github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improve multi-authorizer errors

pull/8/head
Jordan Liggitt 2018-07-06 10:55:17 -04:00
parent 91b729342d
commit 1c012f1c49
No known key found for this signature in database
GPG Key ID: 39928704103C7229
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/auth/authorizer/abac/abac.go
View File

@ -227,7 +227,7 @@ func (pl policyList) Authorize(a authorizer.Attributes) (authorizer.Decision, st
return authorizer.DecisionAllow, "", nil
}
}
return authorizer.DecisionNoOpinion, "No policy matched.", nil
return authorizer.DecisionNoOpinion, "no ABAC policy matched", nil
// TODO: Benchmark how much time policy matching takes with a medium size
// policy file, compared to other steps such as encoding/decoding.
// Then, add Caching only if needed.

2
plugin/pkg/auth/authorizer/rbac/rbac.go
View File

@ -121,6 +121,8 @@ func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (aut
reason := ""
if len(ruleCheckingVisitor.errors) > 0 {
reason = fmt.Sprintf("RBAC: %v", utilerrors.NewAggregate(ruleCheckingVisitor.errors))
} else {
reason = "no RBAC policy matched"
}
return authorizer.DecisionNoOpinion, reason, nil
}