filters

package

v0.28.2 Latest Latest Go to latest Published: Sep 25, 2025 License: Apache-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kcp-dev/kcp

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ClusterPathFromAndStrip(req *http.Request) (logicalcluster.Path, *url.URL, bool, error)
func IdentityFromContext(ctx context.Context) string
func IsPartialMetadataRequest(ctx context.Context) bool
func UserAgentFrom(ctx context.Context) string
func WithAcceptHeader(apiHandler http.Handler) http.Handler
func WithAuditEventClusterAnnotation(handler http.Handler) http.HandlerFunc
func WithBlockInactiveLogicalClusters(handler http.Handler, ...) http.HandlerFunc
func WithClusterScope(apiHandler http.Handler) http.HandlerFunc
func WithIdentity(ctx context.Context, identity string) context.Context
func WithImpersonationGatekeeper(handler http.Handler) http.Handler
func WithImpersonationScoping(handler http.Handler) http.Handler
func WithInClusterServiceAccountRequestRewrite(handler http.Handler) http.Handler
func WithResourceIdentity(handler http.Handler) http.Handler
func WithUserAgent(handler http.Handler) http.Handler
func WithWildcardListWatchGuard(apiHandler http.Handler) http.HandlerFunc

Constants ¶

View Source

const (
	// InactiveAnnotation is the annotation denoting a logical cluster should be
	// deemed unreachable.
	InactiveAnnotation = "internal.kcp.io/inactive"
)

Variables ¶

This section is empty.

Functions ¶

func ClusterPathFromAndStrip ¶ added in v0.11.0

func ClusterPathFromAndStrip(req *http.Request) (logicalcluster.Path, *url.URL, bool, error)

ClusterPathFromAndStrip parses the request for a logical cluster path, returns it if found and strips it from the request URL path.

func IdentityFromContext ¶ added in v0.27.0

func IdentityFromContext(ctx context.Context) string

IdentityFromContext retrieves the APIExport identity from the context, if any.

func IsPartialMetadataRequest ¶

func IsPartialMetadataRequest(ctx context.Context) bool

IsPartialMetadataRequest determines if it is PartialObjectMetadata request based on the value stored in the context.

A PartialObjectMetadata request gets only object metadata.

func UserAgentFrom ¶ added in v0.27.0

func UserAgentFrom(ctx context.Context) string

func WithAcceptHeader ¶

func WithAcceptHeader(apiHandler http.Handler) http.Handler

WithAcceptHeader makes the Accept header available for code in the handler chain. It is needed for Wildcard requests, when finding the CRD with a common schema. For PartialObjectMeta requests we cand weaken the schema requirement and allow different schemas across workspaces.

func WithAuditEventClusterAnnotation ¶

func WithAuditEventClusterAnnotation(handler http.Handler) http.HandlerFunc

WithAuditEventClusterAnnotation adds the cluster name into the annotation of an audit event. Needs initialized annotations.

func WithBlockInactiveLogicalClusters ¶ added in v0.25.0

func WithBlockInactiveLogicalClusters(handler http.Handler, kcpClusterClient corev1alpha1informers.LogicalClusterClusterInformer) http.HandlerFunc

WithBlockInactiveLogicalClusters ensures that any requests to logical clusters marked inactive are rejected.

func WithClusterScope ¶

func WithClusterScope(apiHandler http.Handler) http.HandlerFunc

WithClusterScope reads a cluster name from the URL path and puts it into the context. It also trims "/clusters/" prefix from the URL.

func WithIdentity ¶ added in v0.27.0

func WithIdentity(ctx context.Context, identity string) context.Context

WithIdentity adds an APIExport identity to the context.

func WithImpersonationGatekeeper ¶ added in v0.27.0

func WithImpersonationGatekeeper(handler http.Handler) http.Handler

WithImpersonationGatekeeper checks the request for impersonations and validates them, if they are valid. If they are not, will return a 403. We check for impersonation in the request headers, early to avoid it being propagated to the backend services.

func WithImpersonationScoping ¶ added in v0.27.0

func WithImpersonationScoping(handler http.Handler) http.Handler

WithImpersonationScoping scopes the request to the cluster it is intended for.

func WithInClusterServiceAccountRequestRewrite ¶ added in v0.27.0

func WithInClusterServiceAccountRequestRewrite(handler http.Handler) http.Handler

WithInClusterServiceAccountRequestRewrite adds the /clusters/<clusterName> prefix to the request path if the request comes from an InCluster service account requests (InCluster clients don't support prefixes).

func WithResourceIdentity ¶ added in v0.27.0

func WithResourceIdentity(handler http.Handler) http.Handler

WithResourceIdentity checks list/watch requests for an APIExport identity for the resource in the path. If it finds one (e.g. /api/v1/services:identityabcd1234/default/my-service), it places the identity from the path to the context, updates the request to remove the identity from the path, and updates requestInfo.Resource to also remove the identity. Finally, it hands off to the passed in handler to handle the request.

func WithUserAgent ¶ added in v0.27.0

func WithUserAgent(handler http.Handler) http.Handler

func WithWildcardListWatchGuard ¶ added in v0.27.0

func WithWildcardListWatchGuard(apiHandler http.Handler) http.HandlerFunc

WithWildcardListWatchGuard fails wildcard requests on everything but list and watch verbs.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL