fix: inspect cluster without privilegedUsername

tkestack · Nov 23, 2022 · 541dc21 · 541dc21
1 parent 477ea6b
commit 541dc21
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 11 deletions.
diff --git a/pkg/auth/filter/filter.go b/pkg/auth/filter/filter.go
@@ -21,7 +21,6 @@ package filter
 import (
 	"fmt"
 	"net/http"
-	"net/http/httputil"
 	"strconv"
 	"strings"
 	genericoidc "tkestack.io/tke/pkg/apiserver/authentication/authenticator/oidc"
@@ -79,12 +78,16 @@ func ExtractClusterNames(ctx context.Context, req *http.Request, resource string
 	}
 
 	clusterNames.Insert(cluster.NamePattern.FindAllString(resource, -1)...)
-
-	data, err := httputil.DumpRequest(req, true)
-	if err == nil {
-		clusterNames.Insert(cluster.NamePattern.FindAllString(string(data), -1)...)
+	filterClusterNames := cluster.ClusterPattern.FindAllString(req.URL.String(), -1)
+	for _, filterClusterName := range filterClusterNames {
+		clusterNames.Insert(cluster.NamePattern.FindAllString(filterClusterName, -1)...)
 	}
 
+	// data, err := httputil.DumpRequest(req, false)
+	// if err == nil {
+	// 	clusterNames.Insert(cluster.NamePattern.FindAllString(string(data), -1)...)
+	// }
+
 	return clusterNames.List()
 }
 

diff --git a/pkg/auth/filter/inspector.go b/pkg/auth/filter/inspector.go
@@ -23,16 +23,14 @@ import (
 	"net/http"
 
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
-
-	platformv1 "tkestack.io/tke/api/client/clientset/versioned/typed/platform/v1"
-	"tkestack.io/tke/pkg/apiserver/authentication"
-	"tkestack.io/tke/pkg/util/log"
-
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	genericfilters "k8s.io/apiserver/pkg/endpoints/filters"
 	"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
 	"k8s.io/apiserver/pkg/endpoints/request"
 	genericapiserver "k8s.io/apiserver/pkg/server"
+	platformv1 "tkestack.io/tke/api/client/clientset/versioned/typed/platform/v1"
+	"tkestack.io/tke/pkg/apiserver/authentication"
+	"tkestack.io/tke/pkg/util/log"
 )
 
 type Inspector interface {

diff --git a/pkg/platform/registry/cluster/strategy.go b/pkg/platform/registry/cluster/strategy.go
@@ -50,7 +50,8 @@ const (
 )
 
 var (
-	NamePattern = regexp.MustCompile(`(cls-[a-z0-9]+|global)`)
+	ClusterPattern = regexp.MustCompile(`(/clusters/cls-[a-z0-9]+|/clusters/global)`)
+	NamePattern    = regexp.MustCompile(`(cls-[a-z0-9]+|global)`)
 )
 
 // Strategy implements verification logic for cluster.