terraform-provider-kubernetes/kubernetes/schema_webhook_client_config.go at 95f03c6c35f35633c8a86131d417b629de41a037 · hashicorp/terraform-provider-kubernetes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// Copyright IBM Corp. 2017, 2025
// SPDX-License-Identifier: MPL-2.0

package kubernetes

import (
	"errors"
	"net/url"

	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
)

func serviceReferenceFields() map[string]*schema.Schema {
	apiDoc := admissionregistrationv1.ServiceReference{}.SwaggerDoc()
	return map[string]*schema.Schema{
		"name": {
			Type:        schema.TypeString,
			Description: apiDoc["name"],
			Required:    true,
		},
		"namespace": {
			Type:        schema.TypeString,
			Description: apiDoc["namespace"],
			Required:    true,
		},
		"path": {
			Type:        schema.TypeString,
			Description: apiDoc["path"],
			Optional:    true,
		},
		"port": {
			Type:        schema.TypeInt,
			Description: apiDoc["port"],
			Optional:    true,
			Default:     443,
		},
	}
}

func webhookClientConfigFields() map[string]*schema.Schema {
	apiDoc := admissionregistrationv1.WebhookClientConfig{}.SwaggerDoc()
	return map[string]*schema.Schema{
		"ca_bundle": {
			Type:        schema.TypeString,
			Description: apiDoc["caBundle"],
			Optional:    true,
		},
		"service": {
			Type:        schema.TypeList,
			Optional:    true,
			Description: apiDoc["service"],
			MaxItems:    1,
			Elem: &schema.Resource{
				Schema: serviceReferenceFields(),
			},
		},
		"url": {
			Type:        schema.TypeString,
			Description: apiDoc["url"],
			Optional:    true,
			ValidateFunc: func(v interface{}, k string) ([]string, []error) {
				u, err := url.Parse(v.(string))
				if err != nil {
					return nil, []error{err}
				}

				errs := []error{}

				if u.Scheme != "https" {
					errs = append(errs, errors.New("url: scheme must be https"))
				}

				if u.Host == "" {
					errs = append(errs, errors.New("url: host must be provided"))
				}

				if u.User != nil {
					errs = append(errs, errors.New("url: user info is not permitted"))
				}

				if u.Fragment != "" || u.RawQuery != "" {
					errs = append(errs, errors.New("url: fragments and query parameters are not permitted"))
				}

				return nil, errs
			},
		},
	}
}