Documentation ¶
Overview ¶
Package filters contains all the http handler chain filters which _are_ api related, i.e. which are prerequisite for the API services to work (in contrast to the filters in the server package which are not part of the API contract).
Index ¶
- func GetAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error)
- func Unauthorized(s runtime.NegotiatedSerializer, supportsBasicAuth bool) http.Handler
- func WithAudit(handler http.Handler, sink audit.Sink, policy policy.Checker, ...) http.Handler
- func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler) http.Handler
- func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler
- func WithFailedAuthenticationAudit(failedHandler http.Handler, sink audit.Sink, policy policy.Checker) http.Handler
- func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler
- func WithLegacyAudit(handler http.Handler, out io.Writer) http.Handler
- func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver) http.Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthorizerAttributes ¶
func GetAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error)
func Unauthorized ¶
func Unauthorized(s runtime.NegotiatedSerializer, supportsBasicAuth bool) http.Handler
func WithAudit ¶
func WithAudit(handler http.Handler, sink audit.Sink, policy policy.Checker, longRunningCheck request.LongRunningRequestCheck) http.Handler
WithAudit decorates a http.Handler with audit logging information for all the requests coming to the server. Audit level is decided according to requests' attributes and audit policy. Logs are emitted to the audit sink to process events. If sink or audit policy is nil, no decoration takes place.
func WithAuthentication ¶
func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler) http.Handler
WithAuthentication creates an http handler that tries to authenticate the given request as a user, and then stores any such user found onto the provided context for the request. If authentication fails or returns an error the failed handler is used. On success, "Authorization" header is removed from the request and handler is invoked to serve the request.
func WithAuthorization ¶
func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler
WithAuthorizationCheck passes all authorized requests on to handler, and returns a forbidden error otherwise.
func WithFailedAuthenticationAudit ¶ added in v1.8.0
func WithFailedAuthenticationAudit(failedHandler http.Handler, sink audit.Sink, policy policy.Checker) http.Handler
WithFailedAuthenticationAudit decorates a failed http.Handler used in WithAuthentication handler. It is meant to log only failed authentication requests.
func WithImpersonation ¶
func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler
WithImpersonation is a filter that will inspect and check requests that attempt to change the user.Info for their requests
func WithLegacyAudit ¶ added in v1.7.0
WithLegacyAudit decorates a http.Handler with audit logging information for all the requests coming to the server. If out is nil, no decoration takes place. Each audit log contains two entries: 1. the request line containing:
- unique id allowing to match the response line (see 2)
- source ip of the request
- HTTP method being invoked
- original user invoking the operation
- original user's groups info
- impersonated user for the operation
- impersonated groups info
- namespace of the request or <none>
- uri is the full URI as requested
2. the response line containing:
- the unique id from 1
- response code
func WithRequestInfo ¶
WithRequestInfo attaches a RequestInfo to the context.
Types ¶
This section is empty.