Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: a012f4829c
Branches Tags
helm-externa...
/
pkg
/
provider
/
webhook
/
webhook.go

webhook.go 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package webhook
    16. 

  16. 

  17. import (
    18. 

  18. 	"bytes"
    19. 

  19. 	"context"
    20. 

  20. 	"crypto/tls"
    21. 

  21. 	"crypto/x509"
    22. 

  22. 	"encoding/json"
    23. 

  23. 	"fmt"
    24. 

  24. 	"io"
    25. 

  25. 	"net/http"
    26. 

  26. 	"net/url"
    27. 

  27. 	"strconv"
    28. 

  28. 	tpl "text/template"
    29. 

  29. 	"time"
    30. 

  30. 

  31. 	"github.com/PaesslerAG/jsonpath"
    32. 

  32. 	corev1 "k8s.io/api/core/v1"
    33. 

  33. 	"sigs.k8s.io/controller-runtime/pkg/client"
    34. 

  34. 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
    35. 

  35. 

  36. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    37. 

  37. 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
    38. 

  38. 	"github.com/external-secrets/external-secrets/pkg/constants"
    39. 

  39. 	"github.com/external-secrets/external-secrets/pkg/metrics"
    40. 

  40. 	"github.com/external-secrets/external-secrets/pkg/template/v2"
    41. 

  41. 	"github.com/external-secrets/external-secrets/pkg/utils"
    42. 

  42. 	"github.com/external-secrets/external-secrets/pkg/utils/resolvers"
    43. 

  43. )
    44. 

  44. 

  45. // https://github.com/external-secrets/external-secrets/issues/644
    46. 

  46. var _ esv1beta1.SecretsClient = &WebHook{}
    47. 

  47. var _ esv1beta1.Provider = &Provider{}
    48. 

  48. 

  49. // Provider satisfies the provider interface.
    50. 

  50. type Provider struct{}
    51. 

  51. 

  52. type WebHook struct {
    53. 

  53. 	kube      client.Client
    54. 

  54. 	store     esv1beta1.GenericStore
    55. 

  55. 	namespace string
    56. 

  56. 	storeKind string
    57. 

  57. 	http      *http.Client
    58. 

  58. 	url       string
    59. 

  59. }
    60. 

  60. 

  61. func init() {
    62. 

  62. 	esv1beta1.Register(&Provider{}, &esv1beta1.SecretStoreProvider{
    63. 

  63. 		Webhook: &esv1beta1.WebhookProvider{},
    64. 

  64. 	})
    65. 

  65. }
    66. 

  66. 

  67. // Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).
    68. 

  68. func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities {
    69. 

  69. 	return esv1beta1.SecretStoreReadOnly
    70. 

  70. }
    71. 

  71. 

  72. func (p *Provider) NewClient(_ context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) {
    73. 

  73. 	whClient := &WebHook{
    74. 

  74. 		kube:      kube,
    75. 

  75. 		store:     store,
    76. 

  76. 		namespace: namespace,
    77. 

  77. 		storeKind: store.GetObjectKind().GroupVersionKind().Kind,
    78. 

  78. 	}
    79. 

  79. 	provider, err := getProvider(store)
    80. 

  80. 	if err != nil {
    81. 

  81. 		return nil, err
    82. 

  82. 	}
    83. 

  83. 	whClient.url = provider.URL
    84. 

  84. 

  85. 	whClient.http, err = whClient.getHTTPClient(provider)
    86. 

  86. 	if err != nil {
    87. 

  87. 		return nil, err
    88. 

  88. 	}
    89. 

  89. 	return whClient, nil
    90. 

  90. }
    91. 

  91. 

  92. func (p *Provider) ValidateStore(_ esv1beta1.GenericStore) (admission.Warnings, error) {
    93. 

  93. 	return nil, nil
    94. 

  94. }
    95. 

  95. 

  96. func getProvider(store esv1beta1.GenericStore) (*esv1beta1.WebhookProvider, error) {
    97. 

  97. 	spc := store.GetSpec()
    98. 

  98. 	if spc == nil || spc.Provider == nil || spc.Provider.Webhook == nil {
    99. 

  99. 		return nil, fmt.Errorf("missing store provider webhook")
    100. 

  100. 	}
    101. 

  101. 	return spc.Provider.Webhook, nil
    102. 

  102. }
    103. 

  103. 

  104. func (w *WebHook) getStoreSecret(ctx context.Context, ref esmeta.SecretKeySelector) (*corev1.Secret, error) {
    105. 

  105. 	ke := client.ObjectKey{
    106. 

  106. 		Name:      ref.Name,
    107. 

  107. 		Namespace: w.namespace,
    108. 

  108. 	}
    109. 

  109. 	if w.storeKind == esv1beta1.ClusterSecretStoreKind {
    110. 

  110. 		if ref.Namespace == nil {
    111. 

  111. 			return nil, fmt.Errorf("no namespace on ClusterSecretStore webhook secret %s", ref.Name)
    112. 

  112. 		}
    113. 

  113. 		ke.Namespace = *ref.Namespace
    114. 

  114. 	}
    115. 

  115. 	secret := &corev1.Secret{}
    116. 

  116. 	if err := w.kube.Get(ctx, ke, secret); err != nil {
    117. 

  117. 		return nil, fmt.Errorf("failed to get clustersecretstore webhook secret %s: %w", ref.Name, err)
    118. 

  118. 	}
    119. 

  119. 	return secret, nil
    120. 

  120. }
    121. 

  121. 

  122. func (w *WebHook) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error {
    123. 

  123. 	return fmt.Errorf("not implemented")
    124. 

  124. }
    125. 

  125. 

  126. // Not Implemented PushSecret.
    127. 

  127. func (w *WebHook) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error {
    128. 

  128. 	return fmt.Errorf("not implemented")
    129. 

  129. }
    130. 

  130. 

  131. // Empty GetAllSecrets.
    132. 

  132. func (w *WebHook) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) {
    133. 

  133. 	// TO be implemented
    134. 

  134. 	return nil, fmt.Errorf("GetAllSecrets not implemented")
    135. 

  135. }
    136. 

  136. 

  137. func (w *WebHook) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
    138. 

  138. 	provider, err := getProvider(w.store)
    139. 

  139. 	if err != nil {
    140. 

  140. 		return nil, fmt.Errorf("failed to get store: %w", err)
    141. 

  141. 	}
    142. 

  142. 	result, err := w.getWebhookData(ctx, provider, ref)
    143. 

  143. 	if err != nil {
    144. 

  144. 		return nil, err
    145. 

  145. 	}
    146. 

  146. 	// Only parse as json if we have a jsonpath set
    147. 

  147. 	data, err := w.getTemplateData(ctx, ref, provider.Secrets)
    148. 

  148. 	if err != nil {
    149. 

  149. 		return nil, err
    150. 

  150. 	}
    151. 

  151. 	resultJSONPath, err := executeTemplateString(provider.Result.JSONPath, data)
    152. 

  152. 	if err != nil {
    153. 

  153. 		return nil, err
    154. 

  154. 	}
    155. 

  155. 	if resultJSONPath != "" {
    156. 

  156. 		jsondata := interface{}(nil)
    157. 

  157. 		if err := json.Unmarshal(result, &jsondata); err != nil {
    158. 

  158. 			return nil, fmt.Errorf("failed to parse response json: %w", err)
    159. 

  159. 		}
    160. 

  160. 		jsondata, err = jsonpath.Get(resultJSONPath, jsondata)
    161. 

  161. 		if err != nil {
    162. 

  162. 			return nil, fmt.Errorf("failed to get response path %s: %w", resultJSONPath, err)
    163. 

  163. 		}
    164. 

  164. 		return extractSecretData(jsondata)
    165. 

  165. 	}
    166. 

  166. 

  167. 	return result, nil
    168. 

  168. }
    169. 

  169. 

  170. // tries to extract data from an interface{}
    171. 

  171. // it is supposed to return a single value.
    172. 

  172. func extractSecretData(jsondata any) ([]byte, error) {
    173. 

  173. 	switch val := jsondata.(type) {
    174. 

  174. 	case bool:
    175. 

  175. 		return []byte(strconv.FormatBool(val)), nil
    176. 

  176. 	case nil:
    177. 

  177. 		return []byte{}, nil
    178. 

  178. 	case int:
    179. 

  179. 		return []byte(strconv.Itoa(val)), nil
    180. 

  180. 	case float64:
    181. 

  181. 		return []byte(strconv.FormatFloat(val, 'f', 0, 64)), nil
    182. 

  182. 	case []byte:
    183. 

  183. 		return val, nil
    184. 

  184. 	case string:
    185. 

  185. 		return []byte(val), nil
    186. 

  186. 

  187. 	// due to backwards compatibility we must keep this!
    188. 

  188. 	// in case we see a []something we pick the first element and return it
    189. 

  189. 	case []any:
    190. 

  190. 		if len(val) == 0 {
    191. 

  191. 			return nil, fmt.Errorf("filter worked but didn't get any result")
    192. 

  192. 		}
    193. 

  193. 		return extractSecretData(val[0])
    194. 

  194. 

  195. 	// in case we encounter a map we serialize it instead of erroring out
    196. 

  196. 	// The user should use that data from within a template and figure
    197. 

  197. 	// out how to deal with it.
    198. 

  198. 	case map[string]any:
    199. 

  199. 		return json.Marshal(val)
    200. 

  200. 	default:
    201. 

  201. 		return nil, fmt.Errorf("failed to get response (wrong type: %T)", jsondata)
    202. 

  202. 	}
    203. 

  203. }
    204. 

  204. 

  205. func (w *WebHook) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    206. 

  206. 	provider, err := getProvider(w.store)
    207. 

  207. 	if err != nil {
    208. 

  208. 		return nil, fmt.Errorf("failed to get store: %w", err)
    209. 

  209. 	}
    210. 

  210. 	result, err := w.getWebhookData(ctx, provider, ref)
    211. 

  211. 	if err != nil {
    212. 

  212. 		return nil, err
    213. 

  213. 	}
    214. 

  214. 

  215. 	// We always want json here, so just parse it out
    216. 

  216. 	jsondata := interface{}(nil)
    217. 

  217. 	if err := json.Unmarshal(result, &jsondata); err != nil {
    218. 

  218. 		return nil, fmt.Errorf("failed to parse response json: %w", err)
    219. 

  219. 	}
    220. 

  220. 	// Get subdata via jsonpath, if given
    221. 

  221. 	if provider.Result.JSONPath != "" {
    222. 

  222. 		jsondata, err = jsonpath.Get(provider.Result.JSONPath, jsondata)
    223. 

  223. 		if err != nil {
    224. 

  224. 			return nil, fmt.Errorf("failed to get response path %s: %w", provider.Result.JSONPath, err)
    225. 

  225. 		}
    226. 

  226. 	}
    227. 

  227. 	// If the value is a string, try to parse it as json
    228. 

  228. 	jsonstring, ok := jsondata.(string)
    229. 

  229. 	if ok {
    230. 

  230. 		// This could also happen if the response was a single json-encoded string
    231. 

  231. 		// but that is an extremely unlikely scenario
    232. 

  232. 		if err := json.Unmarshal([]byte(jsonstring), &jsondata); err != nil {
    233. 

  233. 			return nil, fmt.Errorf("failed to parse response json from jsonpath: %w", err)
    234. 

  234. 		}
    235. 

  235. 	}
    236. 

  236. 	// Use the data as a key-value map
    237. 

  237. 	jsonvalue, ok := jsondata.(map[string]interface{})
    238. 

  238. 	if !ok {
    239. 

  239. 		return nil, fmt.Errorf("failed to get response (wrong type: %T)", jsondata)
    240. 

  240. 	}
    241. 

  241. 

  242. 	// Change the map of generic objects to a map of byte arrays
    243. 

  243. 	values := make(map[string][]byte)
    244. 

  244. 	for rKey, rValue := range jsonvalue {
    245. 

  245. 		jVal, ok := rValue.(string)
    246. 

  246. 		if !ok {
    247. 

  247. 			return nil, fmt.Errorf("failed to get response (wrong type in key '%s': %T)", rKey, rValue)
    248. 

  248. 		}
    249. 

  249. 		values[rKey] = []byte(jVal)
    250. 

  250. 	}
    251. 

  251. 	return values, nil
    252. 

  252. }
    253. 

  253. 

  254. func (w *WebHook) getTemplateData(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef, secrets []esv1beta1.WebhookSecret) (map[string]map[string]string, error) {
    255. 

  255. 	data := map[string]map[string]string{
    256. 

  256. 		"remoteRef": {
    257. 

  257. 			"key":      url.QueryEscape(ref.Key),
    258. 

  258. 			"version":  url.QueryEscape(ref.Version),
    259. 

  259. 			"property": url.QueryEscape(ref.Property),
    260. 

  260. 		},
    261. 

  261. 	}
    262. 

  262. 	for _, secref := range secrets {
    263. 

  263. 		if _, ok := data[secref.Name]; !ok {
    264. 

  264. 			data[secref.Name] = make(map[string]string)
    265. 

  265. 		}
    266. 

  266. 		secret, err := w.getStoreSecret(ctx, secref.SecretRef)
    267. 

  267. 		if err != nil {
    268. 

  268. 			return nil, err
    269. 

  269. 		}
    270. 

  270. 		for sKey, sVal := range secret.Data {
    271. 

  271. 			data[secref.Name][sKey] = string(sVal)
    272. 

  272. 		}
    273. 

  273. 	}
    274. 

  274. 	return data, nil
    275. 

  275. }
    276. 

  276. 

  277. func (w *WebHook) getWebhookData(ctx context.Context, provider *esv1beta1.WebhookProvider, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
    278. 

  278. 	if w.http == nil {
    279. 

  279. 		return nil, fmt.Errorf("http client not initialized")
    280. 

  280. 	}
    281. 

  281. 	data, err := w.getTemplateData(ctx, ref, provider.Secrets)
    282. 

  282. 	if err != nil {
    283. 

  283. 		return nil, err
    284. 

  284. 	}
    285. 

  285. 	method := provider.Method
    286. 

  286. 	if method == "" {
    287. 

  287. 		method = http.MethodGet
    288. 

  288. 	}
    289. 

  289. 	url, err := executeTemplateString(provider.URL, data)
    290. 

  290. 	if err != nil {
    291. 

  291. 		return nil, fmt.Errorf("failed to parse url: %w", err)
    292. 

  292. 	}
    293. 

  293. 	body, err := executeTemplate(provider.Body, data)
    294. 

  294. 	if err != nil {
    295. 

  295. 		return nil, fmt.Errorf("failed to parse body: %w", err)
    296. 

  296. 	}
    297. 

  297. 

  298. 	req, err := http.NewRequestWithContext(ctx, method, url, &body)
    299. 

  299. 	if err != nil {
    300. 

  300. 		return nil, fmt.Errorf("failed to create request: %w", err)
    301. 

  301. 	}
    302. 

  302. 	for hKey, hValueTpl := range provider.Headers {
    303. 

  303. 		hValue, err := executeTemplateString(hValueTpl, data)
    304. 

  304. 		if err != nil {
    305. 

  305. 			return nil, fmt.Errorf("failed to parse header %s: %w", hKey, err)
    306. 

  306. 		}
    307. 

  307. 		req.Header.Add(hKey, hValue)
    308. 

  308. 	}
    309. 

  309. 

  310. 	resp, err := w.http.Do(req)
    311. 

  311. 	metrics.ObserveAPICall(constants.ProviderWebhook, constants.CallWebhookHTTPReq, err)
    312. 

  312. 	if err != nil {
    313. 

  313. 		return nil, fmt.Errorf("failed to call endpoint: %w", err)
    314. 

  314. 	}
    315. 

  315. 	defer resp.Body.Close()
    316. 

  316. 	if resp.StatusCode == 404 {
    317. 

  317. 		return nil, esv1beta1.NoSecretError{}
    318. 

  318. 	}
    319. 

  319. 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
    320. 

  320. 		return nil, fmt.Errorf("endpoint gave error %s", resp.Status)
    321. 

  321. 	}
    322. 

  322. 	return io.ReadAll(resp.Body)
    323. 

  323. }
    324. 

  324. 

  325. func (w *WebHook) getHTTPClient(provider *esv1beta1.WebhookProvider) (*http.Client, error) {
    326. 

  326. 	client := &http.Client{}
    327. 

  327. 	if provider.Timeout != nil {
    328. 

  328. 		client.Timeout = provider.Timeout.Duration
    329. 

  329. 	}
    330. 

  330. 	if len(provider.CABundle) == 0 && provider.CAProvider == nil {
    331. 

  331. 		// No need to process ca stuff if it is not there
    332. 

  332. 		return client, nil
    333. 

  333. 	}
    334. 

  334. 	caCertPool, err := w.getCACertPool(provider)
    335. 

  335. 	if err != nil {
    336. 

  336. 		return nil, err
    337. 

  337. 	}
    338. 

  338. 

  339. 	tlsConf := &tls.Config{
    340. 

  340. 		RootCAs:    caCertPool,
    341. 

  341. 		MinVersion: tls.VersionTLS12,
    342. 

  342. 	}
    343. 

  343. 	client.Transport = &http.Transport{TLSClientConfig: tlsConf}
    344. 

  344. 	return client, nil
    345. 

  345. }
    346. 

  346. 

  347. func (w *WebHook) getCACertPool(provider *esv1beta1.WebhookProvider) (*x509.CertPool, error) {
    348. 

  348. 	caCertPool := x509.NewCertPool()
    349. 

  349. 	if len(provider.CABundle) > 0 {
    350. 

  350. 		ok := caCertPool.AppendCertsFromPEM(provider.CABundle)
    351. 

  351. 		if !ok {
    352. 

  352. 			return nil, fmt.Errorf("failed to append cabundle")
    353. 

  353. 		}
    354. 

  354. 	}
    355. 

  355. 

  356. 	if provider.CAProvider != nil && w.storeKind == esv1beta1.ClusterSecretStoreKind && provider.CAProvider.Namespace == nil {
    357. 

  357. 		return nil, fmt.Errorf("missing namespace on CAProvider secret")
    358. 

  358. 	}
    359. 

  359. 

  360. 	if provider.CAProvider != nil {
    361. 

  361. 		var cert []byte
    362. 

  362. 		var err error
    363. 

  363. 

  364. 		switch provider.CAProvider.Type {
    365. 

  365. 		case esv1beta1.WebhookCAProviderTypeSecret:
    366. 

  366. 			cert, err = w.getCertFromSecret(provider)
    367. 

  367. 		case esv1beta1.WebhookCAProviderTypeConfigMap:
    368. 

  368. 			cert, err = w.getCertFromConfigMap(provider)
    369. 

  369. 		default:
    370. 

  370. 			err = fmt.Errorf("unknown caprovider type: %s", provider.CAProvider.Type)
    371. 

  371. 		}
    372. 

  372. 

  373. 		if err != nil {
    374. 

  374. 			return nil, err
    375. 

  375. 		}
    376. 

  376. 

  377. 		ok := caCertPool.AppendCertsFromPEM(cert)
    378. 

  378. 		if !ok {
    379. 

  379. 			return nil, fmt.Errorf("failed to append cabundle")
    380. 

  380. 		}
    381. 

  381. 	}
    382. 

  382. 	return caCertPool, nil
    383. 

  383. }
    384. 

  384. 

  385. func (w *WebHook) getCertFromSecret(provider *esv1beta1.WebhookProvider) ([]byte, error) {
    386. 

  386. 	secretRef := esmeta.SecretKeySelector{
    387. 

  387. 		Name:      provider.CAProvider.Name,
    388. 

  388. 		Namespace: &w.namespace,
    389. 

  389. 		Key:       provider.CAProvider.Key,
    390. 

  390. 	}
    391. 

  391. 

  392. 	if provider.CAProvider.Namespace != nil {
    393. 

  393. 		secretRef.Namespace = provider.CAProvider.Namespace
    394. 

  394. 	}
    395. 

  395. 

  396. 	ctx := context.Background()
    397. 

  397. 	cert, err := resolvers.SecretKeyRef(
    398. 

  398. 		ctx,
    399. 

  399. 		w.kube,
    400. 

  400. 		w.storeKind,
    401. 

  401. 		w.namespace,
    402. 

  402. 		&secretRef,
    403. 

  403. 	)
    404. 

  404. 	if err != nil {
    405. 

  405. 		return nil, err
    406. 

  406. 	}
    407. 

  407. 

  408. 	return []byte(cert), nil
    409. 

  409. }
    410. 

  410. 

  411. func (w *WebHook) getCertFromConfigMap(provider *esv1beta1.WebhookProvider) ([]byte, error) {
    412. 

  412. 	objKey := client.ObjectKey{
    413. 

  413. 		Name: provider.CAProvider.Name,
    414. 

  414. 	}
    415. 

  415. 

  416. 	if provider.CAProvider.Namespace != nil {
    417. 

  417. 		objKey.Namespace = *provider.CAProvider.Namespace
    418. 

  418. 	}
    419. 

  419. 

  420. 	configMapRef := &corev1.ConfigMap{}
    421. 

  421. 	ctx := context.Background()
    422. 

  422. 	err := w.kube.Get(ctx, objKey, configMapRef)
    423. 

  423. 	if err != nil {
    424. 

  424. 		return nil, fmt.Errorf("failed to get caprovider secret %s: %w", objKey.Name, err)
    425. 

  425. 	}
    426. 

  426. 

  427. 	val, ok := configMapRef.Data[provider.CAProvider.Key]
    428. 

  428. 	if !ok {
    429. 

  429. 		return nil, fmt.Errorf("failed to get caprovider configmap %s -> %s", objKey.Name, provider.CAProvider.Key)
    430. 

  430. 	}
    431. 

  431. 

  432. 	return []byte(val), nil
    433. 

  433. }
    434. 

  434. 

  435. func (w *WebHook) Close(_ context.Context) error {
    436. 

  436. 	return nil
    437. 

  437. }
    438. 

  438. 

  439. func (w *WebHook) Validate() (esv1beta1.ValidationResult, error) {
    440. 

  440. 	timeout := 15 * time.Second
    441. 

  441. 	url := w.url
    442. 

  442. 

  443. 	if err := utils.NetworkValidate(url, timeout); err != nil {
    444. 

  444. 		return esv1beta1.ValidationResultError, err
    445. 

  445. 	}
    446. 

  446. 	return esv1beta1.ValidationResultReady, nil
    447. 

  447. }
    448. 

  448. 

  449. func executeTemplateString(tmpl string, data map[string]map[string]string) (string, error) {
    450. 

  450. 	result, err := executeTemplate(tmpl, data)
    451. 

  451. 	if err != nil {
    452. 

  452. 		return "", err
    453. 

  453. 	}
    454. 

  454. 	return result.String(), nil
    455. 

  455. }
    456. 

  456. 

  457. func executeTemplate(tmpl string, data map[string]map[string]string) (bytes.Buffer, error) {
    458. 

  458. 	var result bytes.Buffer
    459. 

  459. 	if tmpl == "" {
    460. 

  460. 		return result, nil
    461. 

  461. 	}
    462. 

  462. 	urlt, err := tpl.New("webhooktemplate").Funcs(template.FuncMap()).Parse(tmpl)
    463. 

  463. 	if err != nil {
    464. 

  464. 		return result, err
    465. 

  465. 	}
    466. 

  466. 	if err := urlt.Execute(&result, data); err != nil {
    467. 

  467. 		return result, err
    468. 

  468. 	}
    469. 

  469. 	return result, nil
    470. 

  470. }
    471.