github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Decorate authenticated users with system:authenticated group

Browse Source
This commit is contained in:
Jordan Liggitt 2016-09-09 10:46:34 -04:00
parent 0c36c5e556
commit 5599ca3be5
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/apiserver/authenticator/authn.go
View File

@ -22,6 +22,7 @@ import (
"k8s.io/kubernetes/pkg/auth/authenticator" "k8s.io/kubernetes/pkg/auth/authenticator"
"k8s.io/kubernetes/pkg/auth/authenticator/bearertoken" "k8s.io/kubernetes/pkg/auth/authenticator/bearertoken"
"k8s.io/kubernetes/pkg/auth/group"
"k8s.io/kubernetes/pkg/auth/user" "k8s.io/kubernetes/pkg/auth/user"
"k8s.io/kubernetes/pkg/serviceaccount" "k8s.io/kubernetes/pkg/serviceaccount"
certutil "k8s.io/kubernetes/pkg/util/cert" certutil "k8s.io/kubernetes/pkg/util/cert"
@ -129,6 +130,8 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
authenticator := union.New(authenticators...) authenticator := union.New(authenticators...)
authenticator = group.NewGroupAdder(authenticator, []string{"system:authenticated"})
if config.Anonymous { if config.Anonymous {
// If the authenticator chain returns an error, return an error (don't consider a bad bearer token anonymous). // If the authenticator chain returns an error, return an error (don't consider a bad bearer token anonymous).
authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator()) authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator())