feat: make path for /auth/ and apikey password unprotected in gateway (…

…tkestack#217)
TomatoAres · Mar 27, 2020 · dbefdde · dbefdde
1 parent 06df0a7
commit dbefdde
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/pkg/auth/apiserver/apiserver.go b/pkg/auth/apiserver/apiserver.go
@@ -54,11 +54,17 @@ import (
  "tkestack.io/tke/pkg/util/log"
 )
 
+const (
+ OIDCPath = "/oidc/"
+ AuthPath = "/auth/"
+ APIKeyPasswordPath = "/apis/auth.tkestack.io/v1/apikeys/default/password"
+)
+
 func IgnoreAuthPathPrefixes() []string {
  return []string{
- "/oidc/",
- "/auth/",
- "/apis/auth.tkestack.io/v1/apikeys/default/password",
+ OIDCPath,
+ AuthPath,
+ APIKeyPasswordPath,
  }
 }
 

diff --git a/pkg/gateway/proxy/proxy.go b/pkg/gateway/proxy/proxy.go
@@ -20,6 +20,7 @@ package proxy
 
 import (
  "fmt"
+
  "k8s.io/apiserver/pkg/server/mux"
  "tkestack.io/tke/api/auth"
  "tkestack.io/tke/api/business"
@@ -31,6 +32,7 @@ import (
  "tkestack.io/tke/pkg/gateway/proxy/handler/frontproxy"
  "tkestack.io/tke/pkg/gateway/proxy/handler/passthrough"
  platformapiserver "tkestack.io/tke/pkg/platform/apiserver"
+ authapiserver "tkestack.io/tke/pkg/auth/apiserver"
  "tkestack.io/tke/pkg/registry/chartmuseum"
  "tkestack.io/tke/pkg/registry/distribution"
  "tkestack.io/tke/pkg/util/log"
@@ -78,6 +80,14 @@ func componentPrefix() map[moduleName][]modulePath {
  prefix: fmt.Sprintf("%s/%s/", apiPrefix, auth.GroupName),
  protected: true,
  },
+ modulePath{
+ prefix: authapiserver.AuthPath,
+ protected: false,
+ },
+ modulePath{
+ prefix: fmt.Sprintf("%s/", authapiserver.APIKeyPasswordPath),
+ protected: false,
+ },
  },
  moduleNameMonitor: {
  modulePath{