Commit b988eed2 authored by Kubernetes Submit Queue's avatar Kubernetes Submit Queue Committed by GitHub

Merge pull request #34848 from deads2k/rbac-16-fix-authorization-filter

Automatic merge from submit-queue you can be authorized and have a failure Fix the authorization filter to allow you through and to avoid showing internal errors to users when authorization failed.
parents c32a0533 a8b47149
......@@ -40,16 +40,17 @@ func WithAuthorization(handler http.Handler, getAttribs RequestAttributeGetter,
return
}
authorized, reason, err := a.Authorize(attrs)
if err != nil {
internalError(w, req, err)
if authorized {
handler.ServeHTTP(w, req)
return
}
if !authorized {
glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
forbidden(w, req)
if err != nil {
internalError(w, req, err)
return
}
handler.ServeHTTP(w, req)
glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
forbidden(w, req)
})
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment