Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
凌波微步_大先生
dashboard
提交
01b840c3
D
dashboard
项目概览
凌波微步_大先生
/
dashboard
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dashboard
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
01b840c3
编写于
10月 23, 2018
作者:
S
Sebastian Florek
提交者:
Marcin Maciaszczyk
10月 23, 2018
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix for unauthenticated secret access (#3289)
上级
cfc62d86
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
25 addition
and
2 deletion
+25
-2
src/app/backend/auth/api/common.go
src/app/backend/auth/api/common.go
+13
-2
src/app/backend/auth/api/types.go
src/app/backend/auth/api/types.go
+12
-0
未找到文件。
src/app/backend/auth/api/common.go
浏览文件 @
01b840c3
...
...
@@ -34,9 +34,20 @@ func ToAuthenticationModes(modes []string) AuthenticationModes {
return
result
}
// List of protected resources that should be filtered out from dashboard UI.
var
protectedResources
=
[]
ProtectedResource
{
{
EncryptionKeyHolderName
,
EncryptionKeyHolderNamespace
},
{
CertificateHolderSecretName
,
CertificateHolderSecretNamespace
},
}
// ShouldRejectRequest returns true if url contains name and namespace of resource that should be filtered out from
// dashboard.
func
ShouldRejectRequest
(
url
string
)
bool
{
// For now we have only one resource that should be checked
return
strings
.
Contains
(
url
,
EncryptionKeyHolderName
)
&&
strings
.
Contains
(
url
,
EncryptionKeyHolderNamespace
)
for
_
,
protectedResource
:=
range
protectedResources
{
if
strings
.
Contains
(
url
,
protectedResource
.
ResourceName
)
&&
strings
.
Contains
(
url
,
protectedResource
.
ResourceNamespace
)
{
return
true
}
}
return
false
}
src/app/backend/auth/api/types.go
浏览文件 @
01b840c3
...
...
@@ -25,6 +25,10 @@ const (
EncryptionKeyHolderName
=
"kubernetes-dashboard-key-holder"
EncryptionKeyHolderNamespace
=
"kube-system"
// Resource information that are used as certificate storage for custom certificates used by the user.
CertificateHolderSecretName
=
"kubernetes-dashboard-certs"
CertificateHolderSecretNamespace
=
"kube-system"
// Expiration time (in seconds) of tokens generated by dashboard. Default: 15 min.
DefaultTokenTTL
=
900
)
...
...
@@ -32,6 +36,14 @@ const (
// AuthenticationModes represents auth modes supported by dashboard.
type
AuthenticationModes
map
[
AuthenticationMode
]
bool
// ProtectedResource represents basic information about resource that should be filtered out from Dashboard UI.
type
ProtectedResource
struct
{
// ResourceName is a name of the protected resource.
ResourceName
string
// ResourceNamespace is a namespace of the protected resource. Should be empty if resource is non-namespaced.
ResourceNamespace
string
}
// IsEnabled returns true if given auth mode is supported, false otherwise.
func
(
self
AuthenticationModes
)
IsEnabled
(
mode
AuthenticationMode
)
bool
{
_
,
exists
:=
self
[
mode
]
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录