Decorate authenticated users with system:authenticated group

This commit is contained in:
Jordan Liggitt 2016-09-09 10:46:34 -04:00
parent 0c36c5e556
commit 5599ca3be5
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012

View File

@ -22,6 +22,7 @@ import (
"k8s.io/kubernetes/pkg/auth/authenticator"
"k8s.io/kubernetes/pkg/auth/authenticator/bearertoken"
"k8s.io/kubernetes/pkg/auth/group"
"k8s.io/kubernetes/pkg/auth/user"
"k8s.io/kubernetes/pkg/serviceaccount"
certutil "k8s.io/kubernetes/pkg/util/cert"
@ -129,6 +130,8 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
authenticator := union.New(authenticators...)
authenticator = group.NewGroupAdder(authenticator, []string{"system:authenticated"})
if config.Anonymous {
// If the authenticator chain returns an error, return an error (don't consider a bad bearer token anonymous).
authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator())