From 294e02ed4b341fe9497cdfadb93cf19f1e64243f Mon Sep 17 00:00:00 2001
From: Samuel Davidson <samueldavidson@google.com>
Date: Fri, 26 Oct 2018 15:58:09 -0700
Subject: [PATCH] Revert "limit forbidden error to details of what was
 forbidden"

This reverts commit ecbd0137957b4afd4cdd94c0209998228fd70e99.
---
 .../src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go | 2 +-
 .../src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go | 2 +-
 test/integration/master/synthetic_master_test.go                | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go
index 998c05bcf73..4c9f140ca30 100644
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go
@@ -73,7 +73,7 @@ func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.
 		glog.V(4).Infof("Forbidden: %#v, Reason: %q", req.RequestURI, reason)
 		audit.LogAnnotation(ae, decisionAnnotationKey, decisionForbid)
 		audit.LogAnnotation(ae, reasonAnnotationKey, reason)
-		responsewriters.Forbidden(ctx, attributes, w, req, "", s)
+		responsewriters.Forbidden(ctx, attributes, w, req, reason, s)
 	})
 }
 
diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go
index 38414a6afa7..726cbe4d565 100644
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go
@@ -110,7 +110,7 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.
 			decision, reason, err := a.Authorize(actingAsAttributes)
 			if err != nil || decision != authorizer.DecisionAllow {
 				glog.V(4).Infof("Forbidden: %#v, Reason: %s, Error: %v", req.RequestURI, reason, err)
-				responsewriters.Forbidden(ctx, actingAsAttributes, w, req, "", s)
+				responsewriters.Forbidden(ctx, actingAsAttributes, w, req, reason, s)
 				return
 			}
 		}
diff --git a/test/integration/master/synthetic_master_test.go b/test/integration/master/synthetic_master_test.go
index d0190830dff..a4ef671983a 100644
--- a/test/integration/master/synthetic_master_test.go
+++ b/test/integration/master/synthetic_master_test.go
@@ -175,7 +175,7 @@ func TestStatus(t *testing.T) {
 			statusCode:   http.StatusForbidden,
 			reqPath:      "/apis",
 			reason:       "Forbidden",
-			message:      `forbidden: User "" cannot get path "/apis"`,
+			message:      `forbidden: User "" cannot get path "/apis": Everything is forbidden.`,
 		},
 		{
 			name:         "401",