mirror of
https://github.com/1Password/onepassword-operator.git
synced 2025-10-21 23:18:06 +00:00
88 lines
2.4 KiB
Go
88 lines
2.4 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"flag"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
|
|
"github.com/1Password/onepassword-operator/secret-injector/pkg/webhook"
|
|
"github.com/golang/glog"
|
|
)
|
|
|
|
const (
|
|
connectTokenSecretKeyEnv = "OP_CONNECT_TOKEN_KEY"
|
|
connectTokenSecretNameEnv = "OP_CONNECT_TOKEN_NAME"
|
|
connectHostEnv = "OP_CONNECT_HOST"
|
|
)
|
|
|
|
func main() {
|
|
var parameters webhook.SecretInjectorParameters
|
|
|
|
glog.Info("Starting webhook")
|
|
// get command line parameters
|
|
flag.IntVar(¶meters.Port, "port", 8443, "Webhook server port.")
|
|
flag.StringVar(¶meters.CertFile, "tlsCertFile", "/etc/webhook/certs/cert.pem", "File containing the x509 Certificate for HTTPS.")
|
|
flag.StringVar(¶meters.KeyFile, "tlsKeyFile", "/etc/webhook/certs/key.pem", "File containing the x509 private key to --tlsCertFile.")
|
|
flag.Parse()
|
|
|
|
pair, err := tls.LoadX509KeyPair(parameters.CertFile, parameters.KeyFile)
|
|
if err != nil {
|
|
glog.Errorf("Failed to load key pair: %v", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
connectHost, present := os.LookupEnv(connectHostEnv)
|
|
if !present || connectHost == "" {
|
|
glog.Error("Connect host not set")
|
|
}
|
|
|
|
connectTokenName, present := os.LookupEnv(connectTokenSecretNameEnv)
|
|
if !present || connectTokenName == "" {
|
|
glog.Error("Connect token name not set")
|
|
}
|
|
|
|
connectTokenKey, present := os.LookupEnv(connectTokenSecretKeyEnv)
|
|
if !present || connectTokenKey == "" {
|
|
glog.Error("Connect token key not set")
|
|
}
|
|
|
|
webhookConfig := webhook.Config{
|
|
ConnectHost: connectHost,
|
|
ConnectTokenName: connectTokenName,
|
|
ConnectTokenKey: connectTokenKey,
|
|
}
|
|
secretInjector := &webhook.SecretInjector{
|
|
Config: webhookConfig,
|
|
Server: &http.Server{
|
|
Addr: fmt.Sprintf(":%v", parameters.Port),
|
|
TLSConfig: &tls.Config{Certificates: []tls.Certificate{pair}},
|
|
},
|
|
}
|
|
|
|
// define http server and server handler
|
|
mux := http.NewServeMux()
|
|
mux.HandleFunc("/inject", secretInjector.Serve)
|
|
secretInjector.Server.Handler = mux
|
|
|
|
// start webhook server in new rountine
|
|
go func() {
|
|
if err := secretInjector.Server.ListenAndServeTLS("", ""); err != nil {
|
|
glog.Errorf("Failed to listen and serve webhook server: %v", err)
|
|
os.Exit(1)
|
|
}
|
|
}()
|
|
|
|
// listening OS shutdown singal
|
|
signalChan := make(chan os.Signal, 1)
|
|
signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
|
|
<-signalChan
|
|
|
|
glog.Infof("Got OS shutdown signal, shutting down webhook server gracefully...")
|
|
secretInjector.Server.Shutdown(context.Background())
|
|
}
|