Test FTC100 fails since A1-SIM update
[nonrtric.git] / service-exposure / rapps-webhook.go
1 // -
2 //
3 //      ========================LICENSE_START=================================
4 //      O-RAN-SC
5 //      %%
6 //      Copyright (C) 2022-2023: Nordix Foundation
7 //      %%
8 //      Licensed under the Apache License, Version 2.0 (the "License");
9 //      you may not use this file except in compliance with the License.
10 //      You may obtain a copy of the License at
11 //
12 //           http://www.apache.org/licenses/LICENSE-2.0
13 //
14 //      Unless required by applicable law or agreed to in writing, software
15 //      distributed under the License is distributed on an "AS IS" BASIS,
16 //      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 //      See the License for the specific language governing permissions and
18 //      limitations under the License.
19 //      ========================LICENSE_END===================================
20 package main
21
22 import (
23         "encoding/json"
24         "errors"
25         "flag"
26         "fmt"
27         "io/ioutil"
28         "k8s.io/api/admission/v1beta1"
29         v1 "k8s.io/api/core/v1"
30         "k8s.io/apimachinery/pkg/runtime"
31         "k8s.io/apimachinery/pkg/runtime/serializer"
32         "log"
33         "net/http"
34 )
35
36 type ServerParameters struct {
37         port     string // webhook server port
38         certFile string // path to the x509 cert
39         keyFile  string // path to the x509 private key
40         secret   string
41 }
42
43 type patchOperation struct {
44         Op    string      `json:"op"`
45         Path  string      `json:"path"`
46         Value interface{} `json:"value,omitempty"`
47 }
48
49 var parameters ServerParameters
50
51 var (
52         universalDeserializer = serializer.NewCodecFactory(runtime.NewScheme()).UniversalDeserializer()
53 )
54
55 func main() {
56         flag.StringVar(&parameters.port, "port", "8443", "Webhook server port.")
57         flag.StringVar(&parameters.certFile, "tlsCertFile", "/certs/tls.crt", "File containing the x509 certificate")
58         flag.StringVar(&parameters.keyFile, "tlsKeyFile", "/certs/tls.key", "File containing the x509 private key")
59         flag.StringVar(&parameters.secret, "secret", "cm-keycloak-client-certs", "Secret containing rapp cert files")
60         flag.Parse()
61
62         http.HandleFunc("/inject-sidecar", HandleSideCarInjection)
63         log.Fatal(http.ListenAndServeTLS(":"+parameters.port, parameters.certFile, parameters.keyFile, nil))
64 }
65
66 func HandleSideCarInjection(w http.ResponseWriter, r *http.Request) {
67
68         body, err := ioutil.ReadAll(r.Body)
69         err = ioutil.WriteFile("/tmp/request", body, 0644)
70         if err != nil {
71                 panic(err.Error())
72         }
73
74         var admissionReviewReq v1beta1.AdmissionReview
75
76         if _, _, err := universalDeserializer.Decode(body, nil, &admissionReviewReq); err != nil {
77                 w.WriteHeader(http.StatusBadRequest)
78                 fmt.Errorf("Could not deserialize request: %v", err)
79         } else if admissionReviewReq.Request == nil {
80                 w.WriteHeader(http.StatusBadRequest)
81                 errors.New("Malformed admission review - request is empty")
82         }
83
84         fmt.Printf("Received Admission Review Request - Type: %v \t Event: %v \t Name: %v \n",
85                 admissionReviewReq.Request.Kind,
86                 admissionReviewReq.Request.Operation,
87                 admissionReviewReq.Request.Name,
88         )
89
90         var pod v1.Pod
91
92         err = json.Unmarshal(admissionReviewReq.Request.Object.Raw, &pod)
93
94         if err != nil {
95                 fmt.Errorf("Could not unmarshal pod from admission request: %v", err)
96         }
97
98         var patches []patchOperation
99
100         labels := pod.ObjectMeta.Labels
101         labels["sidecar-injection-webhook"] = "jwt-proxy"
102
103         patches = append(patches, patchOperation{
104                 Op:    "add",
105                 Path:  "/metadata/labels",
106                 Value: labels,
107         })
108
109         var containers []v1.Container
110         containers = append(containers, pod.Spec.Containers...)
111         container := v1.Container{
112                 Name:            "jwt-proxy",
113                 Image:           "ktimoney/rapps-jwt",
114                 ImagePullPolicy: v1.PullIfNotPresent,
115                 Ports: []v1.ContainerPort{
116                         {
117                                 Name:          "http",
118                                 Protocol:      v1.ProtocolTCP,
119                                 ContainerPort: 8888,
120                         },
121                 },
122                 VolumeMounts: []v1.VolumeMount{
123                         {
124                                 Name:      "certsdir",
125                                 MountPath: "/certs",
126                                 ReadOnly:  true,
127                         },
128                 },
129         }
130
131         containers = append(containers, container)
132         fmt.Println(containers)
133
134         patches = append(patches, patchOperation{
135                 Op:    "add",
136                 Path:  "/spec/containers",
137                 Value: containers,
138         })
139
140         var volumes []v1.Volume
141         volumes = append(volumes, pod.Spec.Volumes...)
142         volume := v1.Volume{
143                 Name: "certsdir",
144                 VolumeSource: v1.VolumeSource{
145                         Secret: &v1.SecretVolumeSource{
146                                 SecretName: parameters.secret,
147                         },
148                 },
149         }
150         volumes = append(volumes, volume)
151         fmt.Println(volumes)
152
153         patches = append(patches, patchOperation{
154                 Op:    "add",
155                 Path:  "/spec/volumes",
156                 Value: volumes,
157         })
158         fmt.Println(patches)
159
160         patchBytes, err := json.Marshal(patches)
161
162         if err != nil {
163                 fmt.Errorf("Error occurred when trying to marshal JSON patch: %v", err)
164         }
165
166         admissionReviewResponse := v1beta1.AdmissionReview{
167                 Response: &v1beta1.AdmissionResponse{
168                         UID:     admissionReviewReq.Request.UID,
169                         Allowed: true,
170                 },
171         }
172
173         admissionReviewResponse.Response.Patch = patchBytes
174
175         bytes, err := json.Marshal(&admissionReviewResponse)
176         if err != nil {
177                 fmt.Errorf("Error occurred when trying to marshal Aadmission Review response: %v", err)
178         }
179
180         w.Write(bytes)
181
182 }