Merge pull request #67617 from liggitt/authz-details
Automatic merge from submit-queue (batch tested with PRs 67493, 67617, 67582, 67337). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. limit forbidden error to details of what was forbidden cleans up output from https://github.com/kubernetes/kubernetes/pull/65906#discussion_r210048853 /assign @smarterclayton ```release-note NONE ```
This commit is contained in:
		| @@ -73,7 +73,7 @@ func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime. | ||||
| 		glog.V(4).Infof("Forbidden: %#v, Reason: %q", req.RequestURI, reason) | ||||
| 		audit.LogAnnotation(ae, decisionAnnotationKey, decisionForbid) | ||||
| 		audit.LogAnnotation(ae, reasonAnnotationKey, reason) | ||||
| 		responsewriters.Forbidden(ctx, attributes, w, req, reason, s) | ||||
| 		responsewriters.Forbidden(ctx, attributes, w, req, "", s) | ||||
| 	}) | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -110,7 +110,7 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime. | ||||
| 			decision, reason, err := a.Authorize(actingAsAttributes) | ||||
| 			if err != nil || decision != authorizer.DecisionAllow { | ||||
| 				glog.V(4).Infof("Forbidden: %#v, Reason: %s, Error: %v", req.RequestURI, reason, err) | ||||
| 				responsewriters.Forbidden(ctx, actingAsAttributes, w, req, reason, s) | ||||
| 				responsewriters.Forbidden(ctx, actingAsAttributes, w, req, "", s) | ||||
| 				return | ||||
| 			} | ||||
| 		} | ||||
|   | ||||
| @@ -175,7 +175,7 @@ func TestStatus(t *testing.T) { | ||||
| 			statusCode:   http.StatusForbidden, | ||||
| 			reqPath:      "/apis", | ||||
| 			reason:       "Forbidden", | ||||
| 			message:      `forbidden: User "" cannot get path "/apis": Everything is forbidden.`, | ||||
| 			message:      `forbidden: User "" cannot get path "/apis"`, | ||||
| 		}, | ||||
| 		{ | ||||
| 			name:         "401", | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Kubernetes Submit Queue
					Kubernetes Submit Queue