kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add missing UID in SubjectAccessReviewSpec 

WebhookAuthorizer's Authorize should send *all* the information
present in the user.Info data structure. We are not sending the
UID currently.

Kubernetes-commit: 9a761b16c1558106800222dbc52f6ab03c40c64c
This commit is contained in:
Davanum Srinivas 2017-07-26 21:34:11 -04:00 committed by Kubernetes Publisher
parent 2c66dfcbee
commit 7d27fa3fec
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugin/pkg/authorizer/webhook/webhook.go
View File

@ -144,6 +144,7 @@ func (w *WebhookAuthorizer) Authorize(attr authorizer.Attributes) (authorized bo
if user := attr.GetUser(); user != nil { if user := attr.GetUser(); user != nil {
r.Spec = authorization.SubjectAccessReviewSpec{ r.Spec = authorization.SubjectAccessReviewSpec{
User: user.GetName(), User: user.GetName(),
UID: user.GetUID(),
Groups: user.GetGroups(), Groups: user.GetGroups(),
Extra: convertToSARExtra(user.GetExtra()), Extra: convertToSARExtra(user.GetExtra()),
} }

1
plugin/pkg/authorizer/webhook/webhook_test.go
View File

@ -505,6 +505,7 @@ func TestWebhook(t *testing.T) {
TypeMeta: expTypeMeta, TypeMeta: expTypeMeta,
Spec: v1beta1.SubjectAccessReviewSpec{ Spec: v1beta1.SubjectAccessReviewSpec{
User: "jane", User: "jane",
UID: "1",
Groups: []string{"group1", "group2"}, Groups: []string{"group1", "group2"},
ResourceAttributes: &v1beta1.ResourceAttributes{ ResourceAttributes: &v1beta1.ResourceAttributes{
Verb: "GET", Verb: "GET",