github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 11:38:15 +00:00
Code Issues Projects Releases Wiki Activity

Not using fine-grained auth.

Browse Source
This commit is contained in:
zhifei92 2024-12-17 13:27:01 +08:00
parent 7caff55fd9
commit b9fc5678d9
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/server/auth.go
View File

@ -69,11 +69,11 @@ func isSubpath(subpath, path string) bool {
// /metrics/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=metrics // /metrics/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=metrics
// /logs/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=log // /logs/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=log
// /checkpoint/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=checkpoint // /checkpoint/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=checkpoint
// /statusz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=statusz
// /pods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy // /pods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy
// /runningPods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy // /runningPods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy
// /healthz/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=healthz,proxy // /healthz/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=healthz,proxy
// /configz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=configz,proxy // /configz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=configz,proxy
// /statusz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=statusz,proxy
func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *http.Request) []authorizer.Attributes { func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *http.Request) []authorizer.Attributes {
apiVerb := "" apiVerb := ""
@ -101,8 +101,6 @@ func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *htt
subresources = append(subresources, "healthz") subresources = append(subresources, "healthz")
case isSubpath(requestPath, configz.DefaultConfigzPath): case isSubpath(requestPath, configz.DefaultConfigzPath):
subresources = append(subresources, "configz") subresources = append(subresources, "configz")
case isSubpath(requestPath, statusz.DefaultStatuszPath):
subresources = append(subresources, "statusz")
// We put runningpods last since it will allocate a new string on every // We put runningpods last since it will allocate a new string on every
// check since the handler path has a trailing slash. // check since the handler path has a trailing slash.
case isSubpath(requestPath, runningPodsPath): case isSubpath(requestPath, runningPodsPath):
@ -120,6 +118,8 @@ func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *htt
subresources = append(subresources, "log") subresources = append(subresources, "log")
case isSubpath(requestPath, checkpointPath): case isSubpath(requestPath, checkpointPath):
subresources = append(subresources, "checkpoint") subresources = append(subresources, "checkpoint")
case isSubpath(requestPath, statusz.DefaultStatuszPath):
subresources = append(subresources, "statusz")
default: default:
subresources = append(subresources, "proxy") subresources = append(subresources, "proxy")
} }

3
pkg/kubelet/server/server_test.go
View File

@ -1619,6 +1619,8 @@ func TestServePortForward(t *testing.T) {
} }
func TestMetricBuckets(t *testing.T) { func TestMetricBuckets(t *testing.T) {
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, zpagesfeatures.ComponentStatusz, true)
tests := map[string]struct { tests := map[string]struct {
url string url string
bucket string bucket string
@ -1654,7 +1656,6 @@ func TestMetricBuckets(t *testing.T) {
"invalid path": {url: "/junk", bucket: "other"}, "invalid path": {url: "/junk", bucket: "other"},
"invalid path starting with good": {url: "/healthzjunk", bucket: "other"}, "invalid path starting with good": {url: "/healthzjunk", bucket: "other"},
} }
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, zpagesfeatures.ComponentStatusz, true)
fw := newServerTest() fw := newServerTest()
defer fw.testHTTPServer.Close() defer fw.testHTTPServer.Close()