shared

package
v0.32.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 25, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package shared contains helpers reused by the initializing and terminating workspace virtual workspaces. Both VWs implement the same lifecycle content proxy pattern, so they share their HTTP plumbing here to keep behaviour in lockstep.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ResolveLifecycleWorkspaceType

func ResolveLifecycleWorkspaceType(
	role string,
	id string,
	typeFrom func() (logicalcluster.Name, string, error),
	localWSTIndexer, cachedWSTIndexer cache.Indexer,
) (*tenancyv1alpha1.WorkspaceType, error)

ResolveLifecycleWorkspaceType resolves the WorkspaceType referenced by an initializer or terminator identifier.

role is a human-readable label ("initializer" or "terminator") used only for error messages. id is the string form of the identifier. typeFrom is the per-lifecycle parser (e.g. initialization.TypeFrom / termination.TypeFrom) that splits id into (wstCluster, wstName). Encapsulating these as parameters keeps the two callers identical without forcing a tight coupling between the initializing and terminating packages.

Returns:

  • (wst, nil) — id encodes a WST reference and the WST was found in the local or cache-server indexer; the caller should evaluate the WST's lifecycle permissions (Mode 1).
  • (nil, nil) — id is a known system initializer/terminator (e.g. "system:apibindings"): well-formed but intentionally not backed by a WST. Caller should fall through to owner impersonation (Mode 2).
  • (nil, err) — id is malformed or it encodes a real (non-system) WST reference that neither indexer has. Both cases must fail closed: granting Mode 2 to a lifecycle controller we cannot validate would be a silent privilege escalation.

func ServeProxy

func ServeProxy(writer http.ResponseWriter, request *http.Request, forwardedHost *url.URL, rt http.RoundTripper)

ServeProxy strips any client-supplied auth/impersonation headers from the request and reverse-proxies it to forwardedHost using the supplied (impersonating) transport. It is used by the workspace-content sub-workspace handlers under both modes of operation (synthetic-group + caller identity, or owner impersonation fallback).

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL