Merge pull request #2609 from wansir/master

fix RBAC authorizer
2020-07-25 10:09:50 +08:00
parent 14462c3842 982ea74185
commit b814c5ba4f
2 changed files with 3 additions and 3 deletions
--- a/pkg/apiserver/authorization/authorizerfactory/rbac.go
+++ b/pkg/apiserver/authorization/authorizerfactory/rbac.go
@@ -249,7 +249,7 @@ func (r *RBACAuthorizer) visitRulesFor(requestAttributes authorizer.Attributes,
 			workspace = requestAttributes.GetWorkspace()
 		}

-		if workspaceRoleBindings, err := r.am.ListWorkspaceRoleBindings("", requestAttributes.GetWorkspace()); err != nil {
+		if workspaceRoleBindings, err := r.am.ListWorkspaceRoleBindings("", workspace); err != nil {
 			if !visitor(nil, "", nil, err) {
 				return
 			}
--- a/pkg/models/iam/am/am.go
+++ b/pkg/models/iam/am/am.go
@@ -843,12 +843,12 @@ func (am *amOperator) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1
 	var aggregateRoles []string
 	if err := json.Unmarshal([]byte(role.Annotations[iamv1alpha2.AggregationRolesAnnotation]), &aggregateRoles); err == nil {
 		for _, roleName := range aggregateRoles {
-			role, err := am.GetNamespaceRole(namespace, roleName)
+			aggregationRole, err := am.GetNamespaceRole(namespace, roleName)
 			if err != nil {
 				klog.Error(err)
 				return nil, err
 			}
-			role.Rules = append(role.Rules, role.Rules...)
+			role.Rules = append(role.Rules, aggregationRole.Rules...)
 		}
 	}