From 1534cbf1fa4219b2fc0b025e1775d19b6d3001da Mon Sep 17 00:00:00 2001
From: CJ Cullen <cjcullen@google.com>
Date: Wed, 15 Mar 2017 13:28:18 -0700
Subject: [PATCH] Add abac_authorization_file local var to allow
 ABAC_AUTHZ_FILE to be set outside the script.

---
 cluster/gce/gci/configure-helper.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index ebeca130437..1008f299a88 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1108,9 +1108,9 @@ function start-kube-apiserver {
 
   # Load existing ABAC policy files written by versions < 1.6 of this script
   # TODO: only default to this legacy path when in upgrade mode
-  ABAC_AUTHZ_FILE="${ABAC_AUTHZ_FILE:-/etc/srv/kubernetes/abac-authz-policy.jsonl}"
-  if [[ -n "${ABAC_AUTHZ_FILE:-}" && -e "${ABAC_AUTHZ_FILE}" ]]; then
-    params+=" --authorization-policy-file=${ABAC_AUTHZ_FILE}"
+  local abac_authorization_file="${ABAC_AUTHZ_FILE:-/etc/srv/kubernetes/abac-authz-policy.jsonl}"
+  if [[ -n "${abac_authorization_file:-}" && -e "${abac_authorization_file}" ]]; then
+    params+=" --authorization-policy-file=${abac_authorization_file}"
     authorization_mode+=",ABAC"
   fi
   local webhook_config_mount=""