kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make admin user in token auth have the same group (system:masters) as basic auth. 

this should fix https://github.com/kubernetes/kops/issues/4369
This commit is contained in:
Touch Ungboriboonpisal 2018-03-04 16:46:17 -08:00
parent 75cef70d58
commit eddf4ae7a0
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nodeup/pkg/model/secrets.go
View File

@ -34,6 +34,11 @@ type SecretBuilder struct {
var _ fi.ModelBuilder = &SecretBuilder{} var _ fi.ModelBuilder = &SecretBuilder{}
const (
adminUser = "admin"
adminGroup = "system:masters"
)
// Build is responsible for pulling down the secrets // Build is responsible for pulling down the secrets
func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error { func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
if b.KeyStore == nil { if b.KeyStore == nil {
@ -196,7 +201,7 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
if token == nil { if token == nil {
return fmt.Errorf("token not found: %q", key) return fmt.Errorf("token not found: %q", key)
} }
csv := string(token.Data) + ",admin,admin,system:masters" csv := string(token.Data) + "," + adminUser + "," + adminUser + "," + adminGroup
t := &nodetasks.File{ t := &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "basic_auth.csv"), Path: filepath.Join(b.PathSrvKubernetes(), "basic_auth.csv"),
@ -215,8 +220,12 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
var lines []string var lines []string
for id, token := range allTokens { for id, token := range allTokens {
if id == adminUser {
lines = append(lines, token+","+id+","+id+","+adminGroup)
} else {
lines = append(lines, token+","+id+","+id) lines = append(lines, token+","+id+","+id)
} }
}
csv := strings.Join(lines, "\n") csv := strings.Join(lines, "\n")
t := &nodetasks.File{ t := &nodetasks.File{