This is defined separately in slim builds to avoid importing the rbac package, which is a large dependency.
(ctx context.Context, rw http.ResponseWriter)
| 20 | // This is defined separately in slim builds to avoid importing the rbac |
| 21 | // package, which is a large dependency. |
| 22 | func SetAuthzCheckRecorderHeader(ctx context.Context, rw http.ResponseWriter) { |
| 23 | if rec, ok := rbac.GetAuthzCheckRecorder(ctx); ok { |
| 24 | // If you're here because you saw this header in a response, and you're |
| 25 | // trying to investigate the code, here are a couple of notable things |
| 26 | // for you to know: |
| 27 | // - If any of the checks are `false`, they might not represent the whole |
| 28 | // picture. There could be additional checks that weren't performed, |
| 29 | // because processing stopped after the failure. |
| 30 | // - The checks are recorded by the `authzRecorder` type, which is |
| 31 | // configured on server startup for development and testing builds. |
| 32 | // - If this header is missing from a response, make sure the response is |
| 33 | // being written by calling `httpapi.Write`! |
| 34 | checks := rec.String() |
| 35 | if len(checks) > maxHeaderLength { |
| 36 | checks = checks[:maxHeaderLength] |
| 37 | checks += "<truncated>" |
| 38 | } |
| 39 | rw.Header().Set("x-authz-checks", checks) |
| 40 | } |
| 41 | } |
no test coverage detected