added flag

gunishmatta · gunishmatta · commit fa47c7f35028 · 2022-08-15T11:09:07.000+05:30
Signed-off-by: gunishmatta &lt;gunishmatta@gmail.com&gt;
diff --git a/controllers/event_handling_test.go b/controllers/event_handling_test.go
@@ -52,7 +52,7 @@ func TestEventHandler(t *testing.T) {
 		t.Fatalf("failed to create memory storage")
 	}
 
-	eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true)
+	eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true, false)
 	stopCh := make(chan struct{})
 	go eventServer.ListenAndServe(stopCh, eventMdlw, store)
 
@@ -77,6 +77,7 @@ func TestEventHandler(t *testing.T) {
 			Address: rcvServer.URL,
 		},
 	}
+	
 	g.Expect(k8sClient.Create(context.Background(), provider)).To(Succeed())
 
 	repo, err := readManifest("./testdata/repo.yaml", namespace)
diff --git a/internal/server/event_handlers.go b/internal/server/event_handlers.go
@@ -243,6 +243,13 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request)
 				continue
 			}
 
+			if s.httpSchemeDisabled && strings.Contains(webhook, "http://") {
+				s.logger.Error(nil, "http scheme is blocked",
+					"reconciler kind", v1beta1.ProviderKind,
+					"name", providerName.Name,
+					"namespace", providerName.Namespace)
+				continue
+			}
 			factory := notifier.NewFactory(webhook, proxy, username, provider.Spec.Channel, token, headers, certPool, password)
 			sender, err := factory.Notifier(provider.Spec.Type)
 			if err != nil {
diff --git a/internal/server/event_server.go b/internal/server/event_server.go
@@ -44,15 +44,17 @@ type EventServer struct {
 	logger               logr.Logger
 	kubeClient           client.Client
 	noCrossNamespaceRefs bool
+	httpSchemeDisabled   bool
 }
 
 // NewEventServer returns an HTTP server that handles events
-func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool) *EventServer {
+func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool, httpSchemeDisabled bool) *EventServer {
 	return &EventServer{
 		port:                 port,
 		logger:               logger.WithName("event-server"),
 		kubeClient:           kubeClient,
 		noCrossNamespaceRefs: noCrossNamespaceRefs,
+		httpSchemeDisabled:   httpSchemeDisabled,
 	}
 }
 
diff --git a/main.go b/main.go
@@ -72,6 +72,7 @@ func main() {
 		leaderElectionOptions leaderelection.Options
 		aclOptions            acl.Options
 		rateLimiterOptions    helper.RateLimiterOptions
+		httpSchemeDisabled    bool
 	)
 
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
@@ -82,6 +83,7 @@ func main() {
 	flag.BoolVar(&watchAllNamespaces, "watch-all-namespaces", true,
 		"Watch for custom resources in all namespaces, if set to false it will only watch the runtime namespace.")
 	flag.DurationVar(&rateLimitInterval, "rate-limit-interval", 5*time.Minute, "Interval in which rate limit has effect.")
+	flag.BoolVar(&httpSchemeDisabled, "http-scheme-enabled", false, "Enable Http Scheme When true, the flag would not allow the use of the http scheme across all controller-level objects.")
 	clientOptions.BindFlags(flag.CommandLine)
 	logOptions.BindFlags(flag.CommandLine)
 	leaderElectionOptions.BindFlags(flag.CommandLine)
@@ -169,7 +171,7 @@ func main() {
 			Registry: crtlmetrics.Registry,
 		}),
 	})
-	eventServer := server.NewEventServer(eventsAddr, log, mgr.GetClient(), aclOptions.NoCrossNamespaceRefs)
+	eventServer := server.NewEventServer(eventsAddr, log, mgr.GetClient(), aclOptions.NoCrossNamespaceRefs, httpSchemeDisabled)
 	go eventServer.ListenAndServe(ctx.Done(), eventMdlw, store)
 
 	setupLog.Info("starting webhook receiver server", "addr", receiverAddr)

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ func TestEventHandler(t *testing.T) {`
`52`	`52`	`t.Fatalf("failed to create memory storage")`
`53`	`53`	`}`
`54`	`54`
`55`		`- eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true)`
	`55`	`+ eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true, false)`
`56`	`56`	`stopCh := make(chan struct{})`
`57`	`57`	`go eventServer.ListenAndServe(stopCh, eventMdlw, store)`
`58`	`58`
`@@ -77,6 +77,7 @@ func TestEventHandler(t *testing.T) {`
`77`	`77`	`Address: rcvServer.URL,`
`78`	`78`	`},`
`79`	`79`	`}`
	`80`	`+`
`80`	`81`	`g.Expect(k8sClient.Create(context.Background(), provider)).To(Succeed())`
`81`	`82`
`82`	`83`	`repo, err := readManifest("./testdata/repo.yaml", namespace)`
Original file line number	Diff line number	Diff line change
`@@ -44,15 +44,17 @@ type EventServer struct {`
`44`	`44`	`logger logr.Logger`
`45`	`45`	`kubeClient client.Client`
`46`	`46`	`noCrossNamespaceRefs bool`
	`47`	`+ httpSchemeDisabled bool`
`47`	`48`	`}`
`48`	`49`
`49`	`50`	`// NewEventServer returns an HTTP server that handles events`
`50`		`-func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool) *EventServer {`
	`51`	`+func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool, httpSchemeDisabled bool) *EventServer {`
`51`	`52`	`return &EventServer{`
`52`	`53`	`port: port,`
`53`	`54`	`logger: logger.WithName("event-server"),`
`54`	`55`	`kubeClient: kubeClient,`
`55`	`56`	`noCrossNamespaceRefs: noCrossNamespaceRefs,`
	`57`	`+ httpSchemeDisabled: httpSchemeDisabled,`
`56`	`58`	`}`
`57`	`59`	`}`
`58`	`60`