From 3de0d9afbb3dcef79117e765025fd7d20480494b Mon Sep 17 00:00:00 2001 From: Nabarun Pal Date: Wed, 4 Oct 2023 14:17:16 +0530 Subject: [PATCH] pkg/kubeapiserver: pass authorizer in top level while building from legacy options Signed-off-by: Nabarun Pal --- pkg/kubeapiserver/options/authorization.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkg/kubeapiserver/options/authorization.go b/pkg/kubeapiserver/options/authorization.go index fc371cf1ae6..164c2d49d5b 100644 --- a/pkg/kubeapiserver/options/authorization.go +++ b/pkg/kubeapiserver/options/authorization.go @@ -167,8 +167,8 @@ func (o *BuiltInAuthorizationOptions) buildAuthorizationConfiguration() (*authzc case authzmodes.ModeWebhook: authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{ Type: authzconfig.TypeWebhook, + Name: defaultWebhookName, Webhook: &authzconfig.WebhookConfiguration{ - Name: defaultWebhookName, AuthorizedTTL: metav1.Duration{Duration: o.WebhookCacheAuthorizedTTL}, UnauthorizedTTL: metav1.Duration{Duration: o.WebhookCacheUnauthorizedTTL}, // Timeout and FailurePolicy are required for the new configuration. @@ -183,9 +183,18 @@ func (o *BuiltInAuthorizationOptions) buildAuthorizationConfiguration() (*authzc }, }) default: - authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{Type: authzconfig.AuthorizerType(mode)}) + authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{ + Type: authzconfig.AuthorizerType(mode), + Name: getNameForAuthorizerMode(mode), + }) } } return &authzconfig.AuthorizationConfiguration{Authorizers: authorizers}, nil } + +// getNameForAuthorizerMode returns the name to be set for the mode in AuthorizationConfiguration +// For now, lower cases the mode name +func getNameForAuthorizerMode(mode string) string { + return strings.ToLower(mode) +}