MCPcopy Index your code
hub / github.com/kcp-dev/kcp / WithCacheShardLevelPaths

Function WithCacheShardLevelPaths

pkg/cache/server/handler.go:160–175  ·  view source on GitHub ↗

WithCacheShardLevelPaths enforces that shard-level URLs (see pkg/authorization/shardpaths) are not reachable via a shard- or workspace-scoped cache server URL such as services/cache/shards/ /clusters/ /metrics. The data exposed at these paths is process-wide and has no per-shard or per-workspa

(handler http.Handler)

Source from the content-addressed store, hash-verified

158// Must run AFTER WithClusterScope and WithShardScope so the request context
159// reflects whether either prefix was present in the original URL.
160func WithCacheShardLevelPaths(handler http.Handler) http.Handler {
161 return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
162 if !shardpaths.Paths.Has(req.URL.Path) {
163 handler.ServeHTTP(w, req)
164 return
165 }
166 shardScope := request.ShardFrom(req.Context())
167 cluster := request.ClusterFrom(req.Context())
168 if !shardScope.Empty() || (cluster != nil && !cluster.Name.Empty()) {
169 audit.AddAuditAnnotation(req.Context(), "shardpaths.kcp.io/rejected", req.URL.Path)
170 http.Error(w, "shard-level endpoint not available at shard or workspace scope", http.StatusNotImplemented)
171 return
172 }
173 handler.ServeHTTP(w, req)
174 })
175}
176
177// WithSyntheticDelay injects a synthetic delay to calls, to exacerbate timing issues and expose inconsistent client behavior.
178func WithSyntheticDelay(handler http.Handler, delay time.Duration) http.Handler {

Callers 2

NewConfigFunction · 0.85

Calls 5

HasMethod · 0.80
EmptyMethod · 0.80
ContextMethod · 0.65
ErrorMethod · 0.65
ServeHTTPMethod · 0.45

Tested by 1