- firewalldnats
- ipsecproposals
- ipsechosts
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: sdewan-webhook-service
+ namespace: sdewan-system
+ path: /validate-label
+ failurePolicy: Fail
+ name: validate-label.akraino.org
+ rules:
+ - apiGroups:
+ - apps
+ - batch.sdewan.akraino.org
+ apiVersions:
+ - v1
+ - v1alpha1
+ operations:
+ - UPDATE
+ resources:
+ - deployments
+ - mwan3policies
+ - mwan3rules
+ - firewallzones
+ - firewallforwardings
+ - firewallrules
+ - firewallsnats
+ - firewalldnats
+ - ipsecproposals
+ - ipsechosts
--- /dev/null
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "reflect"
+
+ appsv1 "k8s.io/api/apps/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
+ "sigs.k8s.io/controller-runtime/pkg/webhook"
+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+// log is for logging in this package.
+var label_check_log = logf.Log.WithName("label-validator")
+
+func SetupLabelValidateWebhookWithManager(mgr ctrl.Manager) error {
+ mgr.GetWebhookServer().Register(
+ "/validate-label",
+ &webhook.Admission{Handler: &labelValidator{Client: mgr.GetClient()}})
+ return nil
+}
+
+// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;ipsecproposals;ipsechosts,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org
+
+type labelValidator struct {
+ Client client.Client
+ decoder *admission.Decoder
+}
+
+func (v *labelValidator) Handle(ctx context.Context, req admission.Request) admission.Response {
+ var obj runtime.Object
+ switch req.Kind.Kind {
+ case "Deployment":
+ obj = &appsv1.Deployment{}
+ case "Mwan3Policy":
+ obj = &Mwan3Policy{}
+ case "Mwan3Rule":
+ obj = &Mwan3Rule{}
+ case "FirewallForwarding":
+ obj = &FirewallForwarding{}
+ case "FirewallZone":
+ obj = &FirewallZone{}
+ case "FirewallRule":
+ obj = &FirewallRule{}
+ case "FirewallDNAT":
+ obj = &FirewallDNAT{}
+ case "FirewallSNAT":
+ obj = &FirewallSNAT{}
+ case "IpsecProposal":
+ obj = &IpsecProposal{}
+ case "IpsecHost":
+ obj = &IpsecHost{}
+ default:
+ return admission.Errored(
+ http.StatusBadRequest,
+ errors.New(fmt.Sprintf("Kind is not supported: %v", req.Kind)))
+ }
+
+ if req.Operation != "UPDATE" {
+ return admission.Allowed("")
+ } else {
+ oldobj := obj.DeepCopyObject()
+ err1 := v.decoder.DecodeRaw(req.OldObject, oldobj)
+ old_value := get_label(oldobj, "sdewanPurpose")
+ err2 := v.decoder.Decode(req, obj)
+ new_value := get_label(obj, "sdewanPurpose")
+ if err1 != nil || err2 != nil {
+ return admission.Errored(http.StatusBadRequest, errors.New("object Decode error"))
+ }
+ if old_value != new_value {
+ return admission.Denied(fmt.Sprintf("Label 'sdewanPurpose' is immutable"))
+ }
+ return admission.Allowed("")
+ }
+}
+
+func get_label(oldobj runtime.Object, name string) string {
+ metadata := reflect.ValueOf(oldobj).Elem().Field(1).Interface().(metav1.ObjectMeta)
+ if value, ok := metadata.Labels[name]; ok {
+ return value
+ } else {
+ return ""
+ }
+}
+
+// labelValidator implements admission.DecoderInjector.
+// A decoder will be automatically injected.
+
+// InjectDecoder injects the decoder.
+func (v *labelValidator) InjectDecoder(d *admission.Decoder) error {
+ v.decoder = d
+ return nil
+}
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *IpsecProposal) DeepCopyInto(out *IpsecProposal) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
- out.Spec = in.Spec
- in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecProposal.
-func (in *IpsecProposal) DeepCopy() *IpsecProposal {
- if in == nil {
- return nil
- }
- out := new(IpsecProposal)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IpsecHost) DeepCopyInto(out *IpsecHost) {
*out = *in
return out
}
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *IpsecProposal) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *IpsecHost) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *IpsecProposalList) DeepCopyInto(out *IpsecProposalList) {
+func (in *IpsecHostList) DeepCopyInto(out *IpsecHostList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
- *out = make([]IpsecProposal, len(*in))
+ *out = make([]IpsecHost, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
}
-func (in *IpsecHostList) DeepCopyInto(out *IpsecHostList) {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecHostList.
+func (in *IpsecHostList) DeepCopy() *IpsecHostList {
+ if in == nil {
+ return nil
+ }
+ out := new(IpsecHostList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *IpsecHostList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IpsecHostSpec) DeepCopyInto(out *IpsecHostSpec) {
*out = *in
- out.TypeMeta = in.TypeMeta
- in.ListMeta.DeepCopyInto(&out.ListMeta)
- if in.Items != nil {
- in, out := &in.Items, &out.Items
- *out = make([]IpsecHost, len(*in))
+ if in.CryptoProposal != nil {
+ in, out := &in.CryptoProposal, &out.CryptoProposal
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.Connections != nil {
+ in, out := &in.Connections, &out.Connections
+ *out = make([]Connection, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecProposalList.
-func (in *IpsecProposalList) DeepCopy() *IpsecProposalList {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecHostSpec.
+func (in *IpsecHostSpec) DeepCopy() *IpsecHostSpec {
if in == nil {
return nil
}
- out := new(IpsecProposalList)
+ out := new(IpsecHostSpec)
in.DeepCopyInto(out)
return out
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecHostList.
-func (in *IpsecHostList) DeepCopy() *IpsecHostList {
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IpsecProposal) DeepCopyInto(out *IpsecProposal) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ out.Spec = in.Spec
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecProposal.
+func (in *IpsecProposal) DeepCopy() *IpsecProposal {
if in == nil {
return nil
}
- out := new(IpsecHostList)
+ out := new(IpsecProposal)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *IpsecProposalList) DeepCopyObject() runtime.Object {
+func (in *IpsecProposal) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IpsecProposalList) DeepCopyInto(out *IpsecProposalList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]IpsecProposal, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecProposalList.
+func (in *IpsecProposalList) DeepCopy() *IpsecProposalList {
+ if in == nil {
+ return nil
+ }
+ out := new(IpsecProposalList)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *IpsecHostList) DeepCopyObject() runtime.Object {
+func (in *IpsecProposalList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return out
}
-func (in *IpsecHostSpec) DeepCopyInto(out *IpsecHostSpec) {
- *out = *in
- if in.CryptoProposal != nil {
- in, out := &in.CryptoProposal, &out.CryptoProposal
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- if in.Connections != nil {
- in, out := &in.Connections, &out.Connections
- *out = make([]Connection, len(*in))
- for i := range *in {
- (*in)[i].DeepCopyInto(&(*out)[i])
- }
- }
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecHostSpec.
-func (in *IpsecHostSpec) DeepCopy() *IpsecHostSpec {
- if in == nil {
- return nil
- }
- out := new(IpsecHostSpec)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Mwan3Policy) DeepCopyInto(out *Mwan3Policy) {
*out = *in
connections:
items:
properties:
+ conn_type:
+ type: string
crypto_proposal:
items:
type: string
type: string
remote_updown:
type: string
- type:
- type: string
required:
+ - conn_type
- mode
- name
- - type
type: object
type: array
crypto_proposal:
type: string
shared_ca:
type: string
+ type:
+ type: string
required:
- authentication_method
- connections
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYakNDQWthZ0F3SUJBZ0lRWndqK2VKYTNzU3ZVbUQ1d2EwS2FQREFOQmdrcWhraUc5dzBCQVFzRkFEQVgKTVJVd0V3WURWUVFLRXd4alpYSjBMVzFoYm1GblpYSXdIaGNOTWpBd05USTNNREUwTlRNNFdoY05NakF3T0RJMQpNREUwTlRNNFdqQVhNUlV3RXdZRFZRUUtFd3hqWlhKMExXMWhibUZuWlhJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEVzZTMEp3SE9BeitEajhtTmdYMVBteWRHVUNqTXJLL2ptZmlzZHlFMWkKRVIyNkVZY0NhbWdYVlZjbjB3MHRDZ0pJWW5FR0xhMit4WUsxRUJ0WmZhMU85TGdHNWY3OTRxR1JNU1RzUk9DZgo2d2FPTCtvVEhVWm55dndBOTNYYStmT1pQcXBzeSs1OG9zSlZaYlFKZlhqcnJpZXlLbnBGT2o1aDNDK2NmZE1KCmRlMDR4QWJJdktCaHRwcUFoR0k4TFVzTUNEMVVHYjhKM3Y1L2lqd3dUMDZLb3lMVjRUUi9LUFhqK2ZGblBzVjkKMUNxYXZXb2o0VEgvUWtnUlZocFJUN0hxZy80Sm5BUGgzb0M3eHZOanpPejdkRU5iRk9sWWNCZHA2WXM5Vm9pTQo3TnZjQnIxNFNWUDZPdU9yeEVpQXozdUFkVHFFQUxFQ1RZazBQU2xRbVdldEFnTUJBQUdqZ2FVd2dhSXdEZ1lEClZSMFBBUUgvQkFRREFnV2dNQXdHQTFVZEV3RUIvd1FDTUFBd2dZRUdBMVVkRVFSNk1IaUNLSE5rWlhkaGJpMTMKWldKb2IyOXJMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtT0NObk5rWlhkaGJpMTNaV0pvYjI5cgpMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJSmJHOWpZV3hvCmIzTjBnZ2t4TWpjdU1DNHdMakV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUg2SHovMFh6a1lubHQ1S1U0QlQKMmNQZUV6UlBqTUwrd3BVZCtKdGFLRmJkYlZZR2ZYMHg5QTlqVkllcEV4WndPODlrWXVIVXNpYTNYWklXYWpzNgpwNldOMzZHTVJZZWI2aGhxaURvRHFvSTJEdXIzQUN2TnoxWCtxbnAxTGVaVHZtUlM3Tms1MS85Q1NPbTRXb3NOCmczZExyY3NIaTM1ZjgrUVUySkVFTGhiOWJtbHdmOEc1Uy9HRElNZWl0OU1XWEFMVzdqalJ3VHFrbWpscGdIUWkKT1R0TkVvQmtMUWRDVUQ2TjNLbGhIdmhZU29HKzJDNjI2MGN3N2tvVm5KOXUzMXNjUFJVTlhmY2RDQTEvdWNxNQpBV055QkI1Y1lPYlZ0NTdVbHVoRlVpT01XWUEwcUxSMnJuem8vMksxVjJCdkNPYjhVSytxTURCNFcvZkRaM0xmCnBQVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
url: https://localhost:9443/validate-sdewan-bucket-permission
failurePolicy: Fail
- name: sdewan.kb.io
+ name: bucket-permission.kb.io
namespaceSelector: {}
rules:
- apiGroups:
scope: '*'
sideEffects: Unknown
timeoutSeconds: 30
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYakNDQWthZ0F3SUJBZ0lRWndqK2VKYTNzU3ZVbUQ1d2EwS2FQREFOQmdrcWhraUc5dzBCQVFzRkFEQVgKTVJVd0V3WURWUVFLRXd4alpYSjBMVzFoYm1GblpYSXdIaGNOTWpBd05USTNNREUwTlRNNFdoY05NakF3T0RJMQpNREUwTlRNNFdqQVhNUlV3RXdZRFZRUUtFd3hqWlhKMExXMWhibUZuWlhJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEVzZTMEp3SE9BeitEajhtTmdYMVBteWRHVUNqTXJLL2ptZmlzZHlFMWkKRVIyNkVZY0NhbWdYVlZjbjB3MHRDZ0pJWW5FR0xhMit4WUsxRUJ0WmZhMU85TGdHNWY3OTRxR1JNU1RzUk9DZgo2d2FPTCtvVEhVWm55dndBOTNYYStmT1pQcXBzeSs1OG9zSlZaYlFKZlhqcnJpZXlLbnBGT2o1aDNDK2NmZE1KCmRlMDR4QWJJdktCaHRwcUFoR0k4TFVzTUNEMVVHYjhKM3Y1L2lqd3dUMDZLb3lMVjRUUi9LUFhqK2ZGblBzVjkKMUNxYXZXb2o0VEgvUWtnUlZocFJUN0hxZy80Sm5BUGgzb0M3eHZOanpPejdkRU5iRk9sWWNCZHA2WXM5Vm9pTQo3TnZjQnIxNFNWUDZPdU9yeEVpQXozdUFkVHFFQUxFQ1RZazBQU2xRbVdldEFnTUJBQUdqZ2FVd2dhSXdEZ1lEClZSMFBBUUgvQkFRREFnV2dNQXdHQTFVZEV3RUIvd1FDTUFBd2dZRUdBMVVkRVFSNk1IaUNLSE5rWlhkaGJpMTMKWldKb2IyOXJMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtT0NObk5rWlhkaGJpMTNaV0pvYjI5cgpMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJSmJHOWpZV3hvCmIzTjBnZ2t4TWpjdU1DNHdMakV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUg2SHovMFh6a1lubHQ1S1U0QlQKMmNQZUV6UlBqTUwrd3BVZCtKdGFLRmJkYlZZR2ZYMHg5QTlqVkllcEV4WndPODlrWXVIVXNpYTNYWklXYWpzNgpwNldOMzZHTVJZZWI2aGhxaURvRHFvSTJEdXIzQUN2TnoxWCtxbnAxTGVaVHZtUlM3Tms1MS85Q1NPbTRXb3NOCmczZExyY3NIaTM1ZjgrUVUySkVFTGhiOWJtbHdmOEc1Uy9HRElNZWl0OU1XWEFMVzdqalJ3VHFrbWpscGdIUWkKT1R0TkVvQmtMUWRDVUQ2TjNLbGhIdmhZU29HKzJDNjI2MGN3N2tvVm5KOXUzMXNjUFJVTlhmY2RDQTEvdWNxNQpBV055QkI1Y1lPYlZ0NTdVbHVoRlVpT01XWUEwcUxSMnJuem8vMksxVjJCdkNPYjhVSytxTURCNFcvZkRaM0xmCnBQVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ url: https://localhost:9443/validate-label
+ failurePolicy: Fail
+ name: validate-label.kb.io
+ namespaceSelector: {}
+ rules:
+ - apiGroups:
+ - batch.sdewan.akraino.org
+ - apps
+ apiVersions:
+ - v1alpha1
+ - v1
+ operations:
+ - UPDATE
+ resources:
+ - deployments
+ - mwan3policies
+ - mwan3rules
+ - firewalldnats
+ - firewallforwardings
+ - firewallrules
+ - firewallsnats
+ - firewallzones
+ - ipsechosts
+ - ipsecproposals
+ scope: '*'
+ sideEffects: Unknown
+ timeoutSeconds: 30
- apiGroups:
- batch.sdewan.akraino.org
resources:
- - ipsecproposals
+ - ipsechosts
verbs:
- create
- delete
- apiGroups:
- batch.sdewan.akraino.org
resources:
- - ipsecproposals/status
+ - ipsechosts/status
verbs:
- get
- patch
- apiGroups:
- batch.sdewan.akraino.org
resources:
- - ipsechosts
+ - ipsecproposals
verbs:
- create
- delete
- apiGroups:
- batch.sdewan.akraino.org
resources:
- - ipsechosts/status
+ - ipsecproposals/status
verbs:
- get
- patch
src_dip: 1.2.3.4
dest: firewallzone-sample2
proto: icmp
-
+...
sdewanPurpose: cnf1
sdewan-bucket-type: app-intent
spec:
- # Add fields here
src: firewallzone-sample2
dest: firewallzone-sample
+...
labels:
sdewanPurpose: cnf1
spec:
- # Add fields here
src: firewallzone-sample
src_ip: "192.168.2.2"
src_port: "80"
proto: tcp
target: REJECT
+...
src_dip: 1.2.3.5
dest: firewallzone-sample2
proto: icmp
+...
labels:
sdewanPurpose: cnf1
spec:
- # Add fields here
- network:
- - ovn-net1
- - ovn-net2
- input: ACCEPT
- output: ACCEPT
\ No newline at end of file
+ network:
+ - ovn-net1
+ - ovn-net2
+ input: ACCEPT
+ output: ACCEPT
+...
labels:
sdewanPurpose: cnf1
spec:
- # Add fields here
network:
- "ovn-net1"
- "ovn-net2"
input: ACCEPT
- output: ACCEPT
\ No newline at end of file
+ output: ACCEPT
+...
+---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: IpsecHost
metadata:
remote_subnet: 192.168.1.1/24,10.10.10.35/32
crypto_proposal:
- ipsecproposal
-
+...
+---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: IpsecProposal
metadata:
labels:
sdewanPurpose: cnf1
spec:
- dh_group: modp4096
- encryption_algorithm: aes
- hash_algorithm: sha1
+ dh_group: modp4096
+ encryption_algorithm: aes
+ hash_algorithm: sha1
+...
- network: ovn-net2
weight: 3
metric: 3
+...
sdewanPurpose: cnf1
# sdewan-bucket-type: app-intent
spec:
- # Add fields here
dest_ip: "10.10.10.1"
dest_port: "1000"
family: ipv4
src_port: "22"
sticky: "1"
timeout: "200"
-
+...
- firewalldnats
- ipsecproposals
- ipsechosts
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: webhook-service
+ namespace: system
+ path: /validate-label
+ failurePolicy: Fail
+ name: validate-label.akraino.org
+ rules:
+ - apiGroups:
+ - apps
+ - batch.sdewan.akraino.org
+ apiVersions:
+ - v1
+ - v1alpha1
+ operations:
+ - UPDATE
+ resources:
+ - deployments
+ - mwan3policies
+ - mwan3rules
+ - firewallzones
+ - firewallforwardings
+ - firewallrules
+ - firewallsnats
+ - firewalldnats
+ - ipsecproposals
+ - ipsechosts
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
cloud.google.com/go v0.39.0 h1:UgQP9na6OTfp4dsAiz/eFpFA1C6tPdH5wiRdi19tuMw=
cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 h1:ZgQEtGgCBiWRM39fZuwSd1LwSqqSW0hOdXCYYDX0R3I=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns=
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk=
go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A=
go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM=
go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7 h1:HmbHVPwrPEKPGLAcHSrMe6+hqSUlvZU0rab6x5EXfGU=
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200502202811-ed308ab3e770/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
setupLog.Error(err, "unable to create controller", "controller", "Mwan3Rule")
os.Exit(1)
}
- if err = batchv1alpha1.SetupBucketPermissionWebhookWithManager(mgr); err != nil {
- setupLog.Error(err, "unable to create webhook", "webhook", "Mwan3Policy")
- os.Exit(1)
- }
if err = (&controllers.FirewallZoneReconciler{
Client: mgr.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("FirewallZone"),
setupLog.Error(err, "unable to create controller", "controller", "IpsecHost")
os.Exit(1)
}
+ if err = batchv1alpha1.SetupBucketPermissionWebhookWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create webhook", "webhook", "BucketPermission")
+ os.Exit(1)
+ }
+ if err = batchv1alpha1.SetupLabelValidateWebhookWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create webhook", "webhook", "CNFLabelWebhook")
+ os.Exit(1)
+ }
// +kubebuilder:scaffold:builder
setupLog.Info("starting manager")
Code Review / icn / sdwan.git / commitdiff