github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

pkg/kubeapiserver: pass authorizer in top level while building from legacy options

Browse Source 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
This commit is contained in:
Nabarun Pal 2023-10-04 14:17:16 +05:30
parent 11ce6d2915
commit 3de0d9afbb
No known key found for this signature in database
GPG Key ID: E71158161DF2A2CB
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/kubeapiserver/options/authorization.go
View File

@ -167,8 +167,8 @@ func (o *BuiltInAuthorizationOptions) buildAuthorizationConfiguration() (*authzc
case authzmodes.ModeWebhook:
authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{
Type: authzconfig.TypeWebhook,
Name: defaultWebhookName,
Webhook: &authzconfig.WebhookConfiguration{
Name: defaultWebhookName,
AuthorizedTTL: metav1.Duration{Duration: o.WebhookCacheAuthorizedTTL},
UnauthorizedTTL: metav1.Duration{Duration: o.WebhookCacheUnauthorizedTTL},
// Timeout and FailurePolicy are required for the new configuration.
@ -183,9 +183,18 @@ func (o *BuiltInAuthorizationOptions) buildAuthorizationConfiguration() (*authzc
},
})
default:
authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{Type: authzconfig.AuthorizerType(mode)})
authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{
Type: authzconfig.AuthorizerType(mode),
Name: getNameForAuthorizerMode(mode),
})
}
}
return &authzconfig.AuthorizationConfiguration{Authorizers: authorizers}, nil
}
// getNameForAuthorizerMode returns the name to be set for the mode in AuthorizationConfiguration
// For now, lower cases the mode name
func getNameForAuthorizerMode(mode string) string {
return strings.ToLower(mode)
}