github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-07-04 10:16:19 +00:00
Code Issues Projects Releases Wiki Activity

K-EXPLORER: Merge branch 'master' 647cba2be7 into ke/v0.2

Browse Source
This commit is contained in:
niusmallnan 2022-08-19 17:09:28 +08:00
commit f91b3045ca
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/auth/filter.go
View File

@ -33,6 +33,8 @@ var ExistingContext = ToMiddleware(AuthenticatorFunc(func(req *http.Request) (us
return user, ok, nil return user, ok, nil
})) }))
const CattleAuthFailed = "X-API-Cattle-Auth-Failed"
type Authenticator interface { type Authenticator interface {
Authenticate(req *http.Request) (user.Info, bool, error) Authenticate(req *http.Request) (user.Info, bool, error)
} }
@ -144,6 +146,7 @@ func ToMiddleware(auth Authenticator) Middleware {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
info, ok, err := auth.Authenticate(req) info, ok, err := auth.Authenticate(req)
ctx := req.Context()
if err != nil { if err != nil {
info = &user.DefaultInfo{ info = &user.DefaultInfo{
Name: "system:cattle:error", Name: "system:cattle:error",
@ -153,6 +156,7 @@ func ToMiddleware(auth Authenticator) Middleware {
"system:cattle:error", "system:cattle:error",
}, },
} }
ctx = request.WithValue(ctx, CattleAuthFailed, "true")
} else if !ok { } else if !ok {
info = &user.DefaultInfo{ info = &user.DefaultInfo{
Name: "system:unauthenticated", Name: "system:unauthenticated",
@ -162,8 +166,8 @@ func ToMiddleware(auth Authenticator) Middleware {
}, },
} }
} }
ctx = request.WithUser(ctx, info)
ctx := request.WithUser(req.Context(), info)
req = req.WithContext(ctx) req = req.WithContext(ctx)
next.ServeHTTP(rw, req) next.ServeHTTP(rw, req)
}) })

15
pkg/podimpersonation/podimpersonation.go
View File

@ -348,7 +348,19 @@ func (s *PodImpersonation) createPod(ctx context.Context, user user.Info, role *
if err != nil { if err != nil {
return nil, err return nil, err
} }
if _, ok := tokenSecret.Data[v1.ServiceAccountTokenKey]; !ok {
for {
logrus.Debugf("wait for svc account secret to be populated with token %s", tokenSecret.Name)
time.Sleep(2 * time.Second)
tokenSecret, err = client.CoreV1().Secrets(sa.Namespace).Get(ctx, sc.Name, metav1.GetOptions{})
if err != nil {
return nil, err
}
if _, ok := tokenSecret.Data[v1.ServiceAccountTokenKey]; ok {
break
}
}
}
pod = s.augmentPod(pod, sa, tokenSecret, podOptions.ImageOverride) pod = s.augmentPod(pod, sa, tokenSecret, podOptions.ImageOverride)
if err := s.createConfigMaps(ctx, user, role, pod, podOptions, client); err != nil { if err := s.createConfigMaps(ctx, user, role, pod, podOptions, client); err != nil {
@ -358,7 +370,6 @@ func (s *PodImpersonation) createPod(ctx context.Context, user user.Info, role *
if err := s.createSecrets(ctx, role, pod, podOptions, client); err != nil { if err := s.createSecrets(ctx, role, pod, podOptions, client); err != nil {
return nil, err return nil, err
} }
pod.OwnerReferences = ref(role) pod.OwnerReferences = ref(role)
if pod.Annotations == nil { if pod.Annotations == nil {
pod.Annotations = map[string]string{} pod.Annotations = map[string]string{}