From 3dc9519ac3730c06df10ebfacac17fae5de0f628 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Mon, 20 Aug 2018 15:36:39 -0400
Subject: [PATCH] limit forbidden error to details of what was forbidden

Kubernetes-commit: ecbd0137957b4afd4cdd94c0209998228fd70e99
---
 pkg/endpoints/filters/authorization.go | 2 +-
 pkg/endpoints/filters/impersonation.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/endpoints/filters/authorization.go b/pkg/endpoints/filters/authorization.go
index 4c9f140ca..998c05bcf 100644
--- a/pkg/endpoints/filters/authorization.go
+++ b/pkg/endpoints/filters/authorization.go
@@ -73,7 +73,7 @@ func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.
 		glog.V(4).Infof("Forbidden: %#v, Reason: %q", req.RequestURI, reason)
 		audit.LogAnnotation(ae, decisionAnnotationKey, decisionForbid)
 		audit.LogAnnotation(ae, reasonAnnotationKey, reason)
-		responsewriters.Forbidden(ctx, attributes, w, req, reason, s)
+		responsewriters.Forbidden(ctx, attributes, w, req, "", s)
 	})
 }
 
diff --git a/pkg/endpoints/filters/impersonation.go b/pkg/endpoints/filters/impersonation.go
index 726cbe4d5..38414a6af 100644
--- a/pkg/endpoints/filters/impersonation.go
+++ b/pkg/endpoints/filters/impersonation.go
@@ -110,7 +110,7 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.
 			decision, reason, err := a.Authorize(actingAsAttributes)
 			if err != nil || decision != authorizer.DecisionAllow {
 				glog.V(4).Infof("Forbidden: %#v, Reason: %s, Error: %v", req.RequestURI, reason, err)
-				responsewriters.Forbidden(ctx, actingAsAttributes, w, req, reason, s)
+				responsewriters.Forbidden(ctx, actingAsAttributes, w, req, "", s)
 				return
 			}
 		}