github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-13 06:04:02 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #80007 from liggitt/populate-version-authorization-check

Browse Source 
Populate API version in synthetic authorization requests
This commit is contained in:
Kubernetes Prow Robot
2019-07-10 22:59:07 -07:00
committed by GitHub
parent 12c5e2037e 2899abb65c
commit ab960c612c
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/registry/rbac/escalation_check.go
View File

@@ -80,6 +80,7 @@ func RoleEscalationAuthorized(ctx context.Context, a authorizer.Authorizer) bool
User: user,
Verb: "escalate",
APIGroup: requestInfo.APIGroup,
APIVersion: "*",
Resource: requestInfo.Resource,
Name: requestInfo.Name,
Namespace: requestInfo.Namespace,
@@ -122,10 +123,12 @@ func BindingAuthorized(ctx context.Context, roleRef rbac.RoleRef, bindingNamespa
switch roleRef.Kind {
case "ClusterRole":
attrs.APIGroup = roleRef.APIGroup
attrs.APIVersion = "*"
attrs.Resource = "clusterroles"
attrs.Name = roleRef.Name
case "Role":
attrs.APIGroup = roleRef.APIGroup
attrs.APIVersion = "*"
attrs.Resource = "roles"
attrs.Name = roleRef.Name
default: