From fa47c7f350288dabebd786106de8ea306c26e353 Mon Sep 17 00:00:00 2001 From: gunishmatta Date: Mon, 15 Aug 2022 05:30:25 +0000 Subject: [PATCH] added flag Signed-off-by: gunishmatta --- controllers/event_handling_test.go | 3 ++- internal/server/event_handlers.go | 7 +++++++ internal/server/event_server.go | 4 +++- main.go | 4 +++- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/controllers/event_handling_test.go b/controllers/event_handling_test.go index 410cb6b3b..128c345d5 100644 --- a/controllers/event_handling_test.go +++ b/controllers/event_handling_test.go @@ -52,7 +52,7 @@ func TestEventHandler(t *testing.T) { t.Fatalf("failed to create memory storage") } - eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true) + eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true, false) stopCh := make(chan struct{}) go eventServer.ListenAndServe(stopCh, eventMdlw, store) @@ -77,6 +77,7 @@ func TestEventHandler(t *testing.T) { Address: rcvServer.URL, }, } + g.Expect(k8sClient.Create(context.Background(), provider)).To(Succeed()) repo, err := readManifest("./testdata/repo.yaml", namespace) diff --git a/internal/server/event_handlers.go b/internal/server/event_handlers.go index d0b8e7162..5e93b67f1 100644 --- a/internal/server/event_handlers.go +++ b/internal/server/event_handlers.go @@ -243,6 +243,13 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request) continue } + if s.httpSchemeDisabled && strings.Contains(webhook, "http://") { + s.logger.Error(nil, "http scheme is blocked", + "reconciler kind", v1beta1.ProviderKind, + "name", providerName.Name, + "namespace", providerName.Namespace) + continue + } factory := notifier.NewFactory(webhook, proxy, username, provider.Spec.Channel, token, headers, certPool, password) sender, err := factory.Notifier(provider.Spec.Type) if err != nil { diff --git a/internal/server/event_server.go b/internal/server/event_server.go index 96f0ea54b..c56154ddb 100644 --- a/internal/server/event_server.go +++ b/internal/server/event_server.go @@ -44,15 +44,17 @@ type EventServer struct { logger logr.Logger kubeClient client.Client noCrossNamespaceRefs bool + httpSchemeDisabled bool } // NewEventServer returns an HTTP server that handles events -func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool) *EventServer { +func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool, httpSchemeDisabled bool) *EventServer { return &EventServer{ port: port, logger: logger.WithName("event-server"), kubeClient: kubeClient, noCrossNamespaceRefs: noCrossNamespaceRefs, + httpSchemeDisabled: httpSchemeDisabled, } } diff --git a/main.go b/main.go index 666309416..cc22bafa9 100644 --- a/main.go +++ b/main.go @@ -72,6 +72,7 @@ func main() { leaderElectionOptions leaderelection.Options aclOptions acl.Options rateLimiterOptions helper.RateLimiterOptions + httpSchemeDisabled bool ) flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") @@ -82,6 +83,7 @@ func main() { flag.BoolVar(&watchAllNamespaces, "watch-all-namespaces", true, "Watch for custom resources in all namespaces, if set to false it will only watch the runtime namespace.") flag.DurationVar(&rateLimitInterval, "rate-limit-interval", 5*time.Minute, "Interval in which rate limit has effect.") + flag.BoolVar(&httpSchemeDisabled, "http-scheme-enabled", false, "Enable Http Scheme When true, the flag would not allow the use of the http scheme across all controller-level objects.") clientOptions.BindFlags(flag.CommandLine) logOptions.BindFlags(flag.CommandLine) leaderElectionOptions.BindFlags(flag.CommandLine) @@ -169,7 +171,7 @@ func main() { Registry: crtlmetrics.Registry, }), }) - eventServer := server.NewEventServer(eventsAddr, log, mgr.GetClient(), aclOptions.NoCrossNamespaceRefs) + eventServer := server.NewEventServer(eventsAddr, log, mgr.GetClient(), aclOptions.NoCrossNamespaceRefs, httpSchemeDisabled) go eventServer.ListenAndServe(ctx.Done(), eventMdlw, store) setupLog.Info("starting webhook receiver server", "addr", receiverAddr)