🐛 pkg/server: ensure that home workspace handler gets authz with audit …

[s-urbaniak]

…logging

Summary

This resolves #2627
This resolves #2627
This resolves #2627
This resolves #2627

Related issue(s)

Fixes #2627

[p0lyn0mial]

isn't authorizerWithoutAudit what we pass to WithHomeWorkspaces ? (line 342)

[s-urbaniak]

if I don't pass it there, I don't get audits at all.

[s-urbaniak]

let me retest 🤔

[s-urbaniak]

yeah, i believe something changed and WithHomeWorkspaces now hosts regular workspaces as well after the refactoring? (not sure)

[s-urbaniak]

my audit logs are empty with what is in main without this PR.

[p0lyn0mial]

shouldn't we be passing an authoriser decorated with authorization.EnableAuditLogging ?

[s-urbaniak]

yes, that's done in line 335 👍

[s-urbaniak]

genericConfig.Authorization.Authorizer = authorization.EnableAuditLogging(genericConfig.Authorization.Authorizer)

[p0lyn0mial]

don't we pass genericConfig.Authorization.Authorizer which is overwritten in line 337 (authorizerWithoutAudit) to WithHomeWorkspaces?

[s-urbaniak]

he, yes, that's confusing 😆 You're right, but the audit enabled handler is given to the wrapped apiHandler. I'll comment to make it clearer 👍

[p0lyn0mial]

/lgtm
/approve

thanks for the comment!

[sttts]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: p0lyn0mial, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [sttts]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[p0lyn0mial]

/lgtm