github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

extend err info when authorize failed

Browse Source
This commit is contained in:
xilabao
2016-11-28 14:36:14 +08:00
parent f87edaacac
commit 2a77353164
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/pkg/auth/authorizer/rbac/rbac.go
View File

@@ -18,6 +18,7 @@ limitations under the License.
package rbac
import (
"fmt"
"github.com/golang/glog"
"k8s.io/kubernetes/pkg/apis/rbac"
@@ -47,7 +48,7 @@ func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (boo
glog.V(2).Infof("RBAC DENY: user %q groups %v cannot %q on \"%v.%v/%v\"", requestAttributes.GetUser().GetName(), requestAttributes.GetUser().GetGroups(),
requestAttributes.GetVerb(), requestAttributes.GetResource(), requestAttributes.GetAPIGroup(), requestAttributes.GetSubresource())
return false, "", ruleResolutionError
return false, fmt.Sprintf("%v", ruleResolutionError), nil
}
func New(roles validation.RoleGetter, roleBindings validation.RoleBindingLister, clusterRoles validation.ClusterRoleGetter, clusterRoleBindings validation.ClusterRoleBindingLister) *RBACAuthorizer {