Skip to content

Commit

Permalink
removing hard coded authorizer
Browse files Browse the repository at this point in the history
  • Loading branch information
Prashant Balachandran committed Aug 11, 2021
1 parent 4ca9825 commit efe6804
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 1 addition & 2 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@ import (

"github.com/brancz/kube-rbac-proxy/pkg/authn"
"github.com/brancz/kube-rbac-proxy/pkg/authz"
"github.com/brancz/kube-rbac-proxy/pkg/hardcodedauthorizer"
"github.com/brancz/kube-rbac-proxy/pkg/proxy"
rbac_proxy_tls "github.com/brancz/kube-rbac-proxy/pkg/tls"
)
Expand Down Expand Up @@ -202,7 +201,7 @@ func main() {
// prefix the authorizer with the permissions for metrics scraping which are well known.
// openshift RBAC policy will always allow this user to read metrics.
// TODO: remove this, once CMO lands static authorizer configuration.
hardcodedauthorizer.NewHardCodedMetricsAuthorizer(),
//hardcodedauthorizer.NewHardCodedMetricsAuthorizer(),
staticAuthorizer,
sarAuthorizer,
)
Expand Down
2 changes: 2 additions & 0 deletions pkg/authz/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"context"
"errors"
"fmt"
"k8s.io/klog/v2"
"time"

"k8s.io/apiserver/pkg/authorization/authorizer"
Expand Down Expand Up @@ -132,6 +133,7 @@ func (sa staticAuthorizer) Authorize(ctx context.Context, a authorizer.Attribute
// compare a against the configured static auths
for _, saConfig := range sa.config {
if saConfig.Equal(a) {
klog.V(2).Info("approved using static config")
return authorizer.DecisionAllow, "found corresponding static auth config", nil
}
}
Expand Down

0 comments on commit efe6804

Please sign in to comment.