github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove unused parameter: intercceptRedirects & RequireSameHostRedirects

Browse Source
This commit is contained in:
Paco Xu
2022-01-28 10:31:51 +08:00
parent 15558d6972
commit df81521d88
4 changed files with 133 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/registry/core/pod/rest/subresources.go
View File

@@ -71,7 +71,7 @@ func (r *ProxyREST) Connect(ctx context.Context, id string, opts runtime.Object,
}
location.Path = net.JoinPreservingTrailingSlash(location.Path, proxyOpts.Path)
// Return a proxy handler that uses the desired transport, wrapped with additional proxy handling (to get URL rewriting, X-Forwarded-* headers, etc)
return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, false, responder), nil
return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, responder), nil
}
// Support both GET and POST methods. We must support GET for browsers that want to use WebSockets.
@@ -101,7 +101,7 @@ func (r *AttachREST) Connect(ctx context.Context, name string, opts runtime.Obje
if err != nil {
return nil, err
}
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil
}
// NewConnectOptions returns the versioned object that represents exec parameters
@@ -138,7 +138,7 @@ func (r *ExecREST) Connect(ctx context.Context, name string, opts runtime.Object
if err != nil {
return nil, err
}
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil
}
// NewConnectOptions returns the versioned object that represents exec parameters
@@ -186,13 +186,11 @@ func (r *PortForwardREST) Connect(ctx context.Context, name string, opts runtime
if err != nil {
return nil, err
}
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil
return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil
}
func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired, interceptRedirects bool, responder rest.Responder) *proxy.UpgradeAwareHandler {
func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder rest.Responder) *proxy.UpgradeAwareHandler {
handler := proxy.NewUpgradeAwareHandler(location, transport, wrapTransport, upgradeRequired, proxy.NewErrorResponder(responder))
handler.InterceptRedirects = false
handler.RequireSameHostRedirects = false
handler.MaxBytesPerSec = capabilities.Get().PerConnectionBandwidthLimitBytesPerSec
return handler
}

20
staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go
View File

@@ -69,11 +69,6 @@ type UpgradeAwareHandler struct {
UpgradeTransport UpgradeRequestRoundTripper
// WrapTransport indicates whether the provided Transport should be wrapped with default proxy transport behavior (URL rewriting, X-Forwarded-* header setting)
WrapTransport bool
// InterceptRedirects determines whether the proxy should sniff backend responses for redirects,
// following them as necessary.
InterceptRedirects bool
// RequireSameHostRedirects only allows redirects to the same host. It is only used if InterceptRedirects=true.
RequireSameHostRedirects bool
// UseRequestLocation will use the incoming request URL when talking to the backend server.
UseRequestLocation bool
// UseLocationHost overrides the HTTP host header in requests to the backend server to use the Host from Location.
@@ -310,17 +305,12 @@ func (h *UpgradeAwareHandler) tryUpgrade(w http.ResponseWriter, req *http.Reques
// Only append X-Forwarded-For in the upgrade path, since httputil.NewSingleHostReverseProxy
// handles this in the non-upgrade path.
utilnet.AppendForwardedForHeader(clone)
if h.InterceptRedirects {
klog.V(6).Infof("Connecting to backend proxy (intercepting redirects) %s\n Headers: %v", &location, clone.Header)
backendConn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, &location, clone.Header, req.Body, utilnet.DialerFunc(h.DialForUpgrade), h.RequireSameHostRedirects)
} else {
klog.V(6).Infof("Connecting to backend proxy (direct dial) %s\n Headers: %v", &location, clone.Header)
if h.UseLocationHost {
clone.Host = h.Location.Host
}
clone.URL = &location
backendConn, err = h.DialForUpgrade(clone)
klog.V(6).Infof("Connecting to backend proxy (direct dial) %s\n Headers: %v", &location, clone.Header)
if h.UseLocationHost {
clone.Host = h.Location.Host
}
clone.URL = &location
backendConn, err = h.DialForUpgrade(clone)
if err != nil {
klog.V(6).Infof("Proxy connection error: %v", err)
h.Responder.Error(w, req, err)

260
staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go
View File

@@ -501,61 +501,54 @@ func TestProxyUpgrade(t *testing.T) {
}
for k, tc := range testcases {
for _, redirect := range []bool{false, true} {
tcName := k
backendPath := "/hello"
if redirect {
tcName += " with redirect"
backendPath = "/redirect"
}
func() { // Cleanup after each test case.
backend := http.NewServeMux()
backend.Handle("/hello", websocket.Handler(func(ws *websocket.Conn) {
if ws.Request().Header.Get("Authorization") != tc.ExpectedAuth {
t.Errorf("%s: unexpected headers on request: %v", k, ws.Request().Header)
defer ws.Close()
ws.Write([]byte("you failed"))
return
}
tcName := k
backendPath := "/hello"
func() { // Cleanup after each test case.
backend := http.NewServeMux()
backend.Handle("/hello", websocket.Handler(func(ws *websocket.Conn) {
if ws.Request().Header.Get("Authorization") != tc.ExpectedAuth {
t.Errorf("%s: unexpected headers on request: %v", k, ws.Request().Header)
defer ws.Close()
body := make([]byte, 5)
ws.Read(body)
ws.Write([]byte("hello " + string(body)))
}))
backend.Handle("/redirect", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/hello", http.StatusFound)
}))
backendServer := tc.ServerFunc(backend)
defer backendServer.Close()
serverURL, _ := url.Parse(backendServer.URL)
serverURL.Path = backendPath
proxyHandler := NewUpgradeAwareHandler(serverURL, tc.ProxyTransport, false, false, &noErrorsAllowed{t: t})
proxyHandler.UpgradeTransport = tc.UpgradeTransport
proxyHandler.InterceptRedirects = redirect
proxy := httptest.NewServer(proxyHandler)
defer proxy.Close()
ws, err := websocket.Dial("ws://"+proxy.Listener.Addr().String()+"/some/path", "", "http://127.0.0.1/")
if err != nil {
t.Fatalf("%s: websocket dial err: %s", tcName, err)
ws.Write([]byte("you failed"))
return
}
defer ws.Close()
body := make([]byte, 5)
ws.Read(body)
ws.Write([]byte("hello " + string(body)))
}))
backend.Handle("/redirect", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/hello", http.StatusFound)
}))
backendServer := tc.ServerFunc(backend)
defer backendServer.Close()
if _, err := ws.Write([]byte("world")); err != nil {
t.Fatalf("%s: write err: %s", tcName, err)
}
serverURL, _ := url.Parse(backendServer.URL)
serverURL.Path = backendPath
proxyHandler := NewUpgradeAwareHandler(serverURL, tc.ProxyTransport, false, false, &noErrorsAllowed{t: t})
proxyHandler.UpgradeTransport = tc.UpgradeTransport
proxy := httptest.NewServer(proxyHandler)
defer proxy.Close()
response := make([]byte, 20)
n, err := ws.Read(response)
if err != nil {
t.Fatalf("%s: read err: %s", tcName, err)
}
if e, a := "hello world", string(response[0:n]); e != a {
t.Fatalf("%s: expected '%#v', got '%#v'", tcName, e, a)
}
}()
}
ws, err := websocket.Dial("ws://"+proxy.Listener.Addr().String()+"/some/path", "", "http://127.0.0.1/")
if err != nil {
t.Fatalf("%s: websocket dial err: %s", tcName, err)
}
defer ws.Close()
if _, err := ws.Write([]byte("world")); err != nil {
t.Fatalf("%s: write err: %s", tcName, err)
}
response := make([]byte, 20)
n, err := ws.Read(response)
if err != nil {
t.Fatalf("%s: read err: %s", tcName, err)
}
if e, a := "hello world", string(response[0:n]); e != a {
t.Fatalf("%s: expected '%#v', got '%#v'", tcName, e, a)
}
}()
}
}
@@ -614,107 +607,100 @@ func TestProxyUpgradeConnectionErrorResponse(t *testing.T) {
}
func TestProxyUpgradeErrorResponseTerminates(t *testing.T) {
for _, intercept := range []bool{true, false} {
for _, code := range []int{400, 500} {
t.Run(fmt.Sprintf("intercept=%v,code=%v", intercept, code), func(t *testing.T) {
// Set up a backend server
backend := http.NewServeMux()
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(code)
w.Write([]byte(`some data`))
}))
backend.Handle("/there", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Error("request to /there")
}))
backendServer := httptest.NewServer(backend)
defer backendServer.Close()
backendServerURL, _ := url.Parse(backendServer.URL)
backendServerURL.Path = "/hello"
for _, code := range []int{400, 500} {
t.Run(fmt.Sprintf("code=%v", code), func(t *testing.T) {
// Set up a backend server
backend := http.NewServeMux()
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(code)
w.Write([]byte(`some data`))
}))
backend.Handle("/there", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Error("request to /there")
}))
backendServer := httptest.NewServer(backend)
defer backendServer.Close()
backendServerURL, _ := url.Parse(backendServer.URL)
backendServerURL.Path = "/hello"
// Set up a proxy pointing to a specific path on the backend
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &noErrorsAllowed{t: t})
proxyHandler.InterceptRedirects = intercept
proxy := httptest.NewServer(proxyHandler)
defer proxy.Close()
proxyURL, _ := url.Parse(proxy.URL)
// Set up a proxy pointing to a specific path on the backend
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &noErrorsAllowed{t: t})
proxy := httptest.NewServer(proxyHandler)
defer proxy.Close()
proxyURL, _ := url.Parse(proxy.URL)
conn, err := net.Dial("tcp", proxyURL.Host)
require.NoError(t, err)
bufferedReader := bufio.NewReader(conn)
conn, err := net.Dial("tcp", proxyURL.Host)
require.NoError(t, err)
bufferedReader := bufio.NewReader(conn)
// Send upgrade request resulting in a non-101 response from the backend
req, _ := http.NewRequest("GET", "/", nil)
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
require.NoError(t, req.Write(conn))
// Verify we get the correct response and full message body content
resp, err := http.ReadResponse(bufferedReader, nil)
require.NoError(t, err)
data, err := ioutil.ReadAll(resp.Body)
require.NoError(t, err)
require.Equal(t, resp.StatusCode, code)
require.Equal(t, data, []byte(`some data`))
resp.Body.Close()
// Send upgrade request resulting in a non-101 response from the backend
req, _ := http.NewRequest("GET", "/", nil)
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
require.NoError(t, req.Write(conn))
// Verify we get the correct response and full message body content
resp, err := http.ReadResponse(bufferedReader, nil)
require.NoError(t, err)
data, err := ioutil.ReadAll(resp.Body)
require.NoError(t, err)
require.Equal(t, resp.StatusCode, code)
require.Equal(t, data, []byte(`some data`))
resp.Body.Close()
// try to read from the connection to verify it was closed
b := make([]byte, 1)
conn.SetReadDeadline(time.Now().Add(time.Second))
if _, err := conn.Read(b); err != io.EOF {
t.Errorf("expected EOF, got %v", err)
}
// try to read from the connection to verify it was closed
b := make([]byte, 1)
conn.SetReadDeadline(time.Now().Add(time.Second))
if _, err := conn.Read(b); err != io.EOF {
t.Errorf("expected EOF, got %v", err)
}
// Send another request to another endpoint to verify it is not received
req, _ = http.NewRequest("GET", "/there", nil)
req.Write(conn)
// wait to ensure the handler does not receive the request
time.Sleep(time.Second)
// Send another request to another endpoint to verify it is not received
req, _ = http.NewRequest("GET", "/there", nil)
req.Write(conn)
// wait to ensure the handler does not receive the request
time.Sleep(time.Second)
// clean up
conn.Close()
})
}
// clean up
conn.Close()
})
}
}
func TestProxyUpgradeErrorResponse(t *testing.T) {
for _, intercept := range []bool{true, false} {
for _, code := range []int{200, 300, 302, 307} {
t.Run(fmt.Sprintf("intercept=%v,code=%v", intercept, code), func(t *testing.T) {
// Set up a backend server
backend := http.NewServeMux()
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://example.com/there", code)
}))
backendServer := httptest.NewServer(backend)
defer backendServer.Close()
backendServerURL, _ := url.Parse(backendServer.URL)
backendServerURL.Path = "/hello"
for _, code := range []int{200, 300, 302, 307} {
t.Run(fmt.Sprintf("code=%v", code), func(t *testing.T) {
// Set up a backend server
backend := http.NewServeMux()
backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://example.com/there", code)
}))
backendServer := httptest.NewServer(backend)
defer backendServer.Close()
backendServerURL, _ := url.Parse(backendServer.URL)
backendServerURL.Path = "/hello"
// Set up a proxy pointing to a specific path on the backend
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &fakeResponder{t: t})
proxyHandler.InterceptRedirects = intercept
proxyHandler.RequireSameHostRedirects = true
proxy := httptest.NewServer(proxyHandler)
defer proxy.Close()
proxyURL, _ := url.Parse(proxy.URL)
// Set up a proxy pointing to a specific path on the backend
proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &fakeResponder{t: t})
proxy := httptest.NewServer(proxyHandler)
defer proxy.Close()
proxyURL, _ := url.Parse(proxy.URL)
conn, err := net.Dial("tcp", proxyURL.Host)
require.NoError(t, err)
bufferedReader := bufio.NewReader(conn)
conn, err := net.Dial("tcp", proxyURL.Host)
require.NoError(t, err)
bufferedReader := bufio.NewReader(conn)
// Send upgrade request resulting in a non-101 response from the backend
req, _ := http.NewRequest("GET", "/", nil)
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
require.NoError(t, req.Write(conn))
// Verify we get the correct response and full message body content
resp, err := http.ReadResponse(bufferedReader, nil)
require.NoError(t, err)
assert.Equal(t, fakeStatusCode, resp.StatusCode)
resp.Body.Close()
// Send upgrade request resulting in a non-101 response from the backend
req, _ := http.NewRequest("GET", "/", nil)
req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade)
require.NoError(t, req.Write(conn))
// Verify we get the correct response and full message body content
resp, err := http.ReadResponse(bufferedReader, nil)
require.NoError(t, err)
assert.Equal(t, fakeStatusCode, resp.StatusCode)
resp.Body.Close()
// clean up
conn.Close()
})
}
// clean up
conn.Close()
})
}
}

2
staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go
View File

@@ -172,8 +172,6 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
handler := proxy.NewUpgradeAwareHandler(location, proxyRoundTripper, true, upgrade, &responder{w: w})
handler.InterceptRedirects = false
handler.RequireSameHostRedirects = false
utilflowcontrol.RequestDelegated(req.Context())
handler.ServeHTTP(w, newReq)
}