github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-13 22:05:59 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #122975 from aramase/aramase/c/cleanup_authn_validation

Browse Source 
cleanup structured authn/authz error logic
This commit is contained in:
Kubernetes Prow Robot 2024-03-01 16:59:47 -08:00 committed by GitHub
commit 4e8674f4e5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
View File

@ -412,7 +412,7 @@ func validateUserValidationRules(compiler authenticationcel.Compiler, celMapper
func compileClaimsCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) { func compileClaimsCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) {
compilationResult, err := compiler.CompileClaimsExpression(expression) compilationResult, err := compiler.CompileClaimsExpression(expression)
if err != nil { if err != nil {
return nil, convertCELErrorToValidationError(fldPath, expression, err) return nil, convertCELErrorToValidationError(fldPath, expression.GetExpression(), err)
} }
return &compilationResult, nil return &compilationResult, nil
} }
@ -420,7 +420,7 @@ func compileClaimsCELExpression(compiler authenticationcel.Compiler, expression
func compileUserCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) { func compileUserCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) {
compilationResult, err := compiler.CompileUserExpression(expression) compilationResult, err := compiler.CompileUserExpression(expression)
if err != nil { if err != nil {
return nil, convertCELErrorToValidationError(fldPath, expression, err) return nil, convertCELErrorToValidationError(fldPath, expression.GetExpression(), err)
} }
return &compilationResult, nil return &compilationResult, nil
} }
@ -609,19 +609,19 @@ func compileMatchConditionsExpression(fldPath *field.Path, compiler authorizatio
} }
compilationResult, err := compiler.CompileCELExpression(authzExpression) compilationResult, err := compiler.CompileCELExpression(authzExpression)
if err != nil { if err != nil {
return compilationResult, convertCELErrorToValidationError(fldPath, authzExpression, err) return compilationResult, convertCELErrorToValidationError(fldPath, authzExpression.GetExpression(), err)
} }
return compilationResult, nil return compilationResult, nil
} }
func convertCELErrorToValidationError(fldPath *field.Path, expression authorizationcel.ExpressionAccessor, err error) *field.Error { func convertCELErrorToValidationError(fldPath *field.Path, expression string, err error) *field.Error {
var celErr *cel.Error var celErr *cel.Error
if errors.As(err, &celErr) { if errors.As(err, &celErr) {
switch celErr.Type { switch celErr.Type {
case cel.ErrorTypeRequired: case cel.ErrorTypeRequired:
return field.Required(fldPath, celErr.Detail) return field.Required(fldPath, celErr.Detail)
case cel.ErrorTypeInvalid: case cel.ErrorTypeInvalid:
return field.Invalid(fldPath, expression.GetExpression(), celErr.Detail) return field.Invalid(fldPath, expression, celErr.Detail)
default: default:
return field.InternalError(fldPath, celErr) return field.InternalError(fldPath, celErr)
} }