From a209040ac8d78818fd98a058222764e7b3538657 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Sat, 24 Dec 2016 12:36:38 -0500
Subject: [PATCH] Include swaggerapi urls in system:discovery role

---
 plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go       | 2 +-
 .../authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
index 05ce8a39211..0ce6d29193b 100644
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@@ -82,7 +82,7 @@ func ClusterRoles() []rbac.ClusterRole {
 			// a role which provides just enough power to discovery API versions for negotiation
 			ObjectMeta: api.ObjectMeta{Name: "system:discovery"},
 			Rules: []rbac.PolicyRule{
-				rbac.NewRule("get").URLs("/version", "/api", "/api/*", "/apis", "/apis/*").RuleOrDie(),
+				rbac.NewRule("get").URLs("/version", "/swaggerapi", "/swaggerapi/*", "/api", "/api/*", "/apis", "/apis/*").RuleOrDie(),
 			},
 		},
 		{
diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
index 289c942936c..bf47185b72a 100644
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
@@ -383,6 +383,8 @@ items:
     - /api/*
     - /apis
     - /apis/*
+    - /swaggerapi
+    - /swaggerapi/*
     - /version
     verbs:
     - get