apiserver

package
v1.4.0-alpha.1....-4fdde68 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 23, 2016 License: Apache-2.0 Imports: 69 Imported by: 0

Documentation

Overview

Package apiserver contains the code that provides a rest.ful api service.

Index

Constants

View Source
const (
	// Minimum duration before timing out read/write requests
	MinTimeoutSecs = 300
	// Maximum duration before timing out read/write requests
	MaxTimeoutSecs = 600
)

TODO: Pipe these in through the apiserver cmd line

View Source
const (
	ModeAlwaysAllow string = "AlwaysAllow"
	ModeAlwaysDeny  string = "AlwaysDeny"
	ModeABAC        string = "ABAC"
	ModeWebhook     string = "Webhook"
	ModeRBAC        string = "RBAC"
)
View Source
const MaxPatchConflicts = 5

MaxPatchConflicts is the maximum number of conflicts retry for during a patch operation before returning failure

View Source
const RetryAfter = "1"

Constant for the retry-after interval on rate limiting. TODO: maybe make this dynamic? or user-adjustable?

Variables

Keep this list in sync with constant list above.

View Source
var NamespaceSubResourcesForTest = sets.NewString(namespaceSubresources.List()...)

NamespaceSubResourcesForTest exports namespaceSubresources for testing in pkg/master/master_test.go, so we never drift

Functions

func APIVersionHandler

func APIVersionHandler(s runtime.NegotiatedSerializer, getAPIVersionsFunc func(req *restful.Request) *unversioned.APIVersions) restful.RouteFunction

APIVersionHandler returns a handler which will list the provided versions as available.

func AddApiWebService

func AddApiWebService(s runtime.NegotiatedSerializer, container *restful.Container, apiPrefix string, getAPIVersionsFunc func(req *restful.Request) *unversioned.APIVersions)

Adds a service to return the supported api versions at the legacy /api.

func AddApisWebService

func AddApisWebService(s runtime.NegotiatedSerializer, container *restful.Container, apiPrefix string, f func(req *restful.Request) []unversioned.APIGroup)

Adds a service to return the supported api versions at /apis.

func AddGroupWebService

func AddGroupWebService(s runtime.NegotiatedSerializer, container *restful.Container, path string, group unversioned.APIGroup)

Adds a service to return the supported versions, preferred version, and name of a group. E.g., a such web service will be registered at /apis/extensions.

func AddSupportedResourcesWebService

func AddSupportedResourcesWebService(s runtime.NegotiatedSerializer, ws *restful.WebService, groupVersion unversioned.GroupVersion, apiResources []unversioned.APIResource)

Adds a service to return the supported resources, E.g., a such web service will be registered at /apis/extensions/v1.

func CORS

func CORS(handler http.Handler, allowedOriginPatterns []*regexp.Regexp, allowedMethods []string, allowedHeaders []string, allowCredentials string) http.Handler

TODO: use restful.CrossOriginResourceSharing Simple CORS implementation that wraps an http Handler For a more detailed implementation use https://github.com/martini-contrib/cors or implement CORS at your proxy layer Pass nil for allowedMethods and allowedHeaders to use the defaults

func ConnectResource

func ConnectResource(connecter rest.Connecter, scope RequestScope, admit admission.Interface, restPath string) restful.RouteFunction

ConnectResource returns a function that handles a connect request on a rest.Storage object.

func CreateNamedResource

func CreateNamedResource(r rest.NamedCreater, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface) restful.RouteFunction

CreateNamedResource returns a function that will handle a resource creation with name.

func CreateResource

func CreateResource(r rest.Creater, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface) restful.RouteFunction

CreateResource returns a function that will handle a resource creation.

func DeleteCollection

func DeleteCollection(r rest.CollectionDeleter, checkBody bool, scope RequestScope, admit admission.Interface) restful.RouteFunction

DeleteCollection returns a function that will handle a collection deletion

func DeleteResource

func DeleteResource(r rest.GracefulDeleter, checkBody bool, scope RequestScope, admit admission.Interface) restful.RouteFunction

DeleteResource returns a function that will handle a resource deletion

func GetResource

func GetResource(r rest.Getter, e rest.Exporter, scope RequestScope) restful.RouteFunction

GetResource returns a function that handles retrieving a single resource from a rest.Storage object.

func GetResourceWithOptions

func GetResourceWithOptions(r rest.GetterWithOptions, scope RequestScope) restful.RouteFunction

GetResourceWithOptions returns a function that handles retrieving a single resource from a rest.Storage object.

func GroupHandler

func GroupHandler(s runtime.NegotiatedSerializer, group unversioned.APIGroup) restful.RouteFunction

GroupHandler returns a handler which will return the api.GroupAndVersion of the group.

func IndexHandler

func IndexHandler(container *restful.Container, muxHelper *MuxHelper) func(http.ResponseWriter, *http.Request)

func InstallLogsSupport

func InstallLogsSupport(mux Mux)

InstallLogsSupport registers the APIServer log support function into a mux.

func InstallRecoverHandler

func InstallRecoverHandler(s runtime.NegotiatedSerializer, container *restful.Container)

TODO: needs to perform response type negotiation, this is probably the wrong way to recover panics

func InstallServiceErrorHandler

func InstallServiceErrorHandler(s runtime.NegotiatedSerializer, container *restful.Container, requestResolver *RequestInfoResolver, apiVersions []string)

func InstallVersionHandler

func InstallVersionHandler(mux Mux, container *restful.Container)

TODO: document all handlers InstallVersionHandler registers the APIServer's `/version` handler

func IsAPIPrefixNotFound

func IsAPIPrefixNotFound(err error) bool

func IsReadOnlyReq

func IsReadOnlyReq(req http.Request) bool

IsReadOnlyReq() is true for any (or at least many) request which has no observable side effects on state of apiserver (though there may be internal side effects like caching and logging).

func ListResource

func ListResource(r rest.Lister, rw rest.Watcher, scope RequestScope, forceWatch bool, minRequestTimeout time.Duration) restful.RouteFunction

ListResource returns a function that handles retrieving a list of resources from a rest.Storage object.

func MaxInFlightLimit

func MaxInFlightLimit(c chan bool, longRunningRequestCheck LongRunningRequestCheck, handler http.Handler) http.Handler

MaxInFlight limits the number of in-flight requests to buffer size of the passed in channel.

func NewAlwaysAllowAuthorizer

func NewAlwaysAllowAuthorizer() authorizer.Authorizer

func NewAlwaysDenyAuthorizer

func NewAlwaysDenyAuthorizer() authorizer.Authorizer

func NewAlwaysFailAuthorizer

func NewAlwaysFailAuthorizer() authorizer.Authorizer

func NewAuthorizerFromAuthorizationConfig

func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)

NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects based on the authorizationMode or an error. authorizationMode should be a comma separated values of AuthorizationModeChoices.

func PatchResource

func PatchResource(r rest.Patcher, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface, converter runtime.ObjectConvertor) restful.RouteFunction

PatchResource returns a function that will handle a resource patch TODO: Eventually PatchResource should just use GuaranteedUpdate and this routine should be a bit cleaner

func ReadOnly

func ReadOnly(handler http.Handler) http.Handler

ReadOnly passes all GET requests on to handler, and returns an error on all other requests.

func RecoverPanics

func RecoverPanics(handler http.Handler) http.Handler

RecoverPanics wraps an http Handler to recover and log panics.

func RootAPIHandler

func RootAPIHandler(s runtime.NegotiatedSerializer, f func(req *restful.Request) []unversioned.APIGroup) restful.RouteFunction

RootAPIHandler returns a handler which will list the provided groups and versions as available.

func SupportedResourcesHandler

func SupportedResourcesHandler(s runtime.NegotiatedSerializer, groupVersion unversioned.GroupVersion, apiResources []unversioned.APIResource) restful.RouteFunction

SupportedResourcesHandler returns a handler which will list the provided resources as available.

func TimeoutHandler

func TimeoutHandler(h http.Handler, timeoutFunc func(*http.Request) (timeout <-chan time.Time, msg string)) http.Handler

TimeoutHandler returns an http.Handler that runs h with a timeout determined by timeoutFunc. The new http.Handler calls h.ServeHTTP to handle each request, but if a call runs for longer than its time limit, the handler responds with a 503 Service Unavailable error and the message provided. (If msg is empty, a suitable default message with be sent.) After the handler times out, writes by h to its http.ResponseWriter will return http.ErrHandlerTimeout. If timeoutFunc returns a nil timeout channel, no timeout will be enforced.

func UpdateResource

func UpdateResource(r rest.Updater, scope RequestScope, typer runtime.ObjectTyper, admit admission.Interface) restful.RouteFunction

UpdateResource returns a function that will handle a resource update

func WithAuthorizationCheck

func WithAuthorizationCheck(handler http.Handler, getAttribs RequestAttributeGetter, a authorizer.Authorizer) http.Handler

WithAuthorizationCheck passes all authorized requests on to handler, and returns a forbidden error otherwise.

func WithImpersonation

func WithImpersonation(handler http.Handler, requestContextMapper api.RequestContextMapper, a authorizer.Authorizer) http.Handler

Types

type APIGroupVersion

type APIGroupVersion struct {
	Storage map[string]rest.Storage

	Root string

	// GroupVersion is the external group version
	GroupVersion unversioned.GroupVersion

	// RequestInfoResolver is used to parse URLs for the legacy proxy handler.  Don't use this for anything else
	// TODO: refactor proxy handler to use sub resources
	RequestInfoResolver *RequestInfoResolver

	// OptionsExternalVersion controls the Kubernetes APIVersion used for common objects in the apiserver
	// schema like api.Status, api.DeleteOptions, and api.ListOptions. Other implementors may
	// define a version "v1beta1" but want to use the Kubernetes "v1" internal objects. If
	// empty, defaults to GroupVersion.
	OptionsExternalVersion *unversioned.GroupVersion

	Mapper meta.RESTMapper

	// Serializer is used to determine how to convert responses from API methods into bytes to send over
	// the wire.
	Serializer     runtime.NegotiatedSerializer
	ParameterCodec runtime.ParameterCodec

	Typer     runtime.ObjectTyper
	Creater   runtime.ObjectCreater
	Convertor runtime.ObjectConvertor
	Copier    runtime.ObjectCopier
	Linker    runtime.SelfLinker

	Admit   admission.Interface
	Context api.RequestContextMapper

	MinRequestTimeout time.Duration

	// SubresourceGroupVersionKind contains the GroupVersionKind overrides for each subresource that is
	// accessible from this API group version. The GroupVersionKind is that of the external version of
	// the subresource. The key of this map should be the path of the subresource. The keys here should
	// match the keys in the Storage map above for subresources.
	SubresourceGroupVersionKind map[string]unversioned.GroupVersionKind
}

APIGroupVersion is a helper for exposing rest.Storage objects as http.Handlers via go-restful It handles URLs of the form: /${storage_key}[/${object_name}] Where 'storage_key' points to a rest.Storage object stored in storage. This object should contain all parameterization necessary for running a particular API version

func (*APIGroupVersion) InstallREST

func (g *APIGroupVersion) InstallREST(container *restful.Container) error

InstallREST registers the REST handlers (storage, watch, proxy and redirect) into a restful Container. It is expected that the provided path root prefix will serve all operations. Root MUST NOT end in a slash.

func (*APIGroupVersion) UpdateREST

func (g *APIGroupVersion) UpdateREST(container *restful.Container) error

UpdateREST registers the REST handlers for this APIGroupVersion to an existing web service in the restful Container. It will use the prefix (root/version) to find the existing web service. If a web service does not exist within the container to support the prefix this method will return an error.

type APIInstaller

type APIInstaller struct {
	// contains filtered or unexported fields
}

func (*APIInstaller) Install

func (a *APIInstaller) Install(ws *restful.WebService) (apiResources []unversioned.APIResource, errors []error)

Installs handlers for API resources.

func (*APIInstaller) NewWebService

func (a *APIInstaller) NewWebService() *restful.WebService

NewWebService creates a new restful webservice with the api installer's prefix and version.

type Attributes

type Attributes struct {
}

Attributes implements authorizer.Attributes interface.

type AuthorizationConfig

type AuthorizationConfig struct {

	// Path to a ABAC policy file.
	PolicyFile string

	// Kubeconfig file for Webhook authorization plugin.
	WebhookConfigFile string
	// TTL for caching of authorized responses from the webhook server.
	WebhookCacheAuthorizedTTL time.Duration
	// TTL for caching of unauthorized responses from the webhook server.
	WebhookCacheUnauthorizedTTL time.Duration

	// User which can bootstrap role policies
	RBACSuperUser string

	RBACClusterRoleRegistry        clusterrole.Registry
	RBACClusterRoleBindingRegistry clusterrolebinding.Registry
	RBACRoleRegistry               role.Registry
	RBACRoleBindingRegistry        rolebinding.Registry
}

type ContextFunc

type ContextFunc func(req *restful.Request) api.Context

ContextFunc returns a Context given a request - a context must be returned

type LongRunningRequestCheck

type LongRunningRequestCheck func(r *http.Request) bool

func BasicLongRunningRequestCheck

func BasicLongRunningRequestCheck(pathRegex *regexp.Regexp, queryParams map[string]string) LongRunningRequestCheck

BasicLongRunningRequestCheck pathRegex operates against the url path, the queryParams match is case insensitive. Any one match flags the request. TODO tighten this check to eliminate the abuse potential by malicious clients that start setting queryParameters to bypass the rate limitter. This could be done using a full parse and special casing the bits we need.

type Mux

type Mux interface {
	Handle(pattern string, handler http.Handler)
	HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
}

mux is an object that can register http handlers.

type MuxHelper

type MuxHelper struct {
	Mux             Mux
	RegisteredPaths []string
}

Offers additional functionality over ServeMux, for ex: supports listing registered paths.

func (*MuxHelper) Handle

func (m *MuxHelper) Handle(path string, handler http.Handler)

func (*MuxHelper) HandleFunc

func (m *MuxHelper) HandleFunc(path string, handler func(http.ResponseWriter, *http.Request))

type ProxyDialerFunc

type ProxyDialerFunc func(network, addr string) (net.Conn, error)

type ProxyHandler

type ProxyHandler struct {
	// contains filtered or unexported fields
}

ProxyHandler provides a http.Handler which will proxy traffic to locations specified by items implementing Redirector.

func (*ProxyHandler) ServeHTTP

func (r *ProxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)

type RequestAttributeGetter

type RequestAttributeGetter interface {
	GetAttribs(req *http.Request) (attribs authorizer.Attributes)
}

RequestAttributeGetter is a function that extracts authorizer.Attributes from an http.Request

func NewRequestAttributeGetter

func NewRequestAttributeGetter(requestContextMapper api.RequestContextMapper, requestInfoResolver *RequestInfoResolver) RequestAttributeGetter

NewAttributeGetter returns an object which implements the RequestAttributeGetter interface.

type RequestInfo

type RequestInfo struct {
	// IsResourceRequest indicates whether or not the request is for an API resource or subresource
	IsResourceRequest bool
	// Path is the URL path of the request
	Path string
	// Verb is the kube verb associated with the request for API requests, not the http verb.  This includes things like list and watch.
	// for non-resource requests, this is the lowercase http verb
	Verb string

	APIPrefix  string
	APIGroup   string
	APIVersion string
	Namespace  string
	// Resource is the name of the resource being requested.  This is not the kind.  For example: pods
	Resource string
	// Subresource is the name of the subresource being requested.  This is a different resource, scoped to the parent resource, but it may have a different kind.
	// For instance, /pods has the resource "pods" and the kind "Pod", while /pods/foo/status has the resource "pods", the sub resource "status", and the kind "Pod"
	// (because status operates on pods). The binding resource for a pod though may be /pods/foo/binding, which has resource "pods", subresource "binding", and kind "Binding".
	Subresource string
	// Name is empty for some verbs, but if the request directly indicates a name (not in body content) then this field is filled in.
	Name string
	// Parts are the path parts for the request, always starting with /{resource}/{name}
	Parts []string
}

RequestInfo holds information parsed from the http.Request

type RequestInfoResolver

type RequestInfoResolver struct {
	APIPrefixes          sets.String
	GrouplessAPIPrefixes sets.String
}

func (*RequestInfoResolver) GetRequestInfo

func (r *RequestInfoResolver) GetRequestInfo(req *http.Request) (RequestInfo, error)

TODO write an integration test against the swagger doc to test the RequestInfo and match up behavior to responses GetRequestInfo returns the information from the http request. If error is not nil, RequestInfo holds the information as best it is known before the failure It handles both resource and non-resource requests and fills in all the pertinent information for each. Valid Inputs: Resource paths /apis/{api-group}/{version}/namespaces /api/{version}/namespaces /api/{version}/namespaces/{namespace} /api/{version}/namespaces/{namespace}/{resource} /api/{version}/namespaces/{namespace}/{resource}/{resourceName} /api/{version}/{resource} /api/{version}/{resource}/{resourceName}

Special verbs without subresources: /api/{version}/proxy/{resource}/{resourceName} /api/{version}/proxy/namespaces/{namespace}/{resource}/{resourceName} /api/{version}/redirect/namespaces/{namespace}/{resource}/{resourceName} /api/{version}/redirect/{resource}/{resourceName}

Special verbs with subresources: /api/{version}/watch/{resource} /api/{version}/watch/namespaces/{namespace}/{resource}

NonResource paths /apis/{api-group}/{version} /apis/{api-group} /apis /api/{version} /api /healthz /

type RequestScope

RequestScope encapsulates common fields across all RESTful handler methods.

type ScopeNamer

type ScopeNamer interface {
	// Namespace returns the appropriate namespace value from the request (may be empty) or an
	// error.
	Namespace(req *restful.Request) (namespace string, err error)
	// Name returns the name from the request, and an optional namespace value if this is a namespace
	// scoped call. An error is returned if the name is not available.
	Name(req *restful.Request) (namespace, name string, err error)
	// ObjectName returns the namespace and name from an object if they exist, or an error if the object
	// does not support names.
	ObjectName(obj runtime.Object) (namespace, name string, err error)
	// SetSelfLink sets the provided URL onto the object. The method should return nil if the object
	// does not support selfLinks.
	SetSelfLink(obj runtime.Object, url string) error
	// GenerateLink creates a path and query for a given runtime object that represents the canonical path.
	GenerateLink(req *restful.Request, obj runtime.Object) (path, query string, err error)
	// GenerateLink creates a path and query for a list that represents the canonical path.
	GenerateListLink(req *restful.Request) (path, query string, err error)
}

ScopeNamer handles accessing names from requests and objects

type Server

type Server struct {
	Addr        string
	Port        int
	Path        string
	EnableHTTPS bool
	Validate    ValidatorFn
}

func (*Server) DoServerCheck

func (server *Server) DoServerCheck(prober httpprober.HTTPProber) (probe.Result, string, error)

type ServerStatus

type ServerStatus struct {
	Component  string       `json:"component,omitempty"`
	Health     string       `json:"health,omitempty"`
	HealthCode probe.Result `json:"healthCode,omitempty"`
	Msg        string       `json:"msg,omitempty"`
	Err        string       `json:"err,omitempty"`
}

type StripVersionNegotiatedSerializer

type StripVersionNegotiatedSerializer struct {
	runtime.NegotiatedSerializer
}

StripVersionNegotiatedSerializer will return stripVersionEncoder when EncoderForVersion is called. See comments for stripVersionEncoder.

func (StripVersionNegotiatedSerializer) EncoderForVersion

type ValidatorFn

type ValidatorFn func([]byte) error

type WatchServer

type WatchServer struct {
	// contains filtered or unexported fields
}

WatchServer serves a watch.Interface over a websocket or vanilla HTTP.

func (*WatchServer) HandleWS

func (s *WatchServer) HandleWS(ws *websocket.Conn)

HandleWS implements a websocket handler.

func (*WatchServer) ServeHTTP

func (s *WatchServer) ServeHTTP(w http.ResponseWriter, req *http.Request)

ServeHTTP serves a series of encoded events via HTTP with Transfer-Encoding: chunked or over a websocket connection.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL