filters

package

v0.0.0-...-0c42e4c Latest Latest Go to latest Published: Dec 19, 2017 License: Apache-2.0 Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cofyc/apiserver

Links

Open Source Insights

Documentation ¶

Overview ¶

Package filters contains all the http handler chain filters which _are_ api related, i.e. which are prerequisite for the API services to work (in contrast to the filters in the server package which are not part of the API contract).

Index ¶

func GetAuthorizerAttributes(ctx request.Context) (authorizer.Attributes, error)
func Unauthorized(requestContextMapper request.RequestContextMapper, ...) http.Handler
func WithAudit(handler http.Handler, requestContextMapper request.RequestContextMapper, ...) http.Handler
func WithAuthentication(handler http.Handler, mapper genericapirequest.RequestContextMapper, ...) http.Handler
func WithAuthorization(handler http.Handler, requestContextMapper request.RequestContextMapper, ...) http.Handler
func WithFailedAuthenticationAudit(failedHandler http.Handler, requestContextMapper request.RequestContextMapper, ...) http.Handler
func WithImpersonation(handler http.Handler, requestContextMapper request.RequestContextMapper, ...) http.Handler
func WithLegacyAudit(handler http.Handler, requestContextMapper request.RequestContextMapper, ...) http.Handler
func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver, ...) http.Handler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetAuthorizerAttributes ¶

func GetAuthorizerAttributes(ctx request.Context) (authorizer.Attributes, error)

func Unauthorized ¶

func Unauthorized(requestContextMapper request.RequestContextMapper, s runtime.NegotiatedSerializer, supportsBasicAuth bool) http.Handler

func WithAudit ¶

func WithAudit(handler http.Handler, requestContextMapper request.RequestContextMapper, sink audit.Sink, policy policy.Checker, longRunningCheck request.LongRunningRequestCheck) http.Handler

WithAudit decorates a http.Handler with audit logging information for all the requests coming to the server. Audit level is decided according to requests' attributes and audit policy. Logs are emitted to the audit sink to process events. If sink or audit policy is nil, no decoration takes place.

func WithAuthentication ¶

func WithAuthentication(handler http.Handler, mapper genericapirequest.RequestContextMapper, auth authenticator.Request, failed http.Handler) http.Handler

WithAuthentication creates an http handler that tries to authenticate the given request as a user, and then stores any such user found onto the provided context for the request. If authentication fails or returns an error the failed handler is used. On success, "Authorization" header is removed from the request and handler is invoked to serve the request.

func WithAuthorization ¶

func WithAuthorization(handler http.Handler, requestContextMapper request.RequestContextMapper, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler

WithAuthorizationCheck passes all authorized requests on to handler, and returns a forbidden error otherwise.

func WithFailedAuthenticationAudit ¶

func WithFailedAuthenticationAudit(failedHandler http.Handler, requestContextMapper request.RequestContextMapper, sink audit.Sink, policy policy.Checker) http.Handler

WithFailedAuthenticationAudit decorates a failed http.Handler used in WithAuthentication handler. It is meant to log only failed authentication requests.

func WithImpersonation ¶

func WithImpersonation(handler http.Handler, requestContextMapper request.RequestContextMapper, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler

WithImpersonation is a filter that will inspect and check requests that attempt to change the user.Info for their requests

func WithLegacyAudit ¶

func WithLegacyAudit(handler http.Handler, requestContextMapper request.RequestContextMapper, out io.Writer) http.Handler

WithLegacyAudit decorates a http.Handler with audit logging information for all the requests coming to the server. If out is nil, no decoration takes place. Each audit log contains two entries: 1. the request line containing:

unique id allowing to match the response line (see 2)
source ip of the request
HTTP method being invoked
original user invoking the operation
original user's groups info
impersonated user for the operation
impersonated groups info
namespace of the request or <none>
uri is the full URI as requested

2. the response line containing:

the unique id from 1
response code

func WithRequestInfo ¶

func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver, requestContextMapper request.RequestContextMapper) http.Handler

WithRequestInfo attaches a RequestInfo to the context.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL