mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Decorate authenticated users with system:authenticated group
This commit is contained in:
parent
0c36c5e556
commit
5599ca3be5
@ -22,6 +22,7 @@ import (
|
||||
|
||||
"k8s.io/kubernetes/pkg/auth/authenticator"
|
||||
"k8s.io/kubernetes/pkg/auth/authenticator/bearertoken"
|
||||
"k8s.io/kubernetes/pkg/auth/group"
|
||||
"k8s.io/kubernetes/pkg/auth/user"
|
||||
"k8s.io/kubernetes/pkg/serviceaccount"
|
||||
certutil "k8s.io/kubernetes/pkg/util/cert"
|
||||
@ -129,6 +130,8 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
|
||||
|
||||
authenticator := union.New(authenticators...)
|
||||
|
||||
authenticator = group.NewGroupAdder(authenticator, []string{"system:authenticated"})
|
||||
|
||||
if config.Anonymous {
|
||||
// If the authenticator chain returns an error, return an error (don't consider a bad bearer token anonymous).
|
||||
authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator())
|
||||
|
Loading…
Reference in New Issue
Block a user