apiserver

package
v1.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2016 License: Apache-2.0 Imports: 62 Imported by: 0

Documentation

Overview

Package apiserver contains the code that provides a rest.ful api service.

Index

Constants

View Source
const (
	// Minimum duration before timing out read/write requests
	MinTimeoutSecs = 300
	// Maximum duration before timing out read/write requests
	MaxTimeoutSecs = 600
)

TODO: Pipe these in through the apiserver cmd line

View Source
const (
	ModeAlwaysAllow string = "AlwaysAllow"
	ModeAlwaysDeny  string = "AlwaysDeny"
	ModeABAC        string = "ABAC"
	ModeWebhook     string = "Webhook"
)
View Source
const MaxPatchConflicts = 5

MaxPatchConflicts is the maximum number of conflicts retry for during a patch operation before returning failure

View Source
const RetryAfter = "1"

Constant for the retry-after interval on rate limiting. TODO: maybe make this dynamic? or user-adjustable?

Variables

View Source
var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC, ModeWebhook}

Keep this list in sync with constant list above.

Functions

func APIVersionHandler added in v0.5.1

func APIVersionHandler(s runtime.NegotiatedSerializer, getAPIVersionsFunc func(req *restful.Request) *unversioned.APIVersions) restful.RouteFunction

APIVersionHandler returns a handler which will list the provided versions as available.

func AddApiWebService added in v0.9.0

func AddApiWebService(s runtime.NegotiatedSerializer, container *restful.Container, apiPrefix string, getAPIVersionsFunc func(req *restful.Request) *unversioned.APIVersions)

Adds a service to return the supported api versions at the legacy /api.

func AddApisWebService added in v1.1.0

func AddApisWebService(s runtime.NegotiatedSerializer, container *restful.Container, apiPrefix string, f func(req *restful.Request) []unversioned.APIGroup)

Adds a service to return the supported api versions at /apis.

func AddGroupWebService added in v1.1.0

func AddGroupWebService(s runtime.NegotiatedSerializer, container *restful.Container, path string, group unversioned.APIGroup)

Adds a service to return the supported versions, preferred version, and name of a group. E.g., a such web service will be registered at /apis/extensions.

func AddSupportedResourcesWebService added in v1.1.0

func AddSupportedResourcesWebService(s runtime.NegotiatedSerializer, ws *restful.WebService, groupVersion unversioned.GroupVersion, apiResources []unversioned.APIResource)

Adds a service to return the supported resources, E.g., a such web service will be registered at /apis/extensions/v1.

func CORS

func CORS(handler http.Handler, allowedOriginPatterns []*regexp.Regexp, allowedMethods []string, allowedHeaders []string, allowCredentials string) http.Handler

TODO: use restful.CrossOriginResourceSharing Simple CORS implementation that wraps an http Handler For a more detailed implementation use https://github.com/martini-contrib/cors or implement CORS at your proxy layer Pass nil for allowedMethods and allowedHeaders to use the defaults

func ConnectResource added in v0.16.0

func ConnectResource(connecter rest.Connecter, scope RequestScope, admit admission.Interface, restPath string) restful.RouteFunction

ConnectResource returns a function that handles a connect request on a rest.Storage object.

func CreateNamedResource added in v0.17.0

func CreateNamedResource(r rest.NamedCreater, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface) restful.RouteFunction

CreateNamedResource returns a function that will handle a resource creation with name.

func CreateResource added in v0.12.0

func CreateResource(r rest.Creater, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface) restful.RouteFunction

CreateResource returns a function that will handle a resource creation.

func DeleteCollection added in v1.2.0

func DeleteCollection(r rest.CollectionDeleter, checkBody bool, scope RequestScope, admit admission.Interface) restful.RouteFunction

DeleteCollection returns a function that will handle a collection deletion

func DeleteResource added in v0.12.0

func DeleteResource(r rest.GracefulDeleter, checkBody bool, scope RequestScope, admit admission.Interface) restful.RouteFunction

DeleteResource returns a function that will handle a resource deletion

func GetResource added in v0.12.0

func GetResource(r rest.Getter, e rest.Exporter, scope RequestScope) restful.RouteFunction

GetResource returns a function that handles retrieving a single resource from a rest.Storage object.

func GetResourceWithOptions added in v0.15.0

func GetResourceWithOptions(r rest.GetterWithOptions, scope RequestScope) restful.RouteFunction

GetResourceWithOptions returns a function that handles retrieving a single resource from a rest.Storage object.

func GroupHandler added in v1.1.0

func GroupHandler(s runtime.NegotiatedSerializer, group unversioned.APIGroup) restful.RouteFunction

GroupHandler returns a handler which will return the api.GroupAndVersion of the group.

func IndexHandler added in v0.10.0

func IndexHandler(container *restful.Container, muxHelper *MuxHelper) func(http.ResponseWriter, *http.Request)

func InstallLogsSupport

func InstallLogsSupport(mux Mux)

InstallLogsSupport registers the APIServer log support function into a mux.

func InstallRecoverHandler added in v1.1.0

func InstallRecoverHandler(s runtime.NegotiatedSerializer, container *restful.Container)

TODO: needs to perform response type negotiation, this is probably the wrong way to recover panics

func InstallServiceErrorHandler added in v0.16.0

func InstallServiceErrorHandler(s runtime.NegotiatedSerializer, container *restful.Container, requestResolver *RequestInfoResolver, apiVersions []string)

func InstallSupport

func InstallSupport(mux Mux, ws *restful.WebService, checks ...healthz.HealthzChecker)

TODO: document all handlers InstallSupport registers the APIServer support functions

func IsAPIPrefixNotFound added in v1.2.0

func IsAPIPrefixNotFound(err error) bool

func IsReadOnlyReq added in v0.5.1

func IsReadOnlyReq(req http.Request) bool

IsReadOnlyReq() is true for any (or at least many) request which has no observable side effects on state of apiserver (though there may be internal side effects like caching and logging).

func ListResource added in v0.12.0

func ListResource(r rest.Lister, rw rest.Watcher, scope RequestScope, forceWatch bool, minRequestTimeout time.Duration) restful.RouteFunction

ListResource returns a function that handles retrieving a list of resources from a rest.Storage object.

func MaxInFlightLimit added in v0.15.0

func MaxInFlightLimit(c chan bool, longRunningRequestCheck LongRunningRequestCheck, handler http.Handler) http.Handler

MaxInFlight limits the number of in-flight requests to buffer size of the passed in channel.

func NewAlwaysAllowAuthorizer added in v0.5.1

func NewAlwaysAllowAuthorizer() authorizer.Authorizer

func NewAlwaysDenyAuthorizer added in v0.5.1

func NewAlwaysDenyAuthorizer() authorizer.Authorizer

func NewAuthorizerFromAuthorizationConfig added in v0.5.1

func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)

NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects based on the authorizationMode or an error. authorizationMode should be a comma separated values of AuthorizationModeChoices.

func PatchResource added in v0.13.0

func PatchResource(r rest.Patcher, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface, converter runtime.ObjectConvertor) restful.RouteFunction

PatchResource returns a function that will handle a resource patch TODO: Eventually PatchResource should just use GuaranteedUpdate and this routine should be a bit cleaner

func ReadOnly added in v0.5.1

func ReadOnly(handler http.Handler) http.Handler

ReadOnly passes all GET requests on to handler, and returns an error on all other requests.

func RecoverPanics

func RecoverPanics(handler http.Handler) http.Handler

RecoverPanics wraps an http Handler to recover and log panics.

func RootAPIHandler added in v1.1.0

func RootAPIHandler(s runtime.NegotiatedSerializer, f func(req *restful.Request) []unversioned.APIGroup) restful.RouteFunction

RootAPIHandler returns a handler which will list the provided groups and versions as available.

func SupportedResourcesHandler added in v1.1.0

func SupportedResourcesHandler(s runtime.NegotiatedSerializer, groupVersion unversioned.GroupVersion, apiResources []unversioned.APIResource) restful.RouteFunction

SupportedResourcesHandler returns a handler which will list the provided resources as available.

func TimeoutHandler added in v1.1.0

func TimeoutHandler(h http.Handler, timeoutFunc func(*http.Request) (timeout <-chan time.Time, msg string)) http.Handler

TimeoutHandler returns an http.Handler that runs h with a timeout determined by timeoutFunc. The new http.Handler calls h.ServeHTTP to handle each request, but if a call runs for longer than its time limit, the handler responds with a 503 Service Unavailable error and the message provided. (If msg is empty, a suitable default message with be sent.) After the handler times out, writes by h to its http.ResponseWriter will return http.ErrHandlerTimeout. If timeoutFunc returns a nil timeout channel, no timeout will be enforced.

func UpdateResource added in v0.12.0

func UpdateResource(r rest.Updater, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface) restful.RouteFunction

UpdateResource returns a function that will handle a resource update

func WithAuthorizationCheck added in v0.5.1

func WithAuthorizationCheck(handler http.Handler, getAttribs RequestAttributeGetter, a authorizer.Authorizer) http.Handler

WithAuthorizationCheck passes all authorized requests on to handler, and returns a forbidden error otherwise.

Types

type APIGroupVersion added in v0.5.1

type APIGroupVersion struct {
	Storage map[string]rest.Storage

	Root string

	// GroupVersion is the external group version
	GroupVersion unversioned.GroupVersion

	// RequestInfoResolver is used to parse URLs for the legacy proxy handler.  Don't use this for anything else
	// TODO: refactor proxy handler to use sub resources
	RequestInfoResolver *RequestInfoResolver

	// OptionsExternalVersion controls the Kubernetes APIVersion used for common objects in the apiserver
	// schema like api.Status, api.DeleteOptions, and api.ListOptions. Other implementors may
	// define a version "v1beta1" but want to use the Kubernetes "v1" internal objects. If
	// empty, defaults to GroupVersion.
	OptionsExternalVersion *unversioned.GroupVersion

	Mapper meta.RESTMapper

	Serializer     runtime.NegotiatedSerializer
	ParameterCodec runtime.ParameterCodec

	Typer     runtime.ObjectTyper
	Creater   runtime.ObjectCreater
	Convertor runtime.ObjectConvertor
	Linker    runtime.SelfLinker

	Admit   admission.Interface
	Context api.RequestContextMapper

	MinRequestTimeout time.Duration

	// SubresourceGroupVersionKind contains the GroupVersionKind overrides for each subresource that is
	// accessible from this API group version. The GroupVersionKind is that of the external version of
	// the subresource. The key of this map should be the path of the subresource. The keys here should
	// match the keys in the Storage map above for subresources.
	SubresourceGroupVersionKind map[string]unversioned.GroupVersionKind
}

APIGroupVersion is a helper for exposing rest.Storage objects as http.Handlers via go-restful It handles URLs of the form: /${storage_key}[/${object_name}] Where 'storage_key' points to a rest.Storage object stored in storage. This object should contain all parameterization necessary for running a particular API version

func (*APIGroupVersion) InstallREST added in v0.5.1

func (g *APIGroupVersion) InstallREST(container *restful.Container) error

InstallREST registers the REST handlers (storage, watch, proxy and redirect) into a restful Container. It is expected that the provided path root prefix will serve all operations. Root MUST NOT end in a slash.

func (*APIGroupVersion) UpdateREST added in v1.1.0

func (g *APIGroupVersion) UpdateREST(container *restful.Container) error

UpdateREST registers the REST handlers for this APIGroupVersion to an existing web service in the restful Container. It will use the prefix (root/version) to find the existing web service. If a web service does not exist within the container to support the prefix this method will return an error.

type APIInstaller added in v0.12.0

type APIInstaller struct {
	// contains filtered or unexported fields
}

func (*APIInstaller) Install added in v0.12.0

func (a *APIInstaller) Install(ws *restful.WebService) (apiResources []unversioned.APIResource, errors []error)

Installs handlers for API resources.

func (*APIInstaller) NewWebService added in v1.1.0

func (a *APIInstaller) NewWebService() *restful.WebService

NewWebService creates a new restful webservice with the api installer's prefix and version.

type Attributes added in v0.5.1

type Attributes struct {
}

Attributes implements authorizer.Attributes interface.

type AuthorizationConfig added in v1.2.0

type AuthorizationConfig struct {

	// Path to a ABAC policy file.
	PolicyFile string

	// Kubeconfig file for Webhook authorization plugin.
	WebhookConfigFile string
}

type ContextFunc added in v0.12.0

type ContextFunc func(req *restful.Request) api.Context

ContextFunc returns a Context given a request - a context must be returned

type LongRunningRequestCheck added in v1.2.0

type LongRunningRequestCheck func(r *http.Request) bool

func BasicLongRunningRequestCheck added in v1.2.0

func BasicLongRunningRequestCheck(pathRegex *regexp.Regexp, queryParams map[string]string) LongRunningRequestCheck

BasicLongRunningRequestCheck pathRegex operates against the url path, the queryParams match is case insensitive. Any one match flags the request. TODO tighten this check to eliminate the abuse potential by malicious clients that start setting queryParameters to bypass the rate limitter. This could be done using a full parse and special casing the bits we need.

type Mux added in v0.5.1

type Mux interface {
	Handle(pattern string, handler http.Handler)
	HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
}

mux is an object that can register http handlers.

type MuxHelper added in v0.10.0

type MuxHelper struct {
	Mux             Mux
	RegisteredPaths []string
}

Offers additional functionality over ServeMux, for ex: supports listing registered paths.

func (*MuxHelper) Handle added in v0.10.0

func (m *MuxHelper) Handle(path string, handler http.Handler)

func (*MuxHelper) HandleFunc added in v0.10.0

func (m *MuxHelper) HandleFunc(path string, handler func(http.ResponseWriter, *http.Request))

type ProxyDialerFunc added in v0.20.0

type ProxyDialerFunc func(network, addr string) (net.Conn, error)

type ProxyHandler

type ProxyHandler struct {
	// contains filtered or unexported fields
}

ProxyHandler provides a http.Handler which will proxy traffic to locations specified by items implementing Redirector.

func (*ProxyHandler) ServeHTTP

func (r *ProxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)

type RequestAttributeGetter added in v0.5.1

type RequestAttributeGetter interface {
	GetAttribs(req *http.Request) (attribs authorizer.Attributes)
}

RequestAttributeGetter is a function that extracts authorizer.Attributes from an http.Request

func NewRequestAttributeGetter added in v0.5.1

func NewRequestAttributeGetter(requestContextMapper api.RequestContextMapper, requestInfoResolver *RequestInfoResolver) RequestAttributeGetter

NewAttributeGetter returns an object which implements the RequestAttributeGetter interface.

type RequestInfo added in v1.2.0

type RequestInfo struct {
	// IsResourceRequest indicates whether or not the request is for an API resource or subresource
	IsResourceRequest bool
	// Path is the URL path of the request
	Path string
	// Verb is the kube verb associated with the request for API requests, not the http verb.  This includes things like list and watch.
	// for non-resource requests, this is the lowercase http verb
	Verb string

	APIPrefix  string
	APIGroup   string
	APIVersion string
	Namespace  string
	// Resource is the name of the resource being requested.  This is not the kind.  For example: pods
	Resource string
	// Subresource is the name of the subresource being requested.  This is a different resource, scoped to the parent resource, but it may have a different kind.
	// For instance, /pods has the resource "pods" and the kind "Pod", while /pods/foo/status has the resource "pods", the sub resource "status", and the kind "Pod"
	// (because status operates on pods). The binding resource for a pod though may be /pods/foo/binding, which has resource "pods", subresource "binding", and kind "Binding".
	Subresource string
	// Name is empty for some verbs, but if the request directly indicates a name (not in body content) then this field is filled in.
	Name string
	// Parts are the path parts for the request, always starting with /{resource}/{name}
	Parts []string
}

RequestInfo holds information parsed from the http.Request

type RequestInfoResolver added in v1.2.0

type RequestInfoResolver struct {
	APIPrefixes          sets.String
	GrouplessAPIPrefixes sets.String
}

func (*RequestInfoResolver) GetRequestInfo added in v1.2.0

func (r *RequestInfoResolver) GetRequestInfo(req *http.Request) (RequestInfo, error)

TODO write an integration test against the swagger doc to test the RequestInfo and match up behavior to responses GetRequestInfo returns the information from the http request. If error is not nil, RequestInfo holds the information as best it is known before the failure It handles both resource and non-resource requests and fills in all the pertinent information for each. Valid Inputs: Resource paths /apis/{api-group}/{version}/namespaces /api/{version}/namespaces /api/{version}/namespaces/{namespace} /api/{version}/namespaces/{namespace}/{resource} /api/{version}/namespaces/{namespace}/{resource}/{resourceName} /api/{version}/{resource} /api/{version}/{resource}/{resourceName}

Special verbs without subresources: /api/{version}/proxy/{resource}/{resourceName} /api/{version}/proxy/namespaces/{namespace}/{resource}/{resourceName} /api/{version}/redirect/namespaces/{namespace}/{resource}/{resourceName} /api/{version}/redirect/{resource}/{resourceName}

Special verbs with subresources: /api/{version}/watch/{resource} /api/{version}/watch/namespaces/{namespace}/{resource}

NonResource paths /apis/{api-group}/{version} /apis/{api-group} /apis /api/{version} /api /healthz /

type RequestScope added in v0.14.0

RequestScope encapsulates common fields across all RESTful handler methods.

type ScopeNamer added in v0.12.0

type ScopeNamer interface {
	// Namespace returns the appropriate namespace value from the request (may be empty) or an
	// error.
	Namespace(req *restful.Request) (namespace string, err error)
	// Name returns the name from the request, and an optional namespace value if this is a namespace
	// scoped call. An error is returned if the name is not available.
	Name(req *restful.Request) (namespace, name string, err error)
	// ObjectName returns the namespace and name from an object if they exist, or an error if the object
	// does not support names.
	ObjectName(obj runtime.Object) (namespace, name string, err error)
	// SetSelfLink sets the provided URL onto the object. The method should return nil if the object
	// does not support selfLinks.
	SetSelfLink(obj runtime.Object, url string) error
	// GenerateLink creates a path and query for a given runtime object that represents the canonical path.
	GenerateLink(req *restful.Request, obj runtime.Object) (path, query string, err error)
	// GenerateLink creates a path and query for a list that represents the canonical path.
	GenerateListLink(req *restful.Request) (path, query string, err error)
}

ScopeNamer handles accessing names from requests and objects

type Server added in v0.5.1

type Server struct {
	Addr        string
	Port        int
	Path        string
	EnableHTTPS bool
	Validate    ValidatorFn
}

func (*Server) DoServerCheck added in v0.16.0

func (server *Server) DoServerCheck(prober httpprober.HTTPProber) (probe.Result, string, error)

type ServerStatus

type ServerStatus struct {
	Component  string       `json:"component,omitempty"`
	Health     string       `json:"health,omitempty"`
	HealthCode probe.Result `json:"healthCode,omitempty"`
	Msg        string       `json:"msg,omitempty"`
	Err        string       `json:"err,omitempty"`
}

type StripVersionNegotiatedSerializer added in v1.2.0

type StripVersionNegotiatedSerializer struct {
	runtime.NegotiatedSerializer
}

StripVersionNegotiatedSerializer will return stripVersionEncoder when EncoderForVersion is called. See comments for stripVersionEncoder.

func (StripVersionNegotiatedSerializer) EncoderForVersion added in v1.2.0

type ValidatorFn added in v0.20.0

type ValidatorFn func([]byte) error

type WatchServer

type WatchServer struct {
	// contains filtered or unexported fields
}

WatchServer serves a watch.Interface over a websocket or vanilla HTTP.

func (*WatchServer) HandleWS

func (w *WatchServer) HandleWS(ws *websocket.Conn)

HandleWS implements a websocket handler.

func (*WatchServer) ServeHTTP

func (self *WatchServer) ServeHTTP(w http.ResponseWriter, req *http.Request)

ServeHTTP serves a series of JSON encoded events via straight HTTP with Transfer-Encoding: chunked.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL