Skip to content

Commit feb2c85

Browse files
simo5simo5
committed
Drop authorizer wrapper
The openshift authorizer was wrapping kube authorizer only to generate Forbidden messages, but upstream already generate similar messages and we cannot intercept and change those. So let's just stop duplicating errors and use the upstream authorizer and error messages as is. Signed-off-by: Simo Sorce <[email protected]>
1 parent fcf6cae commit feb2c85

14 files changed

+47
-453
lines changed

pkg/authorization/authorizer/authorizer.go

-49
This file was deleted.

pkg/authorization/authorizer/browsersafe/authorizer_test.go

+8-4
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ func TestBrowserSafeAuthorizer(t *testing.T) {
1313

1414
expectedVerb string
1515
expectedSubresource string
16+
expectedReason string
1617
}{
1718
"non-resource": {
1819
attributes: authorizer.AttributesRecord{ResourceRequest: false, Verb: "GET"},
@@ -29,15 +30,18 @@ func TestBrowserSafeAuthorizer(t *testing.T) {
2930
attributes: authorizer.AttributesRecord{ResourceRequest: true, Verb: "get", Resource: "pods", Subresource: "proxy"},
3031
expectedVerb: "get",
3132
expectedSubresource: "unsafeproxy",
33+
expectedReason: "proxy subresource changed to unsafeproxy",
3234
},
3335
"unsafe proxy verb": {
34-
attributes: authorizer.AttributesRecord{ResourceRequest: true, Verb: "proxy", Resource: "nodes"},
35-
expectedVerb: "unsafeproxy",
36+
attributes: authorizer.AttributesRecord{ResourceRequest: true, Verb: "proxy", Resource: "nodes"},
37+
expectedVerb: "unsafeproxy",
38+
expectedReason: "proxy verb changed to unsafeproxy",
3639
},
3740
"unsafe proxy verb anonymous": {
3841
attributes: authorizer.AttributesRecord{ResourceRequest: true, Verb: "proxy", Resource: "nodes",
3942
User: &user.DefaultInfo{Name: "system:anonymous", Groups: []string{"system:unauthenticated"}}},
40-
expectedVerb: "unsafeproxy",
43+
expectedVerb: "unsafeproxy",
44+
expectedReason: "proxy verb changed to unsafeproxy",
4145
},
4246

4347
"proxy subresource authenticated": {
@@ -51,7 +55,7 @@ func TestBrowserSafeAuthorizer(t *testing.T) {
5155
safeAuthorizer := NewBrowserSafeAuthorizer(delegateAuthorizer, "system:authenticated")
5256

5357
authorized, reason, err := safeAuthorizer.Authorize(tc.attributes)
54-
if authorized == authorizer.DecisionAllow || len(reason) != 0 || err != nil {
58+
if authorized == authorizer.DecisionAllow || reason != tc.expectedReason || err != nil {
5559
t.Errorf("%s: unexpected output: %v %s %v", name, authorized, reason, err)
5660
continue
5761
}

pkg/authorization/authorizer/interfaces.go

-10
This file was deleted.

pkg/authorization/authorizer/messages.go

-128
This file was deleted.

0 commit comments

Comments
 (0)