From 5599ca3be5d518e6cb5df0f820cdca7473585c2c Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Fri, 9 Sep 2016 10:46:34 -0400 Subject: [PATCH] Decorate authenticated users with system:authenticated group --- pkg/apiserver/authenticator/authn.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/apiserver/authenticator/authn.go b/pkg/apiserver/authenticator/authn.go index f7a1554d6a3..6978eb60839 100644 --- a/pkg/apiserver/authenticator/authn.go +++ b/pkg/apiserver/authenticator/authn.go @@ -22,6 +22,7 @@ import ( "k8s.io/kubernetes/pkg/auth/authenticator" "k8s.io/kubernetes/pkg/auth/authenticator/bearertoken" + "k8s.io/kubernetes/pkg/auth/group" "k8s.io/kubernetes/pkg/auth/user" "k8s.io/kubernetes/pkg/serviceaccount" certutil "k8s.io/kubernetes/pkg/util/cert" @@ -129,6 +130,8 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) { authenticator := union.New(authenticators...) + authenticator = group.NewGroupAdder(authenticator, []string{"system:authenticated"}) + if config.Anonymous { // If the authenticator chain returns an error, return an error (don't consider a bad bearer token anonymous). authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator())