github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-09-11 09:59:39 +00:00
Code Issues Projects Releases Wiki Activity

Fix update/patch and add webhook auth

Browse Source
This commit is contained in:
Darren Shepherd
2019-09-11 10:32:01 -07:00
parent 7f5d248680
commit ef235af49c
22 changed files with 1453 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
pkg/server/server.go
View File

@@ -2,33 +2,32 @@ package server
import (
"context"
"github.com/rancher/norman/pkg/auth"
"net/http"
"github.com/rancher/wrangler/pkg/generic"
schema2 "k8s.io/apimachinery/pkg/runtime/schema"
"github.com/rancher/naok/pkg/clustercache"
"github.com/rancher/wrangler-api/pkg/generated/controllers/core"
"github.com/rancher/naok/pkg/accesscontrol"
"github.com/rancher/naok/pkg/client"
"github.com/rancher/naok/pkg/clustercache"
"github.com/rancher/naok/pkg/controllers/schema"
"github.com/rancher/naok/pkg/resources"
"github.com/rancher/naok/pkg/server/publicapi"
"github.com/rancher/wrangler-api/pkg/generated/controllers/apiextensions.k8s.io"
"github.com/rancher/wrangler-api/pkg/generated/controllers/apiregistration.k8s.io"
"github.com/rancher/wrangler-api/pkg/generated/controllers/core"
rbaccontroller "github.com/rancher/wrangler-api/pkg/generated/controllers/rbac"
"github.com/rancher/wrangler/pkg/generic"
"github.com/rancher/wrangler/pkg/kubeconfig"
"github.com/rancher/wrangler/pkg/start"
"github.com/sirupsen/logrus"
schema2 "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/kubernetes"
)
type Config struct {
Kubeconfig string
Namespace string
ListenAddress string
WebhookKubeconfig string
Authentication bool
}
func Run(ctx context.Context, cfg Config) error {
@@ -37,6 +36,9 @@ func Run(ctx context.Context, cfg Config) error {
return err
}
restConfig.QPS = 100
restConfig.Burst = 100
rbac, err := rbaccontroller.NewFactoryFromConfig(restConfig)
if err != nil {
return err
@@ -80,6 +82,7 @@ func Run(ctx context.Context, cfg Config) error {
k8s.Discovery(),
crd.Apiextensions().V1beta1().CustomResourceDefinition(),
api.Apiregistration().V1().APIService(),
k8s.AuthorizationV1().SelfSubjectAccessReviews(),
ccache,
sf)
@@ -88,6 +91,14 @@ func Run(ctx context.Context, cfg Config) error {
return err
}
if cfg.Authentication {
authMiddleware, err := auth.NewWebhookMiddleware(cfg.WebhookKubeconfig)
if err != nil {
return err
}
handler = wrapHandler(handler, authMiddleware)
}
for _, controllers := range []controllers{api, crd, rbac} {
for gvk, controller := range controllers.Controllers() {
ccache.AddController(gvk, controller.Informer())
@@ -106,6 +117,12 @@ func Run(ctx context.Context, cfg Config) error {
return http.ListenAndServe(cfg.ListenAddress, handler)
}
func wrapHandler(handler http.Handler, middleware func(http.ResponseWriter, *http.Request, http.Handler)) http.Handler {
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
middleware(resp, req, handler)
})
}
type controllers interface {
Controllers() map[schema2.GroupVersionKind]*generic.Controller
}