Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 3fe5b94a4dbaf2a9c67f00998e7751aefc5c4632 / . / metrics-server / vendor / k8s.io / apiserver / pkg / endpoints / handlers / responsewriters / errors.go
blob: 007efe9d884bfabbb4370452f08ee6e8d2053a3a [file] [log] [blame]
Matthias Andreas Benkard832a54e2019-01-29 09:27:38 +0100[diff] [blame]1/*
2Copyright 2014 The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17package responsewriters
18
19import (
20 "context"
21 "fmt"
22 "net/http"
23 "strings"
24
25 apierrors "k8s.io/apimachinery/pkg/api/errors"
26 "k8s.io/apimachinery/pkg/runtime"
27 "k8s.io/apimachinery/pkg/runtime/schema"
28 utilruntime "k8s.io/apimachinery/pkg/util/runtime"
29 "k8s.io/apiserver/pkg/authorization/authorizer"
30)
31
32// Avoid emitting errors that look like valid HTML. Quotes are okay.
33var sanitizer = strings.NewReplacer(`&`, "&amp;", `<`, "&lt;", `>`, "&gt;")
34
35// BadGatewayError renders a simple bad gateway error.
36func BadGatewayError(w http.ResponseWriter, req *http.Request) {
37 w.Header().Set("Content-Type", "text/plain")
38 w.Header().Set("X-Content-Type-Options", "nosniff")
39 w.WriteHeader(http.StatusBadGateway)
40 fmt.Fprintf(w, "Bad Gateway: %q", sanitizer.Replace(req.RequestURI))
41}
42
43// Forbidden renders a simple forbidden error
44func Forbidden(ctx context.Context, attributes authorizer.Attributes, w http.ResponseWriter, req *http.Request, reason string, s runtime.NegotiatedSerializer) {
45 msg := sanitizer.Replace(forbiddenMessage(attributes))
46 w.Header().Set("X-Content-Type-Options", "nosniff")
47
48 var errMsg string
49 if len(reason) == 0 {
50 errMsg = fmt.Sprintf("%s", msg)
51 } else {
52 errMsg = fmt.Sprintf("%s: %s", msg, reason)
53 }
54 gv := schema.GroupVersion{Group: attributes.GetAPIGroup(), Version: attributes.GetAPIVersion()}
55 gr := schema.GroupResource{Group: attributes.GetAPIGroup(), Resource: attributes.GetResource()}
56 ErrorNegotiated(apierrors.NewForbidden(gr, attributes.GetName(), fmt.Errorf(errMsg)), s, gv, w, req)
57}
58
59func forbiddenMessage(attributes authorizer.Attributes) string {
60 username := ""
61 if user := attributes.GetUser(); user != nil {
62 username = user.GetName()
63 }
64
65 if !attributes.IsResourceRequest() {
66 return fmt.Sprintf("User %q cannot %s path %q", username, attributes.GetVerb(), attributes.GetPath())
67 }
68
69 resource := attributes.GetResource()
70 if group := attributes.GetAPIGroup(); len(group) > 0 {
71 resource = resource + "." + group
72 }
73 if subresource := attributes.GetSubresource(); len(subresource) > 0 {
74 resource = resource + "/" + subresource
75 }
76
77 if ns := attributes.GetNamespace(); len(ns) > 0 {
78 return fmt.Sprintf("User %q cannot %s %s in the namespace %q", username, attributes.GetVerb(), resource, ns)
79 }
80
81 return fmt.Sprintf("User %q cannot %s %s at the cluster scope", username, attributes.GetVerb(), resource)
82}
83
84// InternalError renders a simple internal error
85func InternalError(w http.ResponseWriter, req *http.Request, err error) {
86 w.Header().Set("Content-Type", "text/plain")
87 w.Header().Set("X-Content-Type-Options", "nosniff")
88 w.WriteHeader(http.StatusInternalServerError)
89 fmt.Fprintf(w, "Internal Server Error: %q: %v", sanitizer.Replace(req.RequestURI), err)
90 utilruntime.HandleError(err)
91}
92
93// NotFound renders a simple not found error.
94func NotFound(w http.ResponseWriter, req *http.Request) {
95 w.WriteHeader(http.StatusNotFound)
96 fmt.Fprintf(w, "Not Found: %q", sanitizer.Replace(req.RequestURI))
97}