Documentation
¶
Overview ¶
Package shared contains helpers reused by the initializing and terminating workspace virtual workspaces. Both VWs implement the same lifecycle content proxy pattern, so they share their HTTP plumbing here to keep behaviour in lockstep.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ResolveLifecycleWorkspaceType ¶
func ResolveLifecycleWorkspaceType( role string, id string, typeFrom func() (logicalcluster.Name, string, error), localWSTIndexer, cachedWSTIndexer cache.Indexer, ) (*tenancyv1alpha1.WorkspaceType, error)
ResolveLifecycleWorkspaceType resolves the WorkspaceType referenced by an initializer or terminator identifier.
role is a human-readable label ("initializer" or "terminator") used only for error messages. id is the string form of the identifier. typeFrom is the per-lifecycle parser (e.g. initialization.TypeFrom / termination.TypeFrom) that splits id into (wstCluster, wstName). Encapsulating these as parameters keeps the two callers identical without forcing a tight coupling between the initializing and terminating packages.
Returns:
- (wst, nil) — id encodes a WST reference and the WST was found in the local or cache-server indexer; the caller should evaluate the WST's lifecycle permissions (Mode 1).
- (nil, nil) — id is a known system initializer/terminator (e.g. "system:apibindings"): well-formed but intentionally not backed by a WST. Caller should fall through to owner impersonation (Mode 2).
- (nil, err) — id is malformed or it encodes a real (non-system) WST reference that neither indexer has. Both cases must fail closed: granting Mode 2 to a lifecycle controller we cannot validate would be a silent privilege escalation.
func ServeProxy ¶
func ServeProxy(writer http.ResponseWriter, request *http.Request, forwardedHost *url.URL, rt http.RoundTripper)
ServeProxy strips any client-supplied auth/impersonation headers from the request and reverse-proxies it to forwardedHost using the supplied (impersonating) transport. It is used by the workspace-content sub-workspace handlers under both modes of operation (synthetic-group + caller identity, or owner impersonation fallback).
Types ¶
This section is empty.