fix: gateway's http handler not configured properly and needs to igno…

…re protected path
TomatoAres · Feb 25, 2020 · 04d6ca3 · 04d6ca3
1 parent 9201991
commit 04d6ca3
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/cmd/tke-gateway/app/config/config.go b/cmd/tke-gateway/app/config/config.go
@@ -21,14 +21,15 @@ package config
 import (
  "context"
  "fmt"
+ "net/http"
+ "path/filepath"
+ "strings"
+
  gooidc "github.com/coreos/go-oidc"
  "golang.org/x/oauth2"
  "k8s.io/apiserver/pkg/authentication/request/anonymous"
  "k8s.io/apiserver/pkg/authorization/authorizerfactory"
  genericapiserver "k8s.io/apiserver/pkg/server"
- "net/http"
- "path/filepath"
- "strings"
  "tkestack.io/tke/cmd/tke-gateway/app/options"
  "tkestack.io/tke/pkg/apiserver"
  "tkestack.io/tke/pkg/apiserver/authentication/authenticator/oidc"
@@ -55,6 +56,7 @@ type Config struct {
  OIDCHTTPClient *http.Client
  OIDCAuthenticator *oidc.Authenticator
  GatewayConfig *gatewayconfig.GatewayConfiguration
+ IgnoreAuthPathPrefixes []string
 }
 
 // CreateConfigFromOptions creates a running configuration instance based
@@ -131,6 +133,7 @@ func CreateConfigFromOptions(serverName string, opts *options.Options) (*Config,
  OIDCHTTPClient: oidcHTTPClient,
  OIDCAuthenticator: oidcAuthenticator,
  GatewayConfig: gatewayConfig,
+ IgnoreAuthPathPrefixes: ignoreAuthPathPrefixes,
  }, nil
 }
 

diff --git a/cmd/tke-gateway/app/server.go b/cmd/tke-gateway/app/server.go
@@ -34,7 +34,7 @@ func CreateServerChain(cfg *config.Config, stopCh <-chan struct{}) (*genericapis
  }
 
  if cfg.InsecureServingInfo != nil {
- chain := handler.BuildHandlerChain(nil)
+ chain := handler.BuildHandlerChain(cfg.IgnoreAuthPathPrefixes)
  insecureHandlerChain := chain(gatewayServer.GenericAPIServer.UnprotectedHandler(), &gatewayConfig.GenericConfig.Config)
  if err := cfg.InsecureServingInfo.Serve(insecureHandlerChain, gatewayConfig.GenericConfig.RequestTimeout, stopCh); err != nil {
  return nil, err