github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 07:27:21 +00:00
Code Issues Projects Releases Wiki Activity

rbac authorizer: include verb in non-resource url requests

Browse Source
This commit is contained in:
Eric Chiang
2016-06-30 11:53:15 -07:00
parent 4726b521d1
commit 411922f66c
4 changed files with 60 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/apis/rbac/validation/policy_comparator.go
View File

@@ -69,9 +69,11 @@ func breakdownRule(rule rbac.PolicyRule) []rbac.PolicyRule {
}
}
// Non-resource URLs are unique because they don't combine with other policy rule fields.
// Non-resource URLs are unique because they only combine with verbs.
for _, nonResourceURL := range rule.NonResourceURLs {
subrules = append(subrules, rbac.PolicyRule{NonResourceURLs: []string{nonResourceURL}})
for _, verb := range rule.Verbs {
subrules = append(subrules, rbac.PolicyRule{NonResourceURLs: []string{nonResourceURL}, Verbs: []string{verb}})
}
}
return subrules

2
pkg/apis/rbac/validation/policy_comparator_test.go
View File

@@ -333,7 +333,7 @@ func TestCoversNonResourceURLsWithOtherFieldsFailure(t *testing.T) {
},
expectedCovered: false,
expectedUncoveredRules: []rbac.PolicyRule{{NonResourceURLs: []string{"/apis"}}},
expectedUncoveredRules: []rbac.PolicyRule{{NonResourceURLs: []string{"/apis"}, Verbs: []string{"get"}}},
}.test(t)
}