Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 5421ec503f
Branches Tags
helm-externa...
/
pkg
/
provider
/
webhook
/
webhook.go

webhook.go 13 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package webhook
    16. 

  16. 

  17. import (
    18. 

  18. 	"bytes"
    19. 

  19. 	"context"
    20. 

  20. 	"crypto/tls"
    21. 

  21. 	"crypto/x509"
    22. 

  22. 	"fmt"
    23. 

  23. 	"io"
    24. 

  24. 	"net/http"
    25. 

  25. 	"net/url"
    26. 

  26. 	"strings"
    27. 

  27. 	tpl "text/template"
    28. 

  28. 	"time"
    29. 

  29. 

  30. 	"github.com/PaesslerAG/jsonpath"
    31. 

  31. 	"gopkg.in/yaml.v3"
    32. 

  32. 	corev1 "k8s.io/api/core/v1"
    33. 

  33. 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    34. 

  34. 	"sigs.k8s.io/controller-runtime/pkg/client"
    35. 

  35. 

  36. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    37. 

  37. 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
    38. 

  38. 	"github.com/external-secrets/external-secrets/pkg/constants"
    39. 

  39. 	"github.com/external-secrets/external-secrets/pkg/metrics"
    40. 

  40. 	"github.com/external-secrets/external-secrets/pkg/template/v2"
    41. 

  41. 	"github.com/external-secrets/external-secrets/pkg/utils"
    42. 

  42. )
    43. 

  43. 

  44. // https://github.com/external-secrets/external-secrets/issues/644
    45. 

  45. var _ esv1beta1.SecretsClient = &WebHook{}
    46. 

  46. var _ esv1beta1.Provider = &Provider{}
    47. 

  47. 

  48. // Provider satisfies the provider interface.
    49. 

  49. type Provider struct{}
    50. 

  50. 

  51. type WebHook struct {
    52. 

  52. 	kube      client.Client
    53. 

  53. 	store     esv1beta1.GenericStore
    54. 

  54. 	namespace string
    55. 

  55. 	storeKind string
    56. 

  56. 	http      *http.Client
    57. 

  57. 	url       string
    58. 

  58. }
    59. 

  59. 

  60. func init() {
    61. 

  61. 	esv1beta1.Register(&Provider{}, &esv1beta1.SecretStoreProvider{
    62. 

  62. 		Webhook: &esv1beta1.WebhookProvider{},
    63. 

  63. 	})
    64. 

  64. }
    65. 

  65. 

  66. // Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).
    67. 

  67. func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities {
    68. 

  68. 	return esv1beta1.SecretStoreReadOnly
    69. 

  69. }
    70. 

  70. 

  71. func (p *Provider) NewClient(_ context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) {
    72. 

  72. 	whClient := &WebHook{
    73. 

  73. 		kube:      kube,
    74. 

  74. 		store:     store,
    75. 

  75. 		namespace: namespace,
    76. 

  76. 		storeKind: store.GetObjectKind().GroupVersionKind().Kind,
    77. 

  77. 	}
    78. 

  78. 	provider, err := getProvider(store)
    79. 

  79. 	if err != nil {
    80. 

  80. 		return nil, err
    81. 

  81. 	}
    82. 

  82. 	whClient.url = provider.URL
    83. 

  83. 

  84. 	whClient.http, err = whClient.getHTTPClient(provider)
    85. 

  85. 	if err != nil {
    86. 

  86. 		return nil, err
    87. 

  87. 	}
    88. 

  88. 	return whClient, nil
    89. 

  89. }
    90. 

  90. 

  91. func (p *Provider) ValidateStore(_ esv1beta1.GenericStore) error {
    92. 

  92. 	return nil
    93. 

  93. }
    94. 

  94. 

  95. func getProvider(store esv1beta1.GenericStore) (*esv1beta1.WebhookProvider, error) {
    96. 

  96. 	spc := store.GetSpec()
    97. 

  97. 	if spc == nil || spc.Provider == nil || spc.Provider.Webhook == nil {
    98. 

  98. 		return nil, fmt.Errorf("missing store provider webhook")
    99. 

  99. 	}
    100. 

  100. 	return spc.Provider.Webhook, nil
    101. 

  101. }
    102. 

  102. 

  103. func (w *WebHook) getStoreSecret(ctx context.Context, ref esmeta.SecretKeySelector) (*corev1.Secret, error) {
    104. 

  104. 	ke := client.ObjectKey{
    105. 

  105. 		Name:      ref.Name,
    106. 

  106. 		Namespace: w.namespace,
    107. 

  107. 	}
    108. 

  108. 	if w.storeKind == esv1beta1.ClusterSecretStoreKind {
    109. 

  109. 		if ref.Namespace == nil {
    110. 

  110. 			return nil, fmt.Errorf("no namespace on ClusterSecretStore webhook secret %s", ref.Name)
    111. 

  111. 		}
    112. 

  112. 		ke.Namespace = *ref.Namespace
    113. 

  113. 	}
    114. 

  114. 	secret := &corev1.Secret{}
    115. 

  115. 	if err := w.kube.Get(ctx, ke, secret); err != nil {
    116. 

  116. 		return nil, fmt.Errorf("failed to get clustersecretstore webhook secret %s: %w", ref.Name, err)
    117. 

  117. 	}
    118. 

  118. 	return secret, nil
    119. 

  119. }
    120. 

  120. 

  121. func (w *WebHook) DeleteSecret(_ context.Context, _ esv1beta1.PushRemoteRef) error {
    122. 

  122. 	return fmt.Errorf("not implemented")
    123. 

  123. }
    124. 

  124. 

  125. // Not Implemented PushSecret.
    126. 

  126. func (w *WebHook) PushSecret(_ context.Context, _ []byte, _ *apiextensionsv1.JSON, _ esv1beta1.PushRemoteRef) error {
    127. 

  127. 	return fmt.Errorf("not implemented")
    128. 

  128. }
    129. 

  129. 

  130. // Empty GetAllSecrets.
    131. 

  131. func (w *WebHook) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) {
    132. 

  132. 	// TO be implemented
    133. 

  133. 	return nil, fmt.Errorf("GetAllSecrets not implemented")
    134. 

  134. }
    135. 

  135. 

  136. func (w *WebHook) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
    137. 

  137. 	provider, err := getProvider(w.store)
    138. 

  138. 	if err != nil {
    139. 

  139. 		return nil, fmt.Errorf("failed to get store: %w", err)
    140. 

  140. 	}
    141. 

  141. 	result, err := w.getWebhookData(ctx, provider, ref)
    142. 

  142. 	if err != nil {
    143. 

  143. 		return nil, err
    144. 

  144. 	}
    145. 

  145. 	// Only parse as json if we have a jsonpath set
    146. 

  146. 	data, err := w.getTemplateData(ctx, ref, provider.Secrets)
    147. 

  147. 	if err != nil {
    148. 

  148. 		return nil, err
    149. 

  149. 	}
    150. 

  150. 	resultJSONPath, err := executeTemplateString(provider.Result.JSONPath, data)
    151. 

  151. 	if err != nil {
    152. 

  152. 		return nil, err
    153. 

  153. 	}
    154. 

  154. 	if resultJSONPath != "" {
    155. 

  155. 		jsondata := interface{}(nil)
    156. 

  156. 		if err := yaml.Unmarshal(result, &jsondata); err != nil {
    157. 

  157. 			return nil, fmt.Errorf("failed to parse response json: %w", err)
    158. 

  158. 		}
    159. 

  159. 		jsondata, err = jsonpath.Get(resultJSONPath, jsondata)
    160. 

  160. 		if err != nil {
    161. 

  161. 			return nil, fmt.Errorf("failed to get response path %s: %w", resultJSONPath, err)
    162. 

  162. 		}
    163. 

  163. 		jsonvalue, ok := jsondata.(string)
    164. 

  164. 		if !ok {
    165. 

  165. 			jsonvalues, ok := jsondata.([]interface{})
    166. 

  166. 			if !ok {
    167. 

  167. 				return nil, fmt.Errorf("failed to get response (wrong type: %T)", jsondata)
    168. 

  168. 			}
    169. 

  169. 			if len(jsonvalues) == 0 {
    170. 

  170. 				return nil, fmt.Errorf("filter worked but didn't get any result")
    171. 

  171. 			}
    172. 

  172. 			jsonvalue = jsonvalues[0].(string)
    173. 

  173. 		}
    174. 

  174. 		return []byte(jsonvalue), nil
    175. 

  175. 	}
    176. 

  176. 

  177. 	return result, nil
    178. 

  178. }
    179. 

  179. 

  180. func (w *WebHook) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    181. 

  181. 	provider, err := getProvider(w.store)
    182. 

  182. 	if err != nil {
    183. 

  183. 		return nil, fmt.Errorf("failed to get store: %w", err)
    184. 

  184. 	}
    185. 

  185. 	result, err := w.getWebhookData(ctx, provider, ref)
    186. 

  186. 	if err != nil {
    187. 

  187. 		return nil, err
    188. 

  188. 	}
    189. 

  189. 

  190. 	// We always want json here, so just parse it out
    191. 

  191. 	jsondata := interface{}(nil)
    192. 

  192. 	if err := yaml.Unmarshal(result, &jsondata); err != nil {
    193. 

  193. 		return nil, fmt.Errorf("failed to parse response json: %w", err)
    194. 

  194. 	}
    195. 

  195. 	// Get subdata via jsonpath, if given
    196. 

  196. 	if provider.Result.JSONPath != "" {
    197. 

  197. 		jsondata, err = jsonpath.Get(provider.Result.JSONPath, jsondata)
    198. 

  198. 		if err != nil {
    199. 

  199. 			return nil, fmt.Errorf("failed to get response path %s: %w", provider.Result.JSONPath, err)
    200. 

  200. 		}
    201. 

  201. 	}
    202. 

  202. 	// If the value is a string, try to parse it as json
    203. 

  203. 	jsonstring, ok := jsondata.(string)
    204. 

  204. 	if ok {
    205. 

  205. 		// This could also happen if the response was a single json-encoded string
    206. 

  206. 		// but that is an extremely unlikely scenario
    207. 

  207. 		if err := yaml.Unmarshal([]byte(jsonstring), &jsondata); err != nil {
    208. 

  208. 			return nil, fmt.Errorf("failed to parse response json from jsonpath: %w", err)
    209. 

  209. 		}
    210. 

  210. 	}
    211. 

  211. 	// Use the data as a key-value map
    212. 

  212. 	jsonvalue, ok := jsondata.(map[string]interface{})
    213. 

  213. 	if !ok {
    214. 

  214. 		return nil, fmt.Errorf("failed to get response (wrong type: %T)", jsondata)
    215. 

  215. 	}
    216. 

  216. 

  217. 	// Change the map of generic objects to a map of byte arrays
    218. 

  218. 	values := make(map[string][]byte)
    219. 

  219. 	for rKey, rValue := range jsonvalue {
    220. 

  220. 		jVal, ok := rValue.(string)
    221. 

  221. 		if !ok {
    222. 

  222. 			return nil, fmt.Errorf("failed to get response (wrong type in key '%s': %T)", rKey, rValue)
    223. 

  223. 		}
    224. 

  224. 		values[rKey] = []byte(jVal)
    225. 

  225. 	}
    226. 

  226. 	return values, nil
    227. 

  227. }
    228. 

  228. 

  229. func (w *WebHook) getTemplateData(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef, secrets []esv1beta1.WebhookSecret) (map[string]map[string]string, error) {
    230. 

  230. 	data := map[string]map[string]string{
    231. 

  231. 		"remoteRef": {
    232. 

  232. 			"key":      url.QueryEscape(ref.Key),
    233. 

  233. 			"version":  url.QueryEscape(ref.Version),
    234. 

  234. 			"property": url.QueryEscape(ref.Property),
    235. 

  235. 		},
    236. 

  236. 	}
    237. 

  237. 	for _, secref := range secrets {
    238. 

  238. 		if _, ok := data[secref.Name]; !ok {
    239. 

  239. 			data[secref.Name] = make(map[string]string)
    240. 

  240. 		}
    241. 

  241. 		secret, err := w.getStoreSecret(ctx, secref.SecretRef)
    242. 

  242. 		if err != nil {
    243. 

  243. 			return nil, err
    244. 

  244. 		}
    245. 

  245. 		for sKey, sVal := range secret.Data {
    246. 

  246. 			data[secref.Name][sKey] = string(sVal)
    247. 

  247. 		}
    248. 

  248. 	}
    249. 

  249. 	return data, nil
    250. 

  250. }
    251. 

  251. 

  252. func (w *WebHook) getWebhookData(ctx context.Context, provider *esv1beta1.WebhookProvider, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
    253. 

  253. 	if w.http == nil {
    254. 

  254. 		return nil, fmt.Errorf("http client not initialized")
    255. 

  255. 	}
    256. 

  256. 	data, err := w.getTemplateData(ctx, ref, provider.Secrets)
    257. 

  257. 	if err != nil {
    258. 

  258. 		return nil, err
    259. 

  259. 	}
    260. 

  260. 	method := provider.Method
    261. 

  261. 	if method == "" {
    262. 

  262. 		method = http.MethodGet
    263. 

  263. 	}
    264. 

  264. 	url, err := executeTemplateString(provider.URL, data)
    265. 

  265. 	if err != nil {
    266. 

  266. 		return nil, fmt.Errorf("failed to parse url: %w", err)
    267. 

  267. 	}
    268. 

  268. 	body, err := executeTemplate(provider.Body, data)
    269. 

  269. 	if err != nil {
    270. 

  270. 		return nil, fmt.Errorf("failed to parse body: %w", err)
    271. 

  271. 	}
    272. 

  272. 

  273. 	req, err := http.NewRequestWithContext(ctx, method, url, &body)
    274. 

  274. 	if err != nil {
    275. 

  275. 		return nil, fmt.Errorf("failed to create request: %w", err)
    276. 

  276. 	}
    277. 

  277. 	for hKey, hValueTpl := range provider.Headers {
    278. 

  278. 		hValue, err := executeTemplateString(hValueTpl, data)
    279. 

  279. 		if err != nil {
    280. 

  280. 			return nil, fmt.Errorf("failed to parse header %s: %w", hKey, err)
    281. 

  281. 		}
    282. 

  282. 		req.Header.Add(hKey, hValue)
    283. 

  283. 	}
    284. 

  284. 

  285. 	resp, err := w.http.Do(req)
    286. 

  286. 	metrics.ObserveAPICall(constants.ProviderWebhook, constants.CallWebhookHTTPReq, err)
    287. 

  287. 	if err != nil {
    288. 

  288. 		return nil, fmt.Errorf("failed to call endpoint: %w", err)
    289. 

  289. 	}
    290. 

  290. 	defer resp.Body.Close()
    291. 

  291. 	if resp.StatusCode == 404 {
    292. 

  292. 		return nil, esv1beta1.NoSecretError{}
    293. 

  293. 	}
    294. 

  294. 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
    295. 

  295. 		return nil, fmt.Errorf("endpoint gave error %s", resp.Status)
    296. 

  296. 	}
    297. 

  297. 	return io.ReadAll(resp.Body)
    298. 

  298. }
    299. 

  299. 

  300. func (w *WebHook) getHTTPClient(provider *esv1beta1.WebhookProvider) (*http.Client, error) {
    301. 

  301. 	client := &http.Client{}
    302. 

  302. 	if provider.Timeout != nil {
    303. 

  303. 		client.Timeout = provider.Timeout.Duration
    304. 

  304. 	}
    305. 

  305. 	if len(provider.CABundle) == 0 && provider.CAProvider == nil {
    306. 

  306. 		// No need to process ca stuff if it is not there
    307. 

  307. 		return client, nil
    308. 

  308. 	}
    309. 

  309. 	caCertPool, err := w.getCACertPool(provider)
    310. 

  310. 	if err != nil {
    311. 

  311. 		return nil, err
    312. 

  312. 	}
    313. 

  313. 

  314. 	tlsConf := &tls.Config{
    315. 

  315. 		RootCAs:    caCertPool,
    316. 

  316. 		MinVersion: tls.VersionTLS12,
    317. 

  317. 	}
    318. 

  318. 	client.Transport = &http.Transport{TLSClientConfig: tlsConf}
    319. 

  319. 	return client, nil
    320. 

  320. }
    321. 

  321. 

  322. func (w *WebHook) getCACertPool(provider *esv1beta1.WebhookProvider) (*x509.CertPool, error) {
    323. 

  323. 	caCertPool := x509.NewCertPool()
    324. 

  324. 	if len(provider.CABundle) > 0 {
    325. 

  325. 		ok := caCertPool.AppendCertsFromPEM(provider.CABundle)
    326. 

  326. 		if !ok {
    327. 

  327. 			return nil, fmt.Errorf("failed to append cabundle")
    328. 

  328. 		}
    329. 

  329. 	}
    330. 

  330. 

  331. 	if provider.CAProvider != nil && w.storeKind == esv1beta1.ClusterSecretStoreKind && provider.CAProvider.Namespace == nil {
    332. 

  332. 		return nil, fmt.Errorf("missing namespace on CAProvider secret")
    333. 

  333. 	}
    334. 

  334. 

  335. 	if provider.CAProvider != nil {
    336. 

  336. 		var cert []byte
    337. 

  337. 		var err error
    338. 

  338. 

  339. 		switch provider.CAProvider.Type {
    340. 

  340. 		case esv1beta1.WebhookCAProviderTypeSecret:
    341. 

  341. 			cert, err = w.getCertFromSecret(provider)
    342. 

  342. 		case esv1beta1.WebhookCAProviderTypeConfigMap:
    343. 

  343. 			cert, err = w.getCertFromConfigMap(provider)
    344. 

  344. 		default:
    345. 

  345. 			err = fmt.Errorf("unknown caprovider type: %s", provider.CAProvider.Type)
    346. 

  346. 		}
    347. 

  347. 

  348. 		if err != nil {
    349. 

  349. 			return nil, err
    350. 

  350. 		}
    351. 

  351. 

  352. 		ok := caCertPool.AppendCertsFromPEM(cert)
    353. 

  353. 		if !ok {
    354. 

  354. 			return nil, fmt.Errorf("failed to append cabundle")
    355. 

  355. 		}
    356. 

  356. 	}
    357. 

  357. 	return caCertPool, nil
    358. 

  358. }
    359. 

  359. 

  360. func (w *WebHook) getCertFromSecret(provider *esv1beta1.WebhookProvider) ([]byte, error) {
    361. 

  361. 	secretRef := esmeta.SecretKeySelector{
    362. 

  362. 		Name: provider.CAProvider.Name,
    363. 

  363. 		Key:  provider.CAProvider.Key,
    364. 

  364. 	}
    365. 

  365. 

  366. 	if provider.CAProvider.Namespace != nil {
    367. 

  367. 		secretRef.Namespace = provider.CAProvider.Namespace
    368. 

  368. 	}
    369. 

  369. 

  370. 	ctx := context.Background()
    371. 

  371. 	res, err := w.secretKeyRef(ctx, &secretRef)
    372. 

  372. 	if err != nil {
    373. 

  373. 		return nil, err
    374. 

  374. 	}
    375. 

  375. 

  376. 	return []byte(res), nil
    377. 

  377. }
    378. 

  378. 

  379. func (w *WebHook) secretKeyRef(ctx context.Context, secretRef *esmeta.SecretKeySelector) (string, error) {
    380. 

  380. 	secret := &corev1.Secret{}
    381. 

  381. 	ref := client.ObjectKey{
    382. 

  382. 		Namespace: w.namespace,
    383. 

  383. 		Name:      secretRef.Name,
    384. 

  384. 	}
    385. 

  385. 	if (w.storeKind == esv1beta1.ClusterSecretStoreKind) &&
    386. 

  386. 		(secretRef.Namespace != nil) {
    387. 

  387. 		ref.Namespace = *secretRef.Namespace
    388. 

  388. 	}
    389. 

  389. 	err := w.kube.Get(ctx, ref, secret)
    390. 

  390. 	if err != nil {
    391. 

  391. 		return "", err
    392. 

  392. 	}
    393. 

  393. 

  394. 	keyBytes, ok := secret.Data[secretRef.Key]
    395. 

  395. 	if !ok {
    396. 

  396. 		return "", err
    397. 

  397. 	}
    398. 

  398. 

  399. 	value := string(keyBytes)
    400. 

  400. 	valueStr := strings.TrimSpace(value)
    401. 

  401. 	return valueStr, nil
    402. 

  402. }
    403. 

  403. 

  404. func (w *WebHook) getCertFromConfigMap(provider *esv1beta1.WebhookProvider) ([]byte, error) {
    405. 

  405. 	objKey := client.ObjectKey{
    406. 

  406. 		Name: provider.CAProvider.Name,
    407. 

  407. 	}
    408. 

  408. 

  409. 	if provider.CAProvider.Namespace != nil {
    410. 

  410. 		objKey.Namespace = *provider.CAProvider.Namespace
    411. 

  411. 	}
    412. 

  412. 

  413. 	configMapRef := &corev1.ConfigMap{}
    414. 

  414. 	ctx := context.Background()
    415. 

  415. 	err := w.kube.Get(ctx, objKey, configMapRef)
    416. 

  416. 	if err != nil {
    417. 

  417. 		return nil, fmt.Errorf("failed to get caprovider secret %s: %w", objKey.Name, err)
    418. 

  418. 	}
    419. 

  419. 

  420. 	val, ok := configMapRef.Data[provider.CAProvider.Key]
    421. 

  421. 	if !ok {
    422. 

  422. 		return nil, fmt.Errorf("failed to get caprovider configmap %s -> %s", objKey.Name, provider.CAProvider.Key)
    423. 

  423. 	}
    424. 

  424. 

  425. 	return []byte(val), nil
    426. 

  426. }
    427. 

  427. 

  428. func (w *WebHook) Close(_ context.Context) error {
    429. 

  429. 	return nil
    430. 

  430. }
    431. 

  431. 

  432. func (w *WebHook) Validate() (esv1beta1.ValidationResult, error) {
    433. 

  433. 	timeout := 15 * time.Second
    434. 

  434. 	url := w.url
    435. 

  435. 

  436. 	if err := utils.NetworkValidate(url, timeout); err != nil {
    437. 

  437. 		return esv1beta1.ValidationResultError, err
    438. 

  438. 	}
    439. 

  439. 	return esv1beta1.ValidationResultReady, nil
    440. 

  440. }
    441. 

  441. 

  442. func executeTemplateString(tmpl string, data map[string]map[string]string) (string, error) {
    443. 

  443. 	result, err := executeTemplate(tmpl, data)
    444. 

  444. 	if err != nil {
    445. 

  445. 		return "", err
    446. 

  446. 	}
    447. 

  447. 	return result.String(), nil
    448. 

  448. }
    449. 

  449. 

  450. func executeTemplate(tmpl string, data map[string]map[string]string) (bytes.Buffer, error) {
    451. 

  451. 	var result bytes.Buffer
    452. 

  452. 	if tmpl == "" {
    453. 

  453. 		return result, nil
    454. 

  454. 	}
    455. 

  455. 	urlt, err := tpl.New("webhooktemplate").Funcs(template.FuncMap()).Parse(tmpl)
    456. 

  456. 	if err != nil {
    457. 

  457. 		return result, err
    458. 

  458. 	}
    459. 

  459. 	if err := urlt.Execute(&result, data); err != nil {
    460. 

  460. 		return result, err
    461. 

  461. 	}
    462. 

  462. 	return result, nil
    463. 

  463. }
    464.