admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix RBAC authorizer

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2020-07-25 08:58:59 +08:00
parent 06932926a0
commit 982ea74185
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/apiserver/authorization/authorizerfactory/rbac.go
View File

@@ -249,7 +249,7 @@ func (r *RBACAuthorizer) visitRulesFor(requestAttributes authorizer.Attributes,
workspace = requestAttributes.GetWorkspace() workspace = requestAttributes.GetWorkspace()
} }
if workspaceRoleBindings, err := r.am.ListWorkspaceRoleBindings("", requestAttributes.GetWorkspace()); err != nil { if workspaceRoleBindings, err := r.am.ListWorkspaceRoleBindings("", workspace); err != nil {
if !visitor(nil, "", nil, err) { if !visitor(nil, "", nil, err) {
return return
} }

4
pkg/models/iam/am/am.go
View File

@@ -843,12 +843,12 @@ func (am *amOperator) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1
var aggregateRoles []string var aggregateRoles []string
if err := json.Unmarshal([]byte(role.Annotations[iamv1alpha2.AggregationRolesAnnotation]), &aggregateRoles); err == nil { if err := json.Unmarshal([]byte(role.Annotations[iamv1alpha2.AggregationRolesAnnotation]), &aggregateRoles); err == nil {
for _, roleName := range aggregateRoles { for _, roleName := range aggregateRoles {
role, err := am.GetNamespaceRole(namespace, roleName) aggregationRole, err := am.GetNamespaceRole(namespace, roleName)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
role.Rules = append(role.Rules, role.Rules...) role.Rules = append(role.Rules, aggregationRole.Rules...)
} }
} }