From cecd90f52418458d7ef146846fa6efabeddc3f7c Mon Sep 17 00:00:00 2001
From: Abu Kashem <akashem@redhat.com>
Date: Tue, 1 Dec 2020 14:31:54 -0500
Subject: [PATCH] add comment to describe why we set the UID in the response
 headers

---
 .../apiserver/pkg/server/filters/priority-and-fairness.go    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go b/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go
index e1d7b7793a1..6b17d4c8462 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go
@@ -122,8 +122,13 @@ func WithPriorityAndFairness(
 			served = true
 			innerCtx := context.WithValue(ctx, priorityAndFairnessKey, classification)
 			innerReq := r.Clone(innerCtx)
+
+			// We intentionally set the UID of the flow-schema and priority-level instead of name. This is so that
+			// the names that cluster-admins choose for categorization and priority levels are not exposed, also
+			// the names might make it obvious to the users that they are rejected due to classification with low priority.
 			w.Header().Set(flowcontrol.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID))
 			w.Header().Set(flowcontrol.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID))
+
 			handler.ServeHTTP(w, innerReq)
 		}
 		digest := utilflowcontrol.RequestDigest{RequestInfo: requestInfo, User: user}