Merge pull request #3658 from deads2k/return-api-error

OpenShift Bot · OpenShift Bot · commit af7b7067561e · 2015-07-10T15:59:00.000-04:00
Merged by openshift-bot
diff --git a/pkg/authorization/registry/rolebinding/policybased/virtual_storage.go b/pkg/authorization/registry/rolebinding/policybased/virtual_storage.go
@@ -257,12 +257,12 @@ func (m *VirtualStorage) confirmNoEscalation(ctx kapi.Context, roleBinding *auth
 	)
 	ownerLocalRules, err := ruleResolver.GetEffectivePolicyRules(ctx)
 	if err != nil {
-		return err
+		return kapierrors.NewInternalError(err)
 	}
 	masterContext := kapi.WithNamespace(ctx, "")
 	ownerGlobalRules, err := ruleResolver.GetEffectivePolicyRules(masterContext)
 	if err != nil {
-		return err
+		return kapierrors.NewInternalError(err)
 	}
 
 	ownerRules := make([]authorizationapi.PolicyRule, 0, len(ownerGlobalRules)+len(ownerLocalRules))
@@ -272,7 +272,7 @@ func (m *VirtualStorage) confirmNoEscalation(ctx kapi.Context, roleBinding *auth
 	ownerRightsCover, missingRights := rulevalidation.Covers(ownerRules, modifyingRole.Rules)
 	if !ownerRightsCover {
 		user, _ := kapi.UserFrom(ctx)
-		return fmt.Errorf("attempt to grant extra privileges: %v\nuser=%v\nownerrules%v\n", missingRights, user, ownerRules)
+		return kapierrors.NewUnauthorized(fmt.Sprintf("attempt to grant extra privileges: %v user=%v ownerrules=%v", missingRights, user, ownerRules))
 	}
 
 	return nil

Original file line number	Diff line number	Diff line change
`@@ -257,12 +257,12 @@ func (m VirtualStorage) confirmNoEscalation(ctx kapi.Context, roleBinding auth`
`257`	`257`	`)`
`258`	`258`	`ownerLocalRules, err := ruleResolver.GetEffectivePolicyRules(ctx)`
`259`	`259`	`if err != nil {`
`260`		`- return err`
	`260`	`+ return kapierrors.NewInternalError(err)`
`261`	`261`	`}`
`262`	`262`	`masterContext := kapi.WithNamespace(ctx, "")`
`263`	`263`	`ownerGlobalRules, err := ruleResolver.GetEffectivePolicyRules(masterContext)`
`264`	`264`	`if err != nil {`
`265`		`- return err`
	`265`	`+ return kapierrors.NewInternalError(err)`
`266`	`266`	`}`
`267`	`267`
`268`	`268`	`ownerRules := make([]authorizationapi.PolicyRule, 0, len(ownerGlobalRules)+len(ownerLocalRules))`
`@@ -272,7 +272,7 @@ func (m VirtualStorage) confirmNoEscalation(ctx kapi.Context, roleBinding auth`
`272`	`272`	`ownerRightsCover, missingRights := rulevalidation.Covers(ownerRules, modifyingRole.Rules)`
`273`	`273`	`if !ownerRightsCover {`
`274`	`274`	`user, _ := kapi.UserFrom(ctx)`
`275`		`- return fmt.Errorf("attempt to grant extra privileges: %v\nuser=%v\nownerrules%v\n", missingRights, user, ownerRules)`
	`275`	`+ return kapierrors.NewUnauthorized(fmt.Sprintf("attempt to grant extra privileges: %v user=%v ownerrules=%v", missingRights, user, ownerRules))`
`276`	`276`	`}`
`277`	`277`
`278`	`278`	`return nil`