github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 19:23:40 +00:00
Code Issues Projects Releases Wiki Activity

Not using fine-grained auth.

Browse Source
This commit is contained in:
zhifei92 2024-12-17 13:27:01 +08:00
parent 7caff55fd9
commit b9fc5678d9
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/server/auth.go
View File

@ -69,11 +69,11 @@ func isSubpath(subpath, path string) bool {
// /metrics/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=metrics
// /logs/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=log
// /checkpoint/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=checkpoint
// /statusz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=statusz
// /pods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy
// /runningPods/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=pods,proxy
// /healthz/* => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=healthz,proxy
// /configz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=configz,proxy
// /statusz => verb=<api verb from request>, resource=nodes, name=<node name>, subresource(s)=statusz,proxy
func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *http.Request) []authorizer.Attributes {
apiVerb := ""
@ -101,8 +101,6 @@ func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *htt
subresources = append(subresources, "healthz")
case isSubpath(requestPath, configz.DefaultConfigzPath):
subresources = append(subresources, "configz")
case isSubpath(requestPath, statusz.DefaultStatuszPath):
subresources = append(subresources, "statusz")
// We put runningpods last since it will allocate a new string on every
// check since the handler path has a trailing slash.
case isSubpath(requestPath, runningPodsPath):
@ -120,6 +118,8 @@ func (n nodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *htt
subresources = append(subresources, "log")
case isSubpath(requestPath, checkpointPath):
subresources = append(subresources, "checkpoint")
case isSubpath(requestPath, statusz.DefaultStatuszPath):
subresources = append(subresources, "statusz")
default:
subresources = append(subresources, "proxy")
}

3
pkg/kubelet/server/server_test.go
View File

@ -1619,6 +1619,8 @@ func TestServePortForward(t *testing.T) {
}
func TestMetricBuckets(t *testing.T) {
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, zpagesfeatures.ComponentStatusz, true)
tests := map[string]struct {
url string
bucket string
@ -1654,7 +1656,6 @@ func TestMetricBuckets(t *testing.T) {
"invalid path": {url: "/junk", bucket: "other"},
"invalid path starting with good": {url: "/healthzjunk", bucket: "other"},
}
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, zpagesfeatures.ComponentStatusz, true)
fw := newServerTest()
defer fw.testHTTPServer.Close()