From 5619c71eb0b9fae13c831d92797da9427094518f Mon Sep 17 00:00:00 2001
From: xueqzhan <kenzhang@redhat.com>
Date: Thu, 1 Sep 2022 11:58:51 -0400
Subject: [PATCH] Add DisableAnonymous to DelegatingAuthenticationOptions

---
 .../k8s.io/apiserver/pkg/server/options/authentication.go    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
index 8ff771af080..296d8530e00 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
@@ -202,6 +202,9 @@ type DelegatingAuthenticationOptions struct {
 
 	// CustomRoundTripperFn allows for specifying a middleware function for custom HTTP behaviour for the authentication webhook client.
 	CustomRoundTripperFn transport.WrapperFunc
+
+	// DisableAnonymous gives user an option to disable Anonymous authentication.
+	DisableAnonymous bool
 }
 
 func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions {
@@ -283,7 +286,7 @@ func (s *DelegatingAuthenticationOptions) ApplyTo(authenticationInfo *server.Aut
 	}
 
 	cfg := authenticatorfactory.DelegatingAuthenticatorConfig{
-		Anonymous:                true,
+		Anonymous:                !s.DisableAnonymous,
 		CacheTTL:                 s.CacheTTL,
 		WebhookRetryBackoff:      s.WebhookRetryBackoff,
 		TokenAccessReviewTimeout: s.TokenRequestTimeout,