✨ Support for using both an external control plane and automatic web hooks together.

coderanger · coderanger · commit 3cb27c6ce772 · 2020-11-14T16:40:57.000-08:00
This requires pre-filling LocalServingHost and possibly LocalServingExternalName with the right listen interface and external name so that the external control plane can reach the webhook server launched by envtest.
diff --git a/pkg/builder/builder_suite_test.go b/pkg/builder/builder_suite_test.go
@@ -61,7 +61,7 @@ var _ = BeforeSuite(func(done Done) {
 	// Prevent the metrics listener being created
 	metrics.DefaultBindAddress = "0"
 
-	webhook.DefaultPort, _, err = addr.Suggest()
+	webhook.DefaultPort, _, err = addr.Suggest("")
 	Expect(err).NotTo(HaveOccurred())
 
 	close(done)
diff --git a/pkg/envtest/webhook.go b/pkg/envtest/webhook.go
@@ -67,6 +67,9 @@ type WebhookInstallOptions struct {
 	// CAData is the CA that can be used to trust the serving certificates in LocalServingCertDir.
 	LocalServingCAData []byte
 
+	// LocalServingHostExternalName is the hostname to use to reach the webhook server.
+	LocalServingHostExternalName string
+
 	// MaxTime is the max time to wait
 	MaxTime time.Duration
 
@@ -137,13 +140,19 @@ func modifyWebhook(webhook map[string]interface{}, caData []byte, hostPort strin
 }
 
 func (o *WebhookInstallOptions) generateHostPort() (string, error) {
-	port, host, err := addr.Suggest()
-	if err != nil {
-		return "", fmt.Errorf("unable to grab random port for serving webhooks on: %v", err)
+	if o.LocalServingPort == 0 {
+		port, host, err := addr.Suggest(o.LocalServingHost)
+		if err != nil {
+			return "", fmt.Errorf("unable to grab random port for serving webhooks on: %v", err)
+		}
+		o.LocalServingPort = port
+		o.LocalServingHost = host
+	}
+	host := o.LocalServingHostExternalName
+	if host == "" {
+		host = o.LocalServingHost
 	}
-	o.LocalServingPort = port
-	o.LocalServingHost = host
-	return net.JoinHostPort(host, fmt.Sprintf("%d", port)), nil
+	return net.JoinHostPort(host, fmt.Sprintf("%d", o.LocalServingPort)), nil
 }
 
 // PrepWithoutInstalling does the setup parts of Install (populating host-port,
@@ -266,7 +275,8 @@ func (o *WebhookInstallOptions) setupCA() ([]byte, error) {
 		return nil, fmt.Errorf("unable to set up webhook CA: %v", err)
 	}
 
-	hookCert, err := hookCA.NewServingCert()
+	names := []string{"localhost", o.LocalServingHost, o.LocalServingHostExternalName}
+	hookCert, err := hookCA.NewServingCert(names...)
 	if err != nil {
 		return nil, fmt.Errorf("unable to set up webhook serving certs: %v", err)
 	}
diff --git a/pkg/internal/testing/integration/addr/manager.go b/pkg/internal/testing/integration/addr/manager.go
@@ -38,8 +38,11 @@ var cache = &portCache{
 	ports: make(map[int]time.Time),
 }
 
-func suggest() (port int, resolvedHost string, err error) {
-	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
+func suggest(listenHost string) (port int, resolvedHost string, err error) {
+	if listenHost == "" {
+		listenHost = "localhost"
+	}
+	addr, err := net.ResolveTCPAddr("tcp", net.JoinHostPort(listenHost, "0"))
 	if err != nil {
 		return
 	}
@@ -59,9 +62,9 @@ func suggest() (port int, resolvedHost string, err error) {
 // a tuple consisting of a free port and the hostname resolved to its IP.
 // It makes sure that new port allocated does not conflict with old ports
 // allocated within 1 minute.
-func Suggest() (port int, resolvedHost string, err error) {
+func Suggest(listenHost string) (port int, resolvedHost string, err error) {
 	for i := 0; i < portConflictRetry; i++ {
-		port, resolvedHost, err = suggest()
+		port, resolvedHost, err = suggest(listenHost)
 		if err != nil {
 			return
 		}
diff --git a/pkg/internal/testing/integration/addr/manager_test.go b/pkg/internal/testing/integration/addr/manager_test.go
@@ -12,7 +12,7 @@ import (
 
 var _ = Describe("SuggestAddress", func() {
 	It("returns a free port and an address to bind to", func() {
-		port, host, err := addr.Suggest()
+		port, host, err := addr.Suggest("")
 
 		Expect(err).NotTo(HaveOccurred())
 		Expect(host).To(Or(Equal("127.0.0.1"), Equal("::1")))
@@ -26,4 +26,36 @@ var _ = Describe("SuggestAddress", func() {
 		}()
 		Expect(err).NotTo(HaveOccurred())
 	})
+
+	It("supports an explicit listenHost", func() {
+		port, host, err := addr.Suggest("localhost")
+
+		Expect(err).NotTo(HaveOccurred())
+		Expect(host).To(Or(Equal("127.0.0.1"), Equal("::1")))
+		Expect(port).NotTo(Equal(0))
+
+		addr, err := net.ResolveTCPAddr("tcp", net.JoinHostPort(host, strconv.Itoa(port)))
+		Expect(err).NotTo(HaveOccurred())
+		l, err := net.ListenTCP("tcp", addr)
+		defer func() {
+			Expect(l.Close()).To(Succeed())
+		}()
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("supports a 0.0.0.0 listenHost", func() {
+		port, host, err := addr.Suggest("0.0.0.0")
+
+		Expect(err).NotTo(HaveOccurred())
+		Expect(host).To(Equal("0.0.0.0"))
+		Expect(port).NotTo(Equal(0))
+
+		addr, err := net.ResolveTCPAddr("tcp", net.JoinHostPort(host, strconv.Itoa(port)))
+		Expect(err).NotTo(HaveOccurred())
+		l, err := net.ListenTCP("tcp", addr)
+		defer func() {
+			Expect(l.Close()).To(Succeed())
+		}()
+		Expect(err).NotTo(HaveOccurred())
+	})
 })
diff --git a/pkg/internal/testing/integration/apiserver.go b/pkg/internal/testing/integration/apiserver.go
@@ -105,7 +105,7 @@ func (s *APIServer) setProcessState() error {
 
 	// Defaulting the secure port
 	if s.SecurePort == 0 {
-		s.SecurePort, _, err = addr.Suggest()
+		s.SecurePort, _, err = addr.Suggest("")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/internal/testing/integration/internal/process.go b/pkg/internal/testing/integration/internal/process.go
@@ -75,7 +75,7 @@ func DoDefaulting(
 	}
 
 	if listenURL == nil {
-		port, host, err := addr.Suggest()
+		port, host, err := addr.Suggest("")
 		if err != nil {
 			return DefaultedProcessInput{}, err
 		}
diff --git a/pkg/internal/testing/integration/internal/process_test.go b/pkg/internal/testing/integration/internal/process_test.go
@@ -97,7 +97,7 @@ var _ = Describe("Start method", func() {
 				processState.HealthCheckEndpoint = healthURLPath
 				processState.StartTimeout = 500 * time.Millisecond
 
-				port, host, err := addr.Suggest()
+				port, host, err := addr.Suggest("")
 				Expect(err).NotTo(HaveOccurred())
 
 				processState.URL = url.URL{
diff --git a/pkg/internal/testing/integration/internal/tinyca.go b/pkg/internal/testing/integration/internal/tinyca.go
@@ -137,15 +137,51 @@ func (c *TinyCA) makeCert(cfg certutil.Config) (CertPair, error) {
 	}, nil
 }
 
-// NewServingCert returns a new CertPair for a serving HTTPS on localhost.
-func (c *TinyCA) NewServingCert() (CertPair, error) {
+// NewServingCert returns a new CertPair for a serving HTTPS on localhost (or other specified names).
+func (c *TinyCA) NewServingCert(names ...string) (CertPair, error) {
+	if len(names) == 0 {
+		names = []string{"localhost"}
+	}
+	dnsNames, ips, err := resolveNames(names)
+	if err != nil {
+		return CertPair{}, err
+	}
+
 	return c.makeCert(certutil.Config{
 		CommonName:   "localhost",
 		Organization: []string{c.orgName},
 		AltNames: certutil.AltNames{
-			DNSNames: []string{"localhost"},
-			IPs:      []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
+			DNSNames: dnsNames,
+			IPs:      ips,
 		},
 		Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 	})
 }
+
+func resolveNames(names []string) ([]string, []net.IP, error) {
+	dnsNames := []string{}
+	ips := []net.IP{}
+	for _, name := range names {
+		if name == "" {
+			continue
+		}
+		ip := net.ParseIP(name)
+		if ip == nil {
+			dnsNames = append(dnsNames, name)
+			// Also resolve to IPs.
+			nameIPs, err := net.LookupHost(name)
+			if err != nil {
+				return nil, nil, err
+			}
+			for _, nameIP := range nameIPs {
+				ip = net.ParseIP(nameIP)
+				if ip != nil {
+					ips = append(ips, ip)
+				}
+			}
+		} else {
+			ips = append(ips, ip)
+		}
+	}
+	return dnsNames, ips, nil
+}

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ func (s *APIServer) setProcessState() error {`
`105`	`105`
`106`	`106`	`// Defaulting the secure port`
`107`	`107`	`if s.SecurePort == 0 {`
`108`		`- s.SecurePort, _, err = addr.Suggest()`
	`108`	`+ s.SecurePort, _, err = addr.Suggest("")`
`109`	`109`	`if err != nil {`
`110`	`110`	`return err`
`111`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ func DoDefaulting(`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`if listenURL == nil {`
`78`		`- port, host, err := addr.Suggest()`
	`78`	`+ port, host, err := addr.Suggest("")`
`79`	`79`	`if err != nil {`
`80`	`80`	`return DefaultedProcessInput{}, err`
`81`	`81`	`}`