Improve multi-authorizer errors

parent 91b72934
...@@ -227,7 +227,7 @@ func (pl policyList) Authorize(a authorizer.Attributes) (authorizer.Decision, st ...@@ -227,7 +227,7 @@ func (pl policyList) Authorize(a authorizer.Attributes) (authorizer.Decision, st
return authorizer.DecisionAllow, "", nil return authorizer.DecisionAllow, "", nil
} }
} }
return authorizer.DecisionNoOpinion, "No policy matched.", nil return authorizer.DecisionNoOpinion, "no ABAC policy matched", nil
// TODO: Benchmark how much time policy matching takes with a medium size // TODO: Benchmark how much time policy matching takes with a medium size
// policy file, compared to other steps such as encoding/decoding. // policy file, compared to other steps such as encoding/decoding.
// Then, add Caching only if needed. // Then, add Caching only if needed.
......
...@@ -121,6 +121,8 @@ func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (aut ...@@ -121,6 +121,8 @@ func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (aut
reason := "" reason := ""
if len(ruleCheckingVisitor.errors) > 0 { if len(ruleCheckingVisitor.errors) > 0 {
reason = fmt.Sprintf("RBAC: %v", utilerrors.NewAggregate(ruleCheckingVisitor.errors)) reason = fmt.Sprintf("RBAC: %v", utilerrors.NewAggregate(ruleCheckingVisitor.errors))
} else {
reason = "no RBAC policy matched"
} }
return authorizer.DecisionNoOpinion, reason, nil return authorizer.DecisionNoOpinion, reason, nil
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment