make the system:authenticated group adder smarter

2026-01-13 19:36:22 +00:00 · 2017-03-03 12:32:52 -05:00
parent 815b340f8d
commit 379a73a8db
6 changed files with 135 additions and 6 deletions
--- a/pkg/kubeapiserver/authenticator/BUILD
+++ b/pkg/kubeapiserver/authenticator/BUILD
@@ -23,7 +23,6 @@ go_library(
        "//vendor:k8s.io/apiserver/pkg/authentication/request/union",
        "//vendor:k8s.io/apiserver/pkg/authentication/request/x509",
        "//vendor:k8s.io/apiserver/pkg/authentication/token/tokenfile",
-        "//vendor:k8s.io/apiserver/pkg/authentication/user",
        "//vendor:k8s.io/apiserver/plugin/pkg/authenticator/password/keystone",
        "//vendor:k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile",
        "//vendor:k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth",
--- a/pkg/kubeapiserver/authenticator/config.go
+++ b/pkg/kubeapiserver/authenticator/config.go
@@ -30,7 +30,6 @@ import (
 	"k8s.io/apiserver/pkg/authentication/request/union"
 	"k8s.io/apiserver/pkg/authentication/request/x509"
 	"k8s.io/apiserver/pkg/authentication/token/tokenfile"
-	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/plugin/pkg/authenticator/password/keystone"
 	"k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile"
 	"k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth"
@@ -207,7 +206,7 @@ func (config AuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDe

 	authenticator := union.New(authenticators...)

-	authenticator = group.NewGroupAdder(authenticator, []string{user.AllAuthenticated})
+	authenticator = group.NewAuthenticatedGroupAdder(authenticator)

 	if config.Anonymous {
 		// If the authenticator chain returns an error, return an error (don't consider a bad bearer token anonymous).