diff options
Diffstat (limited to 'vendor/k8s.io/apimachinery/pkg/util/httpstream')
5 files changed, 0 insertions, 852 deletions
diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/doc.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/doc.go deleted file mode 100644 index 5893df5bd..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package httpstream adds multiplexed streaming support to HTTP requests and -// responses via connection upgrades. -package httpstream // import "k8s.io/apimachinery/pkg/util/httpstream" diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go deleted file mode 100644 index 00ce5f785..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package httpstream - -import ( - "fmt" - "io" - "net/http" - "strings" - "time" -) - -const ( - HeaderConnection = "Connection" - HeaderUpgrade = "Upgrade" - HeaderProtocolVersion = "X-Stream-Protocol-Version" - HeaderAcceptedProtocolVersions = "X-Accepted-Stream-Protocol-Versions" -) - -// NewStreamHandler defines a function that is called when a new Stream is -// received. If no error is returned, the Stream is accepted; otherwise, -// the stream is rejected. After the reply frame has been sent, replySent is closed. -type NewStreamHandler func(stream Stream, replySent <-chan struct{}) error - -// NoOpNewStreamHandler is a stream handler that accepts a new stream and -// performs no other logic. -func NoOpNewStreamHandler(stream Stream, replySent <-chan struct{}) error { return nil } - -// Dialer knows how to open a streaming connection to a server. -type Dialer interface { - - // Dial opens a streaming connection to a server using one of the protocols - // specified (in order of most preferred to least preferred). - Dial(protocols ...string) (Connection, string, error) -} - -// UpgradeRoundTripper is a type of http.RoundTripper that is able to upgrade -// HTTP requests to support multiplexed bidirectional streams. After RoundTrip() -// is invoked, if the upgrade is successful, clients may retrieve the upgraded -// connection by calling UpgradeRoundTripper.Connection(). -type UpgradeRoundTripper interface { - http.RoundTripper - // NewConnection validates the response and creates a new Connection. - NewConnection(resp *http.Response) (Connection, error) -} - -// ResponseUpgrader knows how to upgrade HTTP requests and responses to -// add streaming support to them. -type ResponseUpgrader interface { - // UpgradeResponse upgrades an HTTP response to one that supports multiplexed - // streams. newStreamHandler will be called asynchronously whenever the - // other end of the upgraded connection creates a new stream. - UpgradeResponse(w http.ResponseWriter, req *http.Request, newStreamHandler NewStreamHandler) Connection -} - -// Connection represents an upgraded HTTP connection. -type Connection interface { - // CreateStream creates a new Stream with the supplied headers. - CreateStream(headers http.Header) (Stream, error) - // Close resets all streams and closes the connection. - Close() error - // CloseChan returns a channel that is closed when the underlying connection is closed. - CloseChan() <-chan bool - // SetIdleTimeout sets the amount of time the connection may remain idle before - // it is automatically closed. - SetIdleTimeout(timeout time.Duration) -} - -// Stream represents a bidirectional communications channel that is part of an -// upgraded connection. -type Stream interface { - io.ReadWriteCloser - // Reset closes both directions of the stream, indicating that neither client - // or server can use it any more. - Reset() error - // Headers returns the headers used to create the stream. - Headers() http.Header - // Identifier returns the stream's ID. - Identifier() uint32 -} - -// IsUpgradeRequest returns true if the given request is a connection upgrade request -func IsUpgradeRequest(req *http.Request) bool { - for _, h := range req.Header[http.CanonicalHeaderKey(HeaderConnection)] { - if strings.Contains(strings.ToLower(h), strings.ToLower(HeaderUpgrade)) { - return true - } - } - return false -} - -func negotiateProtocol(clientProtocols, serverProtocols []string) string { - for i := range clientProtocols { - for j := range serverProtocols { - if clientProtocols[i] == serverProtocols[j] { - return clientProtocols[i] - } - } - } - return "" -} - -func commaSeparatedHeaderValues(header []string) []string { - var parsedClientProtocols []string - for i := range header { - for _, clientProtocol := range strings.Split(header[i], ",") { - if proto := strings.Trim(clientProtocol, " "); len(proto) > 0 { - parsedClientProtocols = append(parsedClientProtocols, proto) - } - } - } - return parsedClientProtocols -} - -// Handshake performs a subprotocol negotiation. If the client did request a -// subprotocol, Handshake will select the first common value found in -// serverProtocols. If a match is found, Handshake adds a response header -// indicating the chosen subprotocol. If no match is found, HTTP forbidden is -// returned, along with a response header containing the list of protocols the -// server can accept. -func Handshake(req *http.Request, w http.ResponseWriter, serverProtocols []string) (string, error) { - clientProtocols := commaSeparatedHeaderValues(req.Header[http.CanonicalHeaderKey(HeaderProtocolVersion)]) - if len(clientProtocols) == 0 { - return "", fmt.Errorf("unable to upgrade: %s is required", HeaderProtocolVersion) - } - - if len(serverProtocols) == 0 { - panic(fmt.Errorf("unable to upgrade: serverProtocols is required")) - } - - negotiatedProtocol := negotiateProtocol(clientProtocols, serverProtocols) - if len(negotiatedProtocol) == 0 { - for i := range serverProtocols { - w.Header().Add(HeaderAcceptedProtocolVersions, serverProtocols[i]) - } - err := fmt.Errorf("unable to upgrade: unable to negotiate protocol: client supports %v, server accepts %v", clientProtocols, serverProtocols) - http.Error(w, err.Error(), http.StatusForbidden) - return "", err - } - - w.Header().Add(HeaderProtocolVersion, negotiatedProtocol) - return negotiatedProtocol, nil -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go deleted file mode 100644 index 336b4908b..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go +++ /dev/null @@ -1,187 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "net" - "net/http" - "sync" - "time" - - "github.com/docker/spdystream" - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/klog/v2" -) - -// connection maintains state about a spdystream.Connection and its associated -// streams. -type connection struct { - conn *spdystream.Connection - streams []httpstream.Stream - streamLock sync.Mutex - newStreamHandler httpstream.NewStreamHandler - ping func() (time.Duration, error) -} - -// NewClientConnection creates a new SPDY client connection. -func NewClientConnection(conn net.Conn) (httpstream.Connection, error) { - return NewClientConnectionWithPings(conn, 0) -} - -// NewClientConnectionWithPings creates a new SPDY client connection. -// -// If pingPeriod is non-zero, a background goroutine will send periodic Ping -// frames to the server. Use this to keep idle connections through certain load -// balancers alive longer. -func NewClientConnectionWithPings(conn net.Conn, pingPeriod time.Duration) (httpstream.Connection, error) { - spdyConn, err := spdystream.NewConnection(conn, false) - if err != nil { - defer conn.Close() - return nil, err - } - - return newConnection(spdyConn, httpstream.NoOpNewStreamHandler, pingPeriod, spdyConn.Ping), nil -} - -// NewServerConnection creates a new SPDY server connection. newStreamHandler -// will be invoked when the server receives a newly created stream from the -// client. -func NewServerConnection(conn net.Conn, newStreamHandler httpstream.NewStreamHandler) (httpstream.Connection, error) { - return NewServerConnectionWithPings(conn, newStreamHandler, 0) -} - -// NewServerConnectionWithPings creates a new SPDY server connection. -// newStreamHandler will be invoked when the server receives a newly created -// stream from the client. -// -// If pingPeriod is non-zero, a background goroutine will send periodic Ping -// frames to the server. Use this to keep idle connections through certain load -// balancers alive longer. -func NewServerConnectionWithPings(conn net.Conn, newStreamHandler httpstream.NewStreamHandler, pingPeriod time.Duration) (httpstream.Connection, error) { - spdyConn, err := spdystream.NewConnection(conn, true) - if err != nil { - defer conn.Close() - return nil, err - } - - return newConnection(spdyConn, newStreamHandler, pingPeriod, spdyConn.Ping), nil -} - -// newConnection returns a new connection wrapping conn. newStreamHandler -// will be invoked when the server receives a newly created stream from the -// client. -func newConnection(conn *spdystream.Connection, newStreamHandler httpstream.NewStreamHandler, pingPeriod time.Duration, pingFn func() (time.Duration, error)) httpstream.Connection { - c := &connection{conn: conn, newStreamHandler: newStreamHandler, ping: pingFn} - go conn.Serve(c.newSpdyStream) - if pingPeriod > 0 && pingFn != nil { - go c.sendPings(pingPeriod) - } - return c -} - -// createStreamResponseTimeout indicates how long to wait for the other side to -// acknowledge the new stream before timing out. -const createStreamResponseTimeout = 30 * time.Second - -// Close first sends a reset for all of the connection's streams, and then -// closes the underlying spdystream.Connection. -func (c *connection) Close() error { - c.streamLock.Lock() - for _, s := range c.streams { - // calling Reset instead of Close ensures that all streams are fully torn down - s.Reset() - } - c.streams = make([]httpstream.Stream, 0) - c.streamLock.Unlock() - - // now that all streams are fully torn down, it's safe to call close on the underlying connection, - // which should be able to terminate immediately at this point, instead of waiting for any - // remaining graceful stream termination. - return c.conn.Close() -} - -// CreateStream creates a new stream with the specified headers and registers -// it with the connection. -func (c *connection) CreateStream(headers http.Header) (httpstream.Stream, error) { - stream, err := c.conn.CreateStream(headers, nil, false) - if err != nil { - return nil, err - } - if err = stream.WaitTimeout(createStreamResponseTimeout); err != nil { - return nil, err - } - - c.registerStream(stream) - return stream, nil -} - -// registerStream adds the stream s to the connection's list of streams that -// it owns. -func (c *connection) registerStream(s httpstream.Stream) { - c.streamLock.Lock() - c.streams = append(c.streams, s) - c.streamLock.Unlock() -} - -// CloseChan returns a channel that, when closed, indicates that the underlying -// spdystream.Connection has been closed. -func (c *connection) CloseChan() <-chan bool { - return c.conn.CloseChan() -} - -// newSpdyStream is the internal new stream handler used by spdystream.Connection.Serve. -// It calls connection's newStreamHandler, giving it the opportunity to accept or reject -// the stream. If newStreamHandler returns an error, the stream is rejected. If not, the -// stream is accepted and registered with the connection. -func (c *connection) newSpdyStream(stream *spdystream.Stream) { - replySent := make(chan struct{}) - err := c.newStreamHandler(stream, replySent) - rejectStream := (err != nil) - if rejectStream { - klog.Warningf("Stream rejected: %v", err) - stream.Reset() - return - } - - c.registerStream(stream) - stream.SendReply(http.Header{}, rejectStream) - close(replySent) -} - -// SetIdleTimeout sets the amount of time the connection may remain idle before -// it is automatically closed. -func (c *connection) SetIdleTimeout(timeout time.Duration) { - c.conn.SetIdleTimeout(timeout) -} - -func (c *connection) sendPings(period time.Duration) { - t := time.NewTicker(period) - defer t.Stop() - for { - select { - case <-c.conn.CloseChan(): - return - case <-t.C: - } - if _, err := c.ping(); err != nil { - klog.V(3).Infof("SPDY Ping failed: %v", err) - // Continue, in case this is a transient failure. - // c.conn.CloseChan above will tell us when the connection is - // actually closed. - } - } -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go deleted file mode 100644 index 4cb1cfadc..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go +++ /dev/null @@ -1,369 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "bufio" - "bytes" - "context" - "crypto/tls" - "encoding/base64" - "fmt" - "io" - "io/ioutil" - "net" - "net/http" - "net/http/httputil" - "net/url" - "strings" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/httpstream" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/third_party/forked/golang/netutil" -) - -// SpdyRoundTripper knows how to upgrade an HTTP request to one that supports -// multiplexed streams. After RoundTrip() is invoked, Conn will be set -// and usable. SpdyRoundTripper implements the UpgradeRoundTripper interface. -type SpdyRoundTripper struct { - //tlsConfig holds the TLS configuration settings to use when connecting - //to the remote server. - tlsConfig *tls.Config - - /* TODO according to http://golang.org/pkg/net/http/#RoundTripper, a RoundTripper - must be safe for use by multiple concurrent goroutines. If this is absolutely - necessary, we could keep a map from http.Request to net.Conn. In practice, - a client will create an http.Client, set the transport to a new insteace of - SpdyRoundTripper, and use it a single time, so this hopefully won't be an issue. - */ - // conn is the underlying network connection to the remote server. - conn net.Conn - - // Dialer is the dialer used to connect. Used if non-nil. - Dialer *net.Dialer - - // proxier knows which proxy to use given a request, defaults to http.ProxyFromEnvironment - // Used primarily for mocking the proxy discovery in tests. - proxier func(req *http.Request) (*url.URL, error) - - // followRedirects indicates if the round tripper should examine responses for redirects and - // follow them. - followRedirects bool - // requireSameHostRedirects restricts redirect following to only follow redirects to the same host - // as the original request. - requireSameHostRedirects bool - // pingPeriod is a period for sending Ping frames over established - // connections. - pingPeriod time.Duration -} - -var _ utilnet.TLSClientConfigHolder = &SpdyRoundTripper{} -var _ httpstream.UpgradeRoundTripper = &SpdyRoundTripper{} -var _ utilnet.Dialer = &SpdyRoundTripper{} - -// NewRoundTripper creates a new SpdyRoundTripper that will use the specified -// tlsConfig. -func NewRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) *SpdyRoundTripper { - return NewRoundTripperWithConfig(RoundTripperConfig{ - TLS: tlsConfig, - FollowRedirects: followRedirects, - RequireSameHostRedirects: requireSameHostRedirects, - }) -} - -// NewRoundTripperWithProxy creates a new SpdyRoundTripper that will use the -// specified tlsConfig and proxy func. -func NewRoundTripperWithProxy(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool, proxier func(*http.Request) (*url.URL, error)) *SpdyRoundTripper { - return NewRoundTripperWithConfig(RoundTripperConfig{ - TLS: tlsConfig, - FollowRedirects: followRedirects, - RequireSameHostRedirects: requireSameHostRedirects, - Proxier: proxier, - }) -} - -// NewRoundTripperWithProxy creates a new SpdyRoundTripper with the specified -// configuration. -func NewRoundTripperWithConfig(cfg RoundTripperConfig) *SpdyRoundTripper { - if cfg.Proxier == nil { - cfg.Proxier = utilnet.NewProxierWithNoProxyCIDR(http.ProxyFromEnvironment) - } - return &SpdyRoundTripper{ - tlsConfig: cfg.TLS, - followRedirects: cfg.FollowRedirects, - requireSameHostRedirects: cfg.RequireSameHostRedirects, - proxier: cfg.Proxier, - pingPeriod: cfg.PingPeriod, - } -} - -// RoundTripperConfig is a set of options for an SpdyRoundTripper. -type RoundTripperConfig struct { - // TLS configuration used by the round tripper. - TLS *tls.Config - // Proxier is a proxy function invoked on each request. Optional. - Proxier func(*http.Request) (*url.URL, error) - // PingPeriod is a period for sending SPDY Pings on the connection. - // Optional. - PingPeriod time.Duration - - FollowRedirects bool - RequireSameHostRedirects bool -} - -// TLSClientConfig implements pkg/util/net.TLSClientConfigHolder for proper TLS checking during -// proxying with a spdy roundtripper. -func (s *SpdyRoundTripper) TLSClientConfig() *tls.Config { - return s.tlsConfig -} - -// Dial implements k8s.io/apimachinery/pkg/util/net.Dialer. -func (s *SpdyRoundTripper) Dial(req *http.Request) (net.Conn, error) { - conn, err := s.dial(req) - if err != nil { - return nil, err - } - - if err := req.Write(conn); err != nil { - conn.Close() - return nil, err - } - - return conn, nil -} - -// dial dials the host specified by req, using TLS if appropriate, optionally -// using a proxy server if one is configured via environment variables. -func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { - proxyURL, err := s.proxier(req) - if err != nil { - return nil, err - } - - if proxyURL == nil { - return s.dialWithoutProxy(req.Context(), req.URL) - } - - // ensure we use a canonical host with proxyReq - targetHost := netutil.CanonicalAddr(req.URL) - - // proxying logic adapted from http://blog.h6t.eu/post/74098062923/golang-websocket-with-http-proxy-support - proxyReq := http.Request{ - Method: "CONNECT", - URL: &url.URL{}, - Host: targetHost, - } - - if pa := s.proxyAuth(proxyURL); pa != "" { - proxyReq.Header = http.Header{} - proxyReq.Header.Set("Proxy-Authorization", pa) - } - - proxyDialConn, err := s.dialWithoutProxy(req.Context(), proxyURL) - if err != nil { - return nil, err - } - - proxyClientConn := httputil.NewProxyClientConn(proxyDialConn, nil) - _, err = proxyClientConn.Do(&proxyReq) - if err != nil && err != httputil.ErrPersistEOF { - return nil, err - } - - rwc, _ := proxyClientConn.Hijack() - - if req.URL.Scheme != "https" { - return rwc, nil - } - - host, _, err := net.SplitHostPort(targetHost) - if err != nil { - return nil, err - } - - tlsConfig := s.tlsConfig - switch { - case tlsConfig == nil: - tlsConfig = &tls.Config{ServerName: host} - case len(tlsConfig.ServerName) == 0: - tlsConfig = tlsConfig.Clone() - tlsConfig.ServerName = host - } - - tlsConn := tls.Client(rwc, tlsConfig) - - // need to manually call Handshake() so we can call VerifyHostname() below - if err := tlsConn.Handshake(); err != nil { - return nil, err - } - - // Return if we were configured to skip validation - if tlsConfig.InsecureSkipVerify { - return tlsConn, nil - } - - if err := tlsConn.VerifyHostname(tlsConfig.ServerName); err != nil { - return nil, err - } - - return tlsConn, nil -} - -// dialWithoutProxy dials the host specified by url, using TLS if appropriate. -func (s *SpdyRoundTripper) dialWithoutProxy(ctx context.Context, url *url.URL) (net.Conn, error) { - dialAddr := netutil.CanonicalAddr(url) - - if url.Scheme == "http" { - if s.Dialer == nil { - var d net.Dialer - return d.DialContext(ctx, "tcp", dialAddr) - } else { - return s.Dialer.DialContext(ctx, "tcp", dialAddr) - } - } - - // TODO validate the TLSClientConfig is set up? - var conn *tls.Conn - var err error - if s.Dialer == nil { - conn, err = tls.Dial("tcp", dialAddr, s.tlsConfig) - } else { - conn, err = tls.DialWithDialer(s.Dialer, "tcp", dialAddr, s.tlsConfig) - } - if err != nil { - return nil, err - } - - // Return if we were configured to skip validation - if s.tlsConfig != nil && s.tlsConfig.InsecureSkipVerify { - return conn, nil - } - - host, _, err := net.SplitHostPort(dialAddr) - if err != nil { - return nil, err - } - if s.tlsConfig != nil && len(s.tlsConfig.ServerName) > 0 { - host = s.tlsConfig.ServerName - } - err = conn.VerifyHostname(host) - if err != nil { - return nil, err - } - - return conn, nil -} - -// proxyAuth returns, for a given proxy URL, the value to be used for the Proxy-Authorization header -func (s *SpdyRoundTripper) proxyAuth(proxyURL *url.URL) string { - if proxyURL == nil || proxyURL.User == nil { - return "" - } - credentials := proxyURL.User.String() - encodedAuth := base64.StdEncoding.EncodeToString([]byte(credentials)) - return fmt.Sprintf("Basic %s", encodedAuth) -} - -// RoundTrip executes the Request and upgrades it. After a successful upgrade, -// clients may call SpdyRoundTripper.Connection() to retrieve the upgraded -// connection. -func (s *SpdyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - header := utilnet.CloneHeader(req.Header) - header.Add(httpstream.HeaderConnection, httpstream.HeaderUpgrade) - header.Add(httpstream.HeaderUpgrade, HeaderSpdy31) - - var ( - conn net.Conn - rawResponse []byte - err error - ) - - if s.followRedirects { - conn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, req.URL, header, req.Body, s, s.requireSameHostRedirects) - } else { - clone := utilnet.CloneRequest(req) - clone.Header = header - conn, err = s.Dial(clone) - } - if err != nil { - return nil, err - } - - responseReader := bufio.NewReader( - io.MultiReader( - bytes.NewBuffer(rawResponse), - conn, - ), - ) - - resp, err := http.ReadResponse(responseReader, nil) - if err != nil { - if conn != nil { - conn.Close() - } - return nil, err - } - - s.conn = conn - - return resp, nil -} - -// NewConnection validates the upgrade response, creating and returning a new -// httpstream.Connection if there were no errors. -func (s *SpdyRoundTripper) NewConnection(resp *http.Response) (httpstream.Connection, error) { - connectionHeader := strings.ToLower(resp.Header.Get(httpstream.HeaderConnection)) - upgradeHeader := strings.ToLower(resp.Header.Get(httpstream.HeaderUpgrade)) - if (resp.StatusCode != http.StatusSwitchingProtocols) || !strings.Contains(connectionHeader, strings.ToLower(httpstream.HeaderUpgrade)) || !strings.Contains(upgradeHeader, strings.ToLower(HeaderSpdy31)) { - defer resp.Body.Close() - responseError := "" - responseErrorBytes, err := ioutil.ReadAll(resp.Body) - if err != nil { - responseError = "unable to read error from server response" - } else { - // TODO: I don't belong here, I should be abstracted from this class - if obj, _, err := statusCodecs.UniversalDecoder().Decode(responseErrorBytes, nil, &metav1.Status{}); err == nil { - if status, ok := obj.(*metav1.Status); ok { - return nil, &apierrors.StatusError{ErrStatus: *status} - } - } - responseError = string(responseErrorBytes) - responseError = strings.TrimSpace(responseError) - } - - return nil, fmt.Errorf("unable to upgrade connection: %s", responseError) - } - - return NewClientConnectionWithPings(s.conn, s.pingPeriod) -} - -// statusScheme is private scheme for the decoding here until someone fixes the TODO in NewConnection -var statusScheme = runtime.NewScheme() - -// ParameterCodec knows about query parameters used with the meta v1 API spec. -var statusCodecs = serializer.NewCodecFactory(statusScheme) - -func init() { - statusScheme.AddUnversionedTypes(metav1.SchemeGroupVersion, - &metav1.Status{}, - ) -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go deleted file mode 100644 index f17eb09e9..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "bufio" - "fmt" - "io" - "net" - "net/http" - "strings" - "sync/atomic" - "time" - - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/apimachinery/pkg/util/runtime" -) - -const HeaderSpdy31 = "SPDY/3.1" - -// responseUpgrader knows how to upgrade HTTP responses. It -// implements the httpstream.ResponseUpgrader interface. -type responseUpgrader struct { - pingPeriod time.Duration -} - -// connWrapper is used to wrap a hijacked connection and its bufio.Reader. All -// calls will be handled directly by the underlying net.Conn with the exception -// of Read and Close calls, which will consider data in the bufio.Reader. This -// ensures that data already inside the used bufio.Reader instance is also -// read. -type connWrapper struct { - net.Conn - closed int32 - bufReader *bufio.Reader -} - -func (w *connWrapper) Read(b []byte) (n int, err error) { - if atomic.LoadInt32(&w.closed) == 1 { - return 0, io.EOF - } - return w.bufReader.Read(b) -} - -func (w *connWrapper) Close() error { - err := w.Conn.Close() - atomic.StoreInt32(&w.closed, 1) - return err -} - -// NewResponseUpgrader returns a new httpstream.ResponseUpgrader that is -// capable of upgrading HTTP responses using SPDY/3.1 via the -// spdystream package. -func NewResponseUpgrader() httpstream.ResponseUpgrader { - return NewResponseUpgraderWithPings(0) -} - -// NewResponseUpgraderWithPings returns a new httpstream.ResponseUpgrader that -// is capable of upgrading HTTP responses using SPDY/3.1 via the spdystream -// package. -// -// If pingPeriod is non-zero, for each incoming connection a background -// goroutine will send periodic Ping frames to the server. Use this to keep -// idle connections through certain load balancers alive longer. -func NewResponseUpgraderWithPings(pingPeriod time.Duration) httpstream.ResponseUpgrader { - return responseUpgrader{pingPeriod: pingPeriod} -} - -// UpgradeResponse upgrades an HTTP response to one that supports multiplexed -// streams. newStreamHandler will be called synchronously whenever the -// other end of the upgraded connection creates a new stream. -func (u responseUpgrader) UpgradeResponse(w http.ResponseWriter, req *http.Request, newStreamHandler httpstream.NewStreamHandler) httpstream.Connection { - connectionHeader := strings.ToLower(req.Header.Get(httpstream.HeaderConnection)) - upgradeHeader := strings.ToLower(req.Header.Get(httpstream.HeaderUpgrade)) - if !strings.Contains(connectionHeader, strings.ToLower(httpstream.HeaderUpgrade)) || !strings.Contains(upgradeHeader, strings.ToLower(HeaderSpdy31)) { - errorMsg := fmt.Sprintf("unable to upgrade: missing upgrade headers in request: %#v", req.Header) - http.Error(w, errorMsg, http.StatusBadRequest) - return nil - } - - hijacker, ok := w.(http.Hijacker) - if !ok { - errorMsg := fmt.Sprintf("unable to upgrade: unable to hijack response") - http.Error(w, errorMsg, http.StatusInternalServerError) - return nil - } - - w.Header().Add(httpstream.HeaderConnection, httpstream.HeaderUpgrade) - w.Header().Add(httpstream.HeaderUpgrade, HeaderSpdy31) - w.WriteHeader(http.StatusSwitchingProtocols) - - conn, bufrw, err := hijacker.Hijack() - if err != nil { - runtime.HandleError(fmt.Errorf("unable to upgrade: error hijacking response: %v", err)) - return nil - } - - connWithBuf := &connWrapper{Conn: conn, bufReader: bufrw.Reader} - spdyConn, err := NewServerConnectionWithPings(connWithBuf, newStreamHandler, u.pingPeriod) - if err != nil { - runtime.HandleError(fmt.Errorf("unable to upgrade: error creating SPDY server connection: %v", err)) - return nil - } - - return spdyConn -} |