PR changes

Signed-off-by: gunishmatta <[email protected]>

controllers/event_handling_test.go

@@ -52,7 +52,7 @@ func TestEventHandler(t *testing.T) {
 		t.Fatalf("failed to create memory storage")
 	}
 
-	eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true, false)
+	eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true, true)
 	stopCh := make(chan struct{})
 	go eventServer.ListenAndServe(stopCh, eventMdlw, store)
 
@@ -77,7 +77,7 @@ func TestEventHandler(t *testing.T) {
 			Address: rcvServer.URL,
 		},
 	}
-	
+
 	g.Expect(k8sClient.Create(context.Background(), provider)).To(Succeed())
 
 	repo, err := readManifest("./testdata/repo.yaml", namespace)

internal/server/event_handlers.go

@@ -24,6 +24,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"regexp"
 	"strings"
 	"time"
@@ -243,7 +244,16 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request)
 				continue
 			}
 
-			if s.httpSchemeDisabled && strings.Contains(webhook, "http://") {
+			webhookUrl, err := url.Parse(webhook)
+			if err != nil {
+				s.logger.Error(nil, "Error parsing webhook url",
+					"reconciler kind", v1beta1.ProviderKind,
+					"name", providerName.Name,
+					"namespace", providerName.Namespace)
+				continue
+			}
+
+			if !s.supportHttpScheme && webhookUrl.Scheme == "http" {
 				s.logger.Error(nil, "http scheme is blocked",
 					"reconciler kind", v1beta1.ProviderKind,
 					"name", providerName.Name,

internal/server/event_server.go

@@ -44,17 +44,17 @@ type EventServer struct {
 	logger               logr.Logger
 	kubeClient           client.Client
 	noCrossNamespaceRefs bool
-	httpSchemeDisabled   bool
+	supportHttpScheme    bool
 }
 
 // NewEventServer returns an HTTP server that handles events
-func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool, httpSchemeDisabled bool) *EventServer {
+func NewEventServer(port string, logger logr.Logger, kubeClient client.Client, noCrossNamespaceRefs bool, supportHttpScheme bool) *EventServer {
 	return &EventServer{
 		port:                 port,
 		logger:               logger.WithName("event-server"),
 		kubeClient:           kubeClient,
 		noCrossNamespaceRefs: noCrossNamespaceRefs,
-		httpSchemeDisabled:   httpSchemeDisabled,
+		supportHttpScheme:    supportHttpScheme,
 	}
 }
 

main.go

@@ -72,7 +72,7 @@ func main() {
 		leaderElectionOptions leaderelection.Options
 		aclOptions            acl.Options
 		rateLimiterOptions    helper.RateLimiterOptions
-		httpSchemeDisabled    bool
+		insecureNoTLS         bool
 	)
 
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
@@ -83,7 +83,7 @@ func main() {
 	flag.BoolVar(&watchAllNamespaces, "watch-all-namespaces", true,
 		"Watch for custom resources in all namespaces, if set to false it will only watch the runtime namespace.")
 	flag.DurationVar(&rateLimitInterval, "rate-limit-interval", 5*time.Minute, "Interval in which rate limit has effect.")
-	flag.BoolVar(&httpSchemeDisabled, "http-scheme-enabled", false, "Enable Http Scheme When true, the flag would not allow the use of the http scheme across all controller-level objects.")
+	flag.BoolVar(&insecureNoTLS, "insecure-no-tls", false, "Enable the use of HTTP Scheme (no TLS) across all controller level objects. This is not recommended for production environments")
 	clientOptions.BindFlags(flag.CommandLine)
 	logOptions.BindFlags(flag.CommandLine)
 	leaderElectionOptions.BindFlags(flag.CommandLine)
@@ -171,7 +171,7 @@ func main() {
 			Registry: crtlmetrics.Registry,
 		}),
 	})
-	eventServer := server.NewEventServer(eventsAddr, log, mgr.GetClient(), aclOptions.NoCrossNamespaceRefs, httpSchemeDisabled)
+	eventServer := server.NewEventServer(eventsAddr, log, mgr.GetClient(), aclOptions.NoCrossNamespaceRefs, insecureNoTLS)
 	go eventServer.ListenAndServe(ctx.Done(), eventMdlw, store)
 
 	setupLog.Info("starting webhook receiver server", "addr", receiverAddr)