From 2a773531645d457b009feebf7a6886f64c6290d2 Mon Sep 17 00:00:00 2001
From: xilabao <chenr.fnst@cn.fujitsu.com>
Date: Mon, 28 Nov 2016 14:36:14 +0800
Subject: [PATCH] extend err info when authorize failed

---
 pkg/apiserver/filters/errors.go         | 2 +-
 plugin/pkg/auth/authorizer/rbac/rbac.go | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/apiserver/filters/errors.go b/pkg/apiserver/filters/errors.go
index 7ad2c26df0d..cd55a10ee2d 100644
--- a/pkg/apiserver/filters/errors.go
+++ b/pkg/apiserver/filters/errors.go
@@ -64,6 +64,6 @@ func internalError(w http.ResponseWriter, req *http.Request, err error) {
 	w.Header().Set("Content-Type", "text/plain")
 	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.WriteHeader(http.StatusInternalServerError)
-	fmt.Fprintf(w, "Internal Server Error: %#v", req.RequestURI)
+	fmt.Fprintf(w, "Internal Server Error: %#v: %v", req.RequestURI, err)
 	runtime.HandleError(err)
 }
diff --git a/plugin/pkg/auth/authorizer/rbac/rbac.go b/plugin/pkg/auth/authorizer/rbac/rbac.go
index 770de226dd0..2241a00c246 100644
--- a/plugin/pkg/auth/authorizer/rbac/rbac.go
+++ b/plugin/pkg/auth/authorizer/rbac/rbac.go
@@ -18,6 +18,7 @@ limitations under the License.
 package rbac
 
 import (
+	"fmt"
 	"github.com/golang/glog"
 
 	"k8s.io/kubernetes/pkg/apis/rbac"
@@ -47,7 +48,7 @@ func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (boo
 	glog.V(2).Infof("RBAC DENY: user %q groups %v cannot %q on \"%v.%v/%v\"", requestAttributes.GetUser().GetName(), requestAttributes.GetUser().GetGroups(),
 		requestAttributes.GetVerb(), requestAttributes.GetResource(), requestAttributes.GetAPIGroup(), requestAttributes.GetSubresource())
 
-	return false, "", ruleResolutionError
+	return false, fmt.Sprintf("%v", ruleResolutionError), nil
 }
 
 func New(roles validation.RoleGetter, roleBindings validation.RoleBindingLister, clusterRoles validation.ClusterRoleGetter, clusterRoleBindings validation.ClusterRoleBindingLister) *RBACAuthorizer {