Merge pull request #66083 from jennybuckley/connect-dry-run

Automatic merge from submit-queue (batch tested with PRs 66512, 66946, 66083). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Explicitly disable dry run for connect **What this PR does / why we need it**: It isn't clear whether or not dry run would work on connect. I think we should explicitly disable it so no one can try to dry run a connect request and accidentally open a connection. **Release note**: ```release-note kube-apiserver: setting a `dryRun` query parameter on a CONNECT request will now cause the request to be rejected, consistent with behavior of other mutating API requests. Examples of CONNECT APIs are the `nodes/proxy`, `services/proxy`, `pods/proxy`, `pods/exec`, and `pods/attach` subresources. Note that this prevents sending a `dryRun` parameter to backends via `{nodes,services,pods}/proxy` subresources. ```
2018-08-06 19:44:07 -07:00 · 2018-08-06 19:44:07 -07:00 · e69cc51a83
parent 60ac433922 702937ac86
commit e69cc51a83
1 changed files with 5 additions and 0 deletions
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/rest.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/rest.go
@ -98,6 +98,11 @@ func (scope *RequestScope) AllowsStreamSchema(s string) bool {
 // ConnectResource returns a function that handles a connect request on a rest.Storage object.
 func ConnectResource(connecter rest.Connecter, scope RequestScope, admit admission.Interface, restPath string, isSubresource bool) http.HandlerFunc {
 	return func(w http.ResponseWriter, req *http.Request) {
+		if isDryRun(req.URL) {
+			scope.err(errors.NewBadRequest("dryRun is not supported"), w, req)
+			return
+		}
+
 		namespace, name, err := scope.Namer.Name(req)
 		if err != nil {
 			scope.err(err, w, req)