From de73ac519867b3ce41adcb9a419c3c28c7a99c41 Mon Sep 17 00:00:00 2001 From: Abu Kashem Date: Tue, 16 Feb 2021 12:13:36 -0500 Subject: [PATCH] apf: set response headers for rejected requests --- .../server/filters/priority-and-fairness.go | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go b/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go index 6f604243112..186824e2f26 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go +++ b/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go @@ -122,12 +122,7 @@ func WithPriorityAndFairness( served = true innerCtx := context.WithValue(ctx, priorityAndFairnessKey, classification) innerReq := r.Clone(innerCtx) - - // We intentionally set the UID of the flow-schema and priority-level instead of name. This is so that - // the names that cluster-admins choose for categorization and priority levels are not exposed, also - // the names might make it obvious to the users that they are rejected due to classification with low priority. - w.Header().Set(flowcontrol.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID)) - w.Header().Set(flowcontrol.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID)) + setResponseHeaders(classification, w) handler.ServeHTTP(w, innerReq) } @@ -140,6 +135,8 @@ func WithPriorityAndFairness( } }, execute) if !served { + setResponseHeaders(classification, w) + if isMutatingRequest { epmetrics.DroppedRequests.WithContext(ctx).WithLabelValues(epmetrics.MutatingKind).Inc() } else { @@ -158,3 +155,15 @@ func StartPriorityAndFairnessWatermarkMaintenance(stopCh <-chan struct{}) { startWatermarkMaintenance(watermark, stopCh) startWatermarkMaintenance(waitingMark, stopCh) } + +func setResponseHeaders(classification *PriorityAndFairnessClassification, w http.ResponseWriter) { + if classification == nil { + return + } + + // We intentionally set the UID of the flow-schema and priority-level instead of name. This is so that + // the names that cluster-admins choose for categorization and priority levels are not exposed, also + // the names might make it obvious to the users that they are rejected due to classification with low priority. + w.Header().Set(flowcontrol.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID)) + w.Header().Set(flowcontrol.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID)) +}