From 8026497e08aafe9fa62944d7ac8f661abce4f3c1 Mon Sep 17 00:00:00 2001 From: xdonggao Date: Wed, 23 Nov 2022 10:31:06 +0800 Subject: [PATCH] fix: inspect cluster without privilegedUsername --- pkg/auth/filter/filter.go | 12 +++++++----- pkg/platform/registry/cluster/strategy.go | 3 ++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/auth/filter/filter.go b/pkg/auth/filter/filter.go index 3b81f9caa..f82656393 100644 --- a/pkg/auth/filter/filter.go +++ b/pkg/auth/filter/filter.go @@ -21,7 +21,6 @@ package filter import ( "fmt" "net/http" - "net/http/httputil" "strconv" "strings" genericoidc "tkestack.io/tke/pkg/apiserver/authentication/authenticator/oidc" @@ -78,11 +77,14 @@ func ExtractClusterNames(ctx context.Context, req *http.Request, resource string clusterNames.Insert(clusterName) } - clusterNames.Insert(cluster.NamePattern.FindAllString(resource, -1)...) + filterResourceClusterNames := cluster.ClusterPattern.FindAllString(resource, -1) + for _, filterClusterName := range filterResourceClusterNames { + clusterNames.Insert(cluster.NamePattern.FindAllString(filterClusterName, -1)...) + } - data, err := httputil.DumpRequest(req, true) - if err == nil { - clusterNames.Insert(cluster.NamePattern.FindAllString(string(data), -1)...) + filterURLClusterNames := cluster.ClusterPattern.FindAllString(req.URL.String(), -1) + for _, filterClusterName := range filterURLClusterNames { + clusterNames.Insert(cluster.NamePattern.FindAllString(filterClusterName, -1)...) } return clusterNames.List() diff --git a/pkg/platform/registry/cluster/strategy.go b/pkg/platform/registry/cluster/strategy.go index 76837ef49..787a326fd 100644 --- a/pkg/platform/registry/cluster/strategy.go +++ b/pkg/platform/registry/cluster/strategy.go @@ -50,7 +50,8 @@ const ( ) var ( - NamePattern = regexp.MustCompile(`(cls-[a-z0-9]+|global)`) + ClusterPattern = regexp.MustCompile(`(/clusters/cls-[a-z0-9]+|/clusters/global)`) + NamePattern = regexp.MustCompile(`(cls-[a-z0-9]+|global)`) ) // Strategy implements verification logic for cluster.