github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 15:58:37 +00:00
Code Issues Projects Releases Wiki Activity

Add admission control to the Connect method in the API Server

Browse Source 
The resource passed to admission control is a ConnectRequest object
which includes additional information about the current request.
This commit is contained in:
Cesar Wong 2015-05-08 15:02:12 -04:00
parent 68ad63b5e2
commit 328b1d0817
3 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/api/rest/rest.go
View File

@ -246,3 +246,18 @@ type StorageMetadata interface {
// PATCH) can respond with. // PATCH) can respond with.
ProducesMIMETypes(verb string) []string ProducesMIMETypes(verb string) []string
} }
// ConnectRequest is an object passed to admission control for Connect operations
type ConnectRequest struct {
// Name is the name of the object on which the connect request was made
Name string
// Options is the options object passed to the connect request. See the NewConnectOptions method on Connecter
Options runtime.Object
// ResourcePath is the path for the resource in the REST server (ie. "pods/proxy")
ResourcePath string
}
// IsAnAPIObject makes ConnectRequest a runtime.Object
func (*ConnectRequest) IsAnAPIObject() {}

2
pkg/apiserver/api_installer.go
View File

@ -539,7 +539,7 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag
case "CONNECT": case "CONNECT":
for _, method := range connecter.ConnectMethods() { for _, method := range connecter.ConnectMethods() {
route := ws.Method(method).Path(action.Path). route := ws.Method(method).Path(action.Path).
To(ConnectResource(connecter, reqScope, connectOptionsKind, connectSubpath, connectSubpathKey)). To(ConnectResource(connecter, reqScope, admit, connectOptionsKind, path, connectSubpath, connectSubpathKey)).
Filter(m). Filter(m).
Doc("connect " + method + " requests to " + kind). Doc("connect " + method + " requests to " + kind).
Operation("connect" + method + kind). Operation("connect" + method + kind).

15
pkg/apiserver/resthandler.go
View File

@ -142,7 +142,7 @@ func getRequestOptions(req *restful.Request, scope RequestScope, kind string, su
} }
// ConnectResource returns a function that handles a connect request on a rest.Storage object. // ConnectResource returns a function that handles a connect request on a rest.Storage object.
func ConnectResource(connecter rest.Connecter, scope RequestScope, connectOptionsKind string, subpath bool, subpathKey string) restful.RouteFunction { func ConnectResource(connecter rest.Connecter, scope RequestScope, admit admission.Interface, connectOptionsKind, restPath string, subpath bool, subpathKey string) restful.RouteFunction {
return func(req *restful.Request, res *restful.Response) { return func(req *restful.Request, res *restful.Response) {
w := res.ResponseWriter w := res.ResponseWriter
namespace, name, err := scope.Namer.Name(req) namespace, name, err := scope.Namer.Name(req)
@ -157,6 +157,19 @@ func ConnectResource(connecter rest.Connecter, scope RequestScope, connectOption
errorJSON(err, scope.Codec, w) errorJSON(err, scope.Codec, w)
return return
} }
if admit.Handles(admission.Connect) {
connectRequest := &rest.ConnectRequest{
Name: name,
Options: opts,
ResourcePath: restPath,
}
userInfo, _ := api.UserFrom(ctx)
err = admit.Admit(admission.NewAttributesRecord(connectRequest, scope.Kind, namespace, scope.Resource, admission.Connect, userInfo))
if err != nil {
errorJSON(err, scope.Codec, w)
return
}
}
handler, err := connecter.Connect(ctx, name, opts) handler, err := connecter.Connect(ctx, name, opts)
if err != nil { if err != nil {
errorJSON(err, scope.Codec, w) errorJSON(err, scope.Codec, w)