github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add '/version/*' to the system:discovery role, since that's what the open

Browse Source 
api spec says.
This commit is contained in:
Brendan Burns
2017-12-18 20:31:17 -08:00
parent cdbfff0773
commit ec53238901
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@@ -169,7 +169,7 @@ func ClusterRoles() []rbac.ClusterRole {
ObjectMeta: metav1.ObjectMeta{Name: "system:discovery"}, ObjectMeta: metav1.ObjectMeta{Name: "system:discovery"},
Rules: []rbac.PolicyRule{ Rules: []rbac.PolicyRule{
rbac.NewRule("get").URLs( rbac.NewRule("get").URLs(
"/healthz", "/version", "/healthz", "/version", "/version/*",
// remove once swagger 1.2 support is removed // remove once swagger 1.2 support is removed
"/swaggerapi", "/swaggerapi/*", "/swaggerapi", "/swaggerapi/*",
// do not expand this pattern for openapi discovery docs // do not expand this pattern for openapi discovery docs

1
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml vendored
View File

@@ -640,6 +640,7 @@ items:
- /swaggerapi - /swaggerapi
- /swaggerapi/* - /swaggerapi/*
- /version - /version
- /version/*
verbs: verbs:
- get - get
- apiVersion: rbac.authorization.k8s.io/v1 - apiVersion: rbac.authorization.k8s.io/v1