fix(k8s): EE-1631: backport fixes for API proxy (#5608)

* fix(k8s): EE-1585: the K8s API uses other mediatypes, so we can't rely on parsing JSON bodies for security. Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> * fix(k8s): EE-1511 add striped prefix back to location header if response status is 301 moved permanently Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> * feat(k8s): EE-1631:improve the secrets handling by removing un-necessary code Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2025-07-25 08:19:40 +02:00 · 2021-09-27 13:16:17 +10:00 · 2021-09-27 13:16:17 +10:00 · 9c80501738
commit 9c80501738
parent 377326085d
2 changed files with 12 additions and 172 deletions
--- a/api/http/proxy/factory/kubernetes/transport.go
+++ b/api/http/proxy/factory/kubernetes/transport.go
@ -66,8 +66,6 @@ func (transport *baseTransport) proxyNamespacedRequest(request *http.Request, fu
 	}

 	switch {
-	case strings.HasPrefix(requestPath, "secrets"):
-		return transport.proxySecretRequest(request, namespace, requestPath)
 	case requestPath == "" && request.Method == "DELETE":
 		return transport.proxyNamespaceDeleteOperation(request, namespace)
 	default:
@ -79,6 +77,18 @@ func (transport *baseTransport) executeKubernetesRequest(request *http.Request)

 	resp, err := transport.httpTransport.RoundTrip(request)

+	// This fix was made to resolve a k8s e2e test, more detailed investigation should be done later.
+	if err == nil && resp.StatusCode == http.StatusMovedPermanently {
+		oldLocation := resp.Header.Get("Location")
+		if oldLocation != "" {
+			stripedPrefix := strings.TrimSuffix(request.RequestURI, request.URL.Path)
+			// local proxy strips "/kubernetes" but agent proxy and edge agent proxy do not
+			stripedPrefix = strings.TrimSuffix(stripedPrefix, "/kubernetes")
+			newLocation := stripedPrefix + "/kubernetes" + oldLocation
+			resp.Header.Set("Location", newLocation)
+		}
+	}
+
 	return resp, err
 }