31 -04:00
Harrison 0853ad1308
Do not validate PC and PDB settings if they have not been customized (#765) 2025-03-05 13:19:39 -05:00
Harrison a2575c439b
bump rancher type updates (#744) 2025-02-28 16:11:29 -05:00
Peter Matseykanets 8bbb28944a
Validate authconfig only if the auth provider is enabled (#738) 
Ref: https://github.com/rancher/rancher/issues/48071
 2025-02-28 09:56:01 -05:00
Peter Matseykanets c61e597ef5
Validate LDAP/AD authconfigs (#682) 
https://github.com/rancher/rancher/issues/48071
 2025-02-24 13:37:28 -05:00
Kevin McDermott 126920f167
Validate userPrincipalName or userName and groupName 
This adds support for the change in Rancher to support the userNamePrincipal in GRBs.
 2025-02-24 08:44:40 +00:00
Dharmit Shah 1d2796d8df
Prevent deletion of namespaces and cluster (#651) 
* Ignore namespace delete operation

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Prevent deletion of `local` and `fleet-local` namespaces

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Prevent deletion of local cluster

It prevents deletion of both clusters.provisioning.cattle.io and
cluster.management.cattle.io resources of the named local.

* Fixes to tests based on CI feedback

---------

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
 2025-02-24 09:52:00 +05:30
Sakala Venkata Krishna Rohit 8cbc415518
Remove golang.org/x/exp (#705) 2025-02-23 10:59:08 -08:00
Alessio Greggi 51421a72f3
feat(setting): add validation for auth-user-session-idle-ttl-minutes (#510) 
* feat(setting): add validation for auth-user-session-idle-ttl-minutes

Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>

* docs: add auth-user-session-idle-ttl-minutes attribute

Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>

---------

Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>
 2025-02-21 13:38:40 -05:00
Harrison a7fb974ea6
cluster agent pdb and pc validation (#702) 2025-02-21 10:06:14 -05:00
Jack Luo a948ce4ffe
Support for Version Management on Imported RKE2/K3s Clusters (#669) 2025-02-18 14:37:30 -07:00
Vatsal Parekh f449e4babc
Update dependencies for k8s 1.32 (#672) 
Signed-off-by: Vatsal Parekh <vatsalparekh@outlook.com>
 2025-02-18 21:13:46 +05:30
Chad Roberts 6d705b861e
Revert "Prevent deletion of `local` cluster (#551)" (#634) 
This reverts commit b786408cca.
 2025-02-06 13:47:49 -05:00
Chad Roberts 1e7bb076f7
[v0.7|main] Make admission rejection message more useful for namespace creation (#572) 
* Make admission rejection message more useful for namespace creation

* Updating test to check for updated admission rejection message
 2025-02-05 07:17:15 -05:00
Vatsal Parekh 0746c33254
[main] Upgrade go version to 1.23 (#583) 
* Upgrade go version to 1.23

Signed-off-by: Vatsal Parekh <vatsalparekh@outlook.com>

* Update golangci-lint to v1.63.4 for Go 1.23 support

* Add codegen fix for Go 1.23 support

---------

Signed-off-by: Vatsal Parekh <vatsalparekh@outlook.com>
Co-authored-by: Tom Lebreux <tom.lebreux@suse.com>
 2025-01-31 01:09:06 +05:30
Jonathan Crowther d255932603
Replace Name with GlobalRoleName (#598) 2025-01-23 08:30:25 -05:00
Dharmit Shah b786408cca
Prevent deletion of `local` cluster (#551) 
* Prevent deletion of `local` cluster

It prevents deletion of both clusters.provisioning.cattle.io and
cluster.management.cattle.io of the name `local`.

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Prevent deletion of `local` and `fleet-local` namespaces

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Parameter type grouping

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

---------

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
 2025-01-15 10:58:54 +05:30
Tom Lebreux 47d3795124
Update year to 2025 (#578) 2025-01-07 17:22:52 -05:00
Chad Roberts dfd30a4901
[main/2.10.2] Add resource request and limit validation when creating a namespace (#550) 
* Add resource request and limit validation when creating a namespace

* Update test for number of namespace admitters

* cleaning up lint errors

* Allow for empty resource limit annotation to be present

* Update to allow for partial request/limits
 2024-12-06 15:23:31 -08:00