Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prevent audit filter from panic-ing on missing user info #38717

Merged
merged 1 commit into from
Dec 13, 2016
Merged

prevent audit filter from panic-ing on missing user info #38717

merged 1 commit into from
Dec 13, 2016

Conversation

deads2k
Copy link
Contributor

@deads2k deads2k commented Dec 13, 2016
edited
Loading

Fixes #38716. That bug crashes the API server when audit is on and there's no user on the request.

This performs a nil check on the GetUser() before using it.

Fixes issue where if the audit log is enabled and anonymous authentication is disabled, then an unauthenticated user request will cause a panic and crash the `kube-apiserver`.

@sleepbrett @saad-ali

@deads2k deads2k added the priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. label Dec 13, 2016
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 13, 2016
@k8s-reviewable
Copy link

This change is Reviewable

@k8s-github-robot
Copy link

This PR is not for the master branch but does not have the cherrypick-approved label. Adding the do-not-merge label.

@k8s-github-robot k8s-github-robot added do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Dec 13, 2016
@deads2k deads2k mentioned this pull request Dec 13, 2016
Merged
@deads2k
Copy link
Contributor Author

deads2k commented Dec 13, 2016

master pull is here: #38720

@deads2k deads2k force-pushed the 1.5-fix-impersonation branch from 9771b89 to 5fd81a3 Compare December 13, 2016 18:35
@saad-ali saad-ali requested a review from erictune December 13, 2016 19:05
@saad-ali saad-ali added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Dec 13, 2016
@saad-ali
Copy link
Member

erictune approved these changes 5 minutes ago

Adding label:

/lgtm

@saad-ali saad-ali added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 13, 2016
@saad-ali
Copy link
Member

All checks are green:

Jenkins CRI GCE Node e2e — Build succeeded.
Jenkins GCE Node e2e — Build succeeded.
Jenkins GCE e2e — Build succeeded.
Jenkins GCE etcd3 e2e — Build succeeded.
Jenkins GCI GCE e2e — Build succeeded.
Jenkins GCI GKE smoke e2e — Build succeeded.
Jenkins GKE smoke e2e — Build succeeded.
Jenkins Kubemark GCE e2e — Build succeeded.
Jenkins unit/integration — Build succeeded.
Jenkins verification — Build succeeded.
cla/linuxfoundation — deads2k authorized

Manually merging for v1.5.1 release.

@saad-ali saad-ali added this to the v1.5 milestone Dec 13, 2016
@saad-ali saad-ali removed the do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. label Dec 13, 2016
@saad-ali saad-ali merged commit 4a840bd into kubernetes:release-1.5 Dec 13, 2016
@calebamiles calebamiles mentioned this pull request Dec 13, 2016
Closed
k8s-github-robot pushed a commit that referenced this pull request Dec 14, 2016
Merge pull request #38720 from deads2k/api-51-fix-impersonation
11c1cd8 
Automatic merge from submit-queue

prevent audit filter from panic-ing on missing user info

master version of #38717
This was referenced Dec 16, 2016
Merged
Merged
@deads2k deads2k deleted the 1.5-fix-impersonation branch February 1, 2017 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erictune erictune erictune approved these changes

Assignees

@lavalamp lavalamp

@erictune erictune

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.5
Development

Successfully merging this pull request may close these issues.
7 participants
@deads2k @k8s-reviewable @k8s-github-robot @saad-ali @erictune @lavalamp @k8s-ci-robot