From 2ac293a0bd51df1ac0d420098ddc002ce5709543 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Thu, 22 Sep 2016 15:03:34 -0400 Subject: [PATCH] Put loopback authn/authz first in chain --- cmd/kube-apiserver/app/server.go | 4 ++-- federation/cmd/federation-apiserver/app/server.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index fa759d2fdb5..76309fbca48 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -279,10 +279,10 @@ func Run(s *options.APIServer) error { } tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens) - apiAuthenticator = authenticatorunion.New(apiAuthenticator, tokenAuthenticator) + apiAuthenticator = authenticatorunion.New(tokenAuthenticator, apiAuthenticator) tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters") - apiAuthorizer = authorizerunion.New(apiAuthorizer, tokenAuthorizer) + apiAuthorizer = authorizerunion.New(tokenAuthorizer, apiAuthorizer) } sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index 4b945a57dc7..1565648c3ef 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -187,10 +187,10 @@ func Run(s *options.ServerRunOptions) error { } tokenAuthenticator := authenticator.NewAuthenticatorFromTokens(tokens) - apiAuthenticator = authenticatorunion.New(apiAuthenticator, tokenAuthenticator) + apiAuthenticator = authenticatorunion.New(tokenAuthenticator, apiAuthenticator) tokenAuthorizer := authorizer.NewPrivilegedGroups("system:masters") - apiAuthorizer = authorizerunion.New(apiAuthorizer, tokenAuthorizer) + apiAuthorizer = authorizerunion.New(tokenAuthorizer, apiAuthorizer) } sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)