mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #67617 from liggitt/authz-details
Automatic merge from submit-queue (batch tested with PRs 67493, 67617, 67582, 67337). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. limit forbidden error to details of what was forbidden cleans up output from https://github.com/kubernetes/kubernetes/pull/65906#discussion_r210048853 /assign @smarterclayton ```release-note NONE ```
This commit is contained in:
commit
b8c1e34df1
@ -73,7 +73,7 @@ func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.
|
||||
glog.V(4).Infof("Forbidden: %#v, Reason: %q", req.RequestURI, reason)
|
||||
audit.LogAnnotation(ae, decisionAnnotationKey, decisionForbid)
|
||||
audit.LogAnnotation(ae, reasonAnnotationKey, reason)
|
||||
responsewriters.Forbidden(ctx, attributes, w, req, reason, s)
|
||||
responsewriters.Forbidden(ctx, attributes, w, req, "", s)
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -110,7 +110,7 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.
|
||||
decision, reason, err := a.Authorize(actingAsAttributes)
|
||||
if err != nil || decision != authorizer.DecisionAllow {
|
||||
glog.V(4).Infof("Forbidden: %#v, Reason: %s, Error: %v", req.RequestURI, reason, err)
|
||||
responsewriters.Forbidden(ctx, actingAsAttributes, w, req, reason, s)
|
||||
responsewriters.Forbidden(ctx, actingAsAttributes, w, req, "", s)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -175,7 +175,7 @@ func TestStatus(t *testing.T) {
|
||||
statusCode: http.StatusForbidden,
|
||||
reqPath: "/apis",
|
||||
reason: "Forbidden",
|
||||
message: `forbidden: User "" cannot get path "/apis": Everything is forbidden.`,
|
||||
message: `forbidden: User "" cannot get path "/apis"`,
|
||||
},
|
||||
{
|
||||
name: "401",
|
||||
|
Loading…
Reference in New Issue
Block a user