filters

package
v0.19.6-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2020 License: Apache-2.0 Imports: 33 Imported by: 238

Documentation

Overview

Package filters contains all the http handler chain filters which _are_ api related, i.e. which are prerequisite for the API services to work (in contrast to the filters in the server package which are not part of the API contract).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAuthorizerAttributes 

func GetAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error)

func Unauthorized 

func Unauthorized(s runtime.NegotiatedSerializer) http.Handler

func WithAudit 

func WithAudit(handler http.Handler, sink audit.Sink, policy policy.Checker, longRunningCheck request.LongRunningRequestCheck) http.Handler

WithAudit decorates a http.Handler with audit logging information for all the requests coming to the server. Audit level is decided according to requests' attributes and audit policy. Logs are emitted to the audit sink to process events. If sink or audit policy is nil, no decoration takes place.

func WithAuditAnnotations added in v0.19.0 

func WithAuditAnnotations(handler http.Handler, sink audit.Sink, policy policy.Checker) http.Handler

WithAuditAnnotations decorates a http.Handler with a []{key, value} that is merged with the audit.Event.Annotations map. This allows layers that run before WithAudit (such as authentication) to assert annotations. If sink or audit policy is nil, no decoration takes place.

func WithAuthentication 

func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences) http.Handler

WithAuthentication creates an http handler that tries to authenticate the given request as a user, and then stores any such user found onto the provided context for the request. If authentication fails or returns an error the failed handler is used. On success, "Authorization" header is removed from the request and handler is invoked to serve the request.

func WithAuthorization 

func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler

WithAuthorizationCheck passes all authorized requests on to handler, and returns a forbidden error otherwise.

func WithCacheControl added in v0.16.4 

func WithCacheControl(handler http.Handler) http.Handler

WithCacheControl sets the Cache-Control header to "no-cache, private" because all servers are protected by authn/authz. see https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching#defining_optimal_cache-control_policy

func WithFailedAuthenticationAudit 

func WithFailedAuthenticationAudit(failedHandler http.Handler, sink audit.Sink, policy policy.Checker) http.Handler

WithFailedAuthenticationAudit decorates a failed http.Handler used in WithAuthentication handler. It is meant to log only failed authentication requests.

func WithImpersonation 

func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler

WithImpersonation is a filter that will inspect and check requests that attempt to change the user.Info for their requests

func WithRequestInfo 

func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver) http.Handler

WithRequestInfo attaches a RequestInfo to the context.

func WithWarningRecorder added in v0.19.0 

func WithWarningRecorder(handler http.Handler) http.Handler

WithWarningRecorder attaches a deduplicating k8s.io/apiserver/pkg/warning#WarningRecorder to the request context.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.