github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup auth logging, allow starting secured kubelet in local-up-cluster.sh

Browse Source
This commit is contained in:
Jordan Liggitt
2016-11-03 01:13:00 -04:00
parent c4eb04afa2
commit d3991aa7c6
4 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/genericapiserver/authorizer/authz.go
View File

@@ -84,7 +84,7 @@ func (r *privilegedGroupAuthorizer) Authorize(attr authorizer.Attributes) (bool,
}
}
}
return false, "Not in privileged list.", nil
return false, "", nil
}
// NewPrivilegedGroups is for use in loopback scenarios

6
pkg/kubelet/server/server.go
View File

@@ -223,15 +223,15 @@ func (s *Server) InstallAuthFilter() {
attrs := s.auth.GetRequestAttributes(u, req.Request)
// Authorize
authorized, reason, err := s.auth.Authorize(attrs)
authorized, _, err := s.auth.Authorize(attrs)
if err != nil {
msg := fmt.Sprintf("Error (user=%s, verb=%s, namespace=%s, resource=%s)", u.GetName(), attrs.GetVerb(), attrs.GetNamespace(), attrs.GetResource())
msg := fmt.Sprintf("Authorization error (user=%s, verb=%s, resource=%s, subresource=%s)", u.GetName(), attrs.GetVerb(), attrs.GetResource(), attrs.GetSubresource())
glog.Errorf(msg, err)
resp.WriteErrorString(http.StatusInternalServerError, msg)
return
}
if !authorized {
msg := fmt.Sprintf("Forbidden (reason=%s, user=%s, verb=%s, namespace=%s, resource=%s)", reason, u.GetName(), attrs.GetVerb(), attrs.GetNamespace(), attrs.GetResource())
msg := fmt.Sprintf("Forbidden (user=%s, verb=%s, resource=%s, subresource=%s)", u.GetName(), attrs.GetVerb(), attrs.GetResource(), attrs.GetSubresource())
glog.V(2).Info(msg)
resp.WriteErrorString(http.StatusForbidden, msg)
return