Add Subresource & Name to webhook authorizer.

plugin/pkg/auth/authorizer/webhook/webhook.go

@@ -151,10 +151,13 @@ func (w *WebhookAuthorizer) Authorize(attr authorizer.Attributes) (err error) {
 	}
 	if attr.IsResourceRequest() {
 		r.Spec.ResourceAttributes = &v1beta1.ResourceAttributes{
-			Namespace: attr.GetNamespace(),
+			Namespace:   attr.GetNamespace(),
-			Verb:      attr.GetVerb(),
+			Verb:        attr.GetVerb(),
-			Group:     attr.GetAPIGroup(),
+			Group:       attr.GetAPIGroup(),
-			Resource:  attr.GetResource(),
+			Version:     attr.GetAPIVersion(),
+			Resource:    attr.GetResource(),
+			Subresource: attr.GetSubresource(),
+			Name:        attr.GetName(),
 		}
 	} else {
 		r.Spec.NonResourceAttributes = &v1beta1.NonResourceAttributes{

plugin/pkg/auth/authorizer/webhook/webhook_test.go

@@ -435,7 +435,10 @@ func TestWebhook(t *testing.T) {
 				Verb:            "GET",
 				Namespace:       "kittensandponies",
 				APIGroup:        "group3",
+				APIVersion:      "v7beta3",
 				Resource:        "pods",
+				Subresource:     "proxy",
+				Name:            "my-pod",
 				ResourceRequest: true,
 				Path:            "/foo",
 			},
@@ -445,10 +448,13 @@ func TestWebhook(t *testing.T) {
 					User:   "jane",
 					Groups: []string{"group1", "group2"},
 					ResourceAttributes: &v1beta1.ResourceAttributes{
-						Verb:      "GET",
+						Verb:        "GET",
-						Namespace: "kittensandponies",
+						Namespace:   "kittensandponies",
-						Group:     "group3",
+						Group:       "group3",
-						Resource:  "pods",
+						Version:     "v7beta3",
+						Resource:    "pods",
+						Subresource: "proxy",
+						Name:        "my-pod",
 					},
 				},
 			},