mirror of
https://github.com/ahmetb/kubectx.git
synced 2026-07-17 01:52:32 +00:00
The readonly proxy now permits: - K8s "review" POST endpoints (SubjectAccessReview, TokenReview, etc.) that query auth state without persisting resources - Requests with ?dryRun=All for server-side validation Review endpoints are matched with anchored regexps pinned to authorization.k8s.io and authentication.k8s.io API groups, preventing spoofing via custom resources with the same name. Refactors the handler into small, independently tested filter functions (isUpgrade, isReadOnly, isNonMutatingPost, isDryRun) composed by a checkRequest commander. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
10 KiB
10 KiB