github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-12 21:36:24 +00:00
Code Issues Projects Releases Wiki Activity

Allow initialization when no authorizer present

Browse Source 
Running without an authorizer is a valid configuration.
This commit is contained in:
Clayton Coleman 2017-05-27 00:49:15 -04:00
parent 4ce3907639
commit 536a1bcd3b
No known key found for this signature in database
GPG Key ID: 3D16906B4F1C5CB3
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugin/pkg/admission/initialization/initialization.go
View File

@ -20,6 +20,8 @@ import (
"fmt"
"io"
"github.com/golang/glog"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/apimachinery/pkg/api/validation"
@ -56,9 +58,6 @@ func NewInitializer() admission.Interface {
}
func (i *initializer) Validate() error {
if i.authorizer == nil {
return fmt.Errorf("requires authorizer")
}
return nil
}
@ -131,6 +130,11 @@ func (i *initializer) Admit(a admission.Attributes) (err error) {
}
func (i *initializer) canInitialize(a admission.Attributes) error {
// if no authorizer is present, the initializer plugin allows modification of uninitialized resources
if i.authorizer == nil {
glog.V(4).Infof("No authorizer provided to initialization admission control, unable to check permissions")
return nil
}
// caller must have the ability to mutate un-initialized resources
authorized, reason, err := i.authorizer.Authorize(authorizer.AttributesRecord{
Name: a.GetName(),