Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename config file name to authz config filename as it is specific to authz #349

Open
wants to merge 1 commit into
base: sig-auth-acceptance
Choose a base branch
from
Open

Rename config file name to authz config filename as it is specific to authz #349

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions cmd/kube-rbac-proxy/app/options/proxyoptions.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,9 @@ type ProxyOptions struct {

UpstreamHeader *identityheaders.AuthnHeaderConfig

ConfigFileName string
AllowPaths []string
IgnorePaths []string
AuthzConfigFileName string
AllowPaths []string
IgnorePaths []string

ProxyEndpointsPort int

Expand All @@ -70,7 +70,7 @@ func (o *ProxyOptions) AddFlags(flagset *pflag.FlagSet) {
flagset.StringVar(&o.UpstreamClientCertFile, "upstream-client-cert-file", "", "If set, the client will be used to authenticate the proxy to upstream. Requires --upstream-client-key-file to be set, too.")
flagset.StringVar(&o.UpstreamClientKeyFile, "upstream-client-key-file", "", "The key matching the certificate from --upstream-client-cert-file. If set, requires --upstream-client-cert-file to be set, too.")

flagset.StringVar(&o.ConfigFileName, "config-file", "", "Configuration file to configure static and rewrites authorization of the kube-rbac-proxy.")
flagset.StringVar(&o.AuthzConfigFileName, "config-file", "", "Configuration file to configure static and rewrites authorization of the kube-rbac-proxy.")
flagset.StringSliceVar(&o.AllowPaths, "allow-paths", nil, "Comma-separated list of paths against which kube-rbac-proxy pattern-matches the incoming request. If the request doesn't match, kube-rbac-proxy responds with a 404 status code. If omitted, the incoming request path isn't checked. Cannot be used with --ignore-paths.")
flagset.StringSliceVar(&o.IgnorePaths, "ignore-paths", nil, "Comma-separated list of paths against which kube-rbac-proxy pattern-matches the incoming request. If the requst matches, it will proxy the request without performing an authentication or authorization check. Cannot be used with --allow-paths.")

Expand Down Expand Up @@ -133,7 +133,7 @@ func (o *ProxyOptions) ApplyTo(krpInfo *server.KubeRBACProxyInfo, authInfo *serv
return fmt.Errorf("failed to setup transport for upstream: %w", err)
}

if configFileName := o.ConfigFileName; len(configFileName) > 0 {
if configFileName := o.AuthzConfigFileName; len(configFileName) > 0 {
krpInfo.Authorization, err = parseAuthorizationConfigFile(configFileName)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not necessarily part of the issue, but I don't think that this is necessary: configFileName := o.AuthzConfigFileName. Maybe we could drop configFileName and just use o.AuthzConfigFileName in parseAuthorizationConfigFile.

if err != nil {
return fmt.Errorf("failed to read the config file: %w", err)
Expand Down
Loading