github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #34848 from deads2k/rbac-16-fix-authorization-filter 

Automatic merge from submit-queue

you can be authorized and have a failure

Fix the authorization filter to allow you through and to avoid showing internal errors to users when authorization failed.
pull/6/head
Kubernetes Submit Queue 2016-10-15 13:00:25 -07:00 committed by GitHub
parent c32a05333b a8b471491b
commit b988eed233
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/apiserver/filters/authorization.go
View File

@ -40,16 +40,17 @@ func WithAuthorization(handler http.Handler, getAttribs RequestAttributeGetter,
return return
} }
authorized, reason, err := a.Authorize(attrs) authorized, reason, err := a.Authorize(attrs)
if authorized {
handler.ServeHTTP(w, req)
return
}
if err != nil { if err != nil {
internalError(w, req, err) internalError(w, req, err)
return return
} }
if !authorized {
glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason) glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
forbidden(w, req) forbidden(w, req)
return
}
handler.ServeHTTP(w, req)
}) })
} }