From c068b569192e2907e5b81e5a364e51a955f1ea3b Mon Sep 17 00:00:00 2001 From: Eric Tune Date: Thu, 6 Nov 2014 09:11:31 -0800 Subject: [PATCH] Return InsecureHandler from master. Subsequent changes will make use of both m.Handler and m.InsecureHandler for different ports. --- cmd/apiserver/apiserver.go | 4 ++-- pkg/master/master.go | 11 ++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cmd/apiserver/apiserver.go b/cmd/apiserver/apiserver.go index 29305088a6a..4aca7c1232b 100644 --- a/cmd/apiserver/apiserver.go +++ b/cmd/apiserver/apiserver.go @@ -185,7 +185,7 @@ func main() { rl := util.NewTokenBucketRateLimiter(1.0, 20) readOnlyServer := &http.Server{ Addr: roLocation, - Handler: apiserver.RecoverPanics(apiserver.ReadOnly(apiserver.RateLimit(rl, m.Handler))), + Handler: apiserver.RecoverPanics(apiserver.ReadOnly(apiserver.RateLimit(rl, m.InsecureHandler))), ReadTimeout: 5 * time.Minute, WriteTimeout: 5 * time.Minute, MaxHeaderBytes: 1 << 20, @@ -203,7 +203,7 @@ func main() { s := &http.Server{ Addr: rwLocation, - Handler: apiserver.RecoverPanics(m.Handler), + Handler: apiserver.RecoverPanics(m.InsecureHandler), ReadTimeout: 5 * time.Minute, WriteTimeout: 5 * time.Minute, MaxHeaderBytes: 1 << 20, diff --git a/pkg/master/master.go b/pkg/master/master.go index 4718e75b286..f13a33b12bc 100644 --- a/pkg/master/master.go +++ b/pkg/master/master.go @@ -106,12 +106,13 @@ type Master struct { authorizer authorizer.Authorizer masterCount int - // "Outputs" - Handler http.Handler - readOnlyServer string readWriteServer string masterServices *util.Runner + + // "Outputs" + Handler http.Handler + InsecureHandler http.Handler } // NewEtcdHelper returns an EtcdHelper for the provided arguments or an error if the version @@ -195,6 +196,8 @@ func setDefaults(c *Config) { // http.Handler which handles all the endpoints provided by the master, // including the API, the UI, and miscelaneous debugging endpoints. All // these are subject to authorization and authentication. +// InsecureHandler -- an http.Handler which handles all the same +// endpoints as Handler, but no authorization and authentication is done. // Public methods: // HandleWithAuth -- Allows caller to add an http.Handler for an endpoint // that uses the same authentication and authorization (if any is configured) @@ -320,6 +323,8 @@ func (m *Master) init(c *Config) { handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true") } + m.InsecureHandler = handler + attributeGetter := apiserver.NewRequestAttributeGetter(userContexts) handler = apiserver.WithAuthorizationCheck(handler, attributeGetter, m.authorizer)