Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Inaccurate logging when RBAC Authorizer returns DecisionNoOpinion #89458
I tried reading the code to figure out what the true story is. I discovered that the RBAC Authorizer never returns DecisionDeny, it uses DecisionNoOpinion instead. But I noticed that it logs "RBAC DENY".
It appears that #53273 changed the decision from binary to three-way, but did not update the log message.
The user-facing documentation only subtly implies that an Authorizer has three choices, which leads to confusing and inconsistent documentation for the careful reader. Perpetuating the muddle in the logging only makes it worse.
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?: