Commit a186a18
fix(auth): remove check restricting empty UID to handle
* fix(auth): allow empty UID for kube:admin bootstrap user
SelfSubjectReview and the OpenShift User API return no UID for kube:admin,
which is expected for the bootstrap admin. PR #134 rejected empty UIDs and
broke web terminal auth on clusters where oc whoami is kube:admin.
Restore pre-#134 semantics for empty UID while keeping SelfSubjectReview as
the primary lookup for external authentication (WTO-399).
Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Rohan Kumar <rohaan@redhat.com>
* fix(auth): prefer OpenShift User API for UID lookup with SSR fallback
Resolve kube:admin via the OpenShift User API first, allowing empty UID
for bootstrap users, and fall back to SelfSubjectReview only when the User
API is unavailable while rejecting empty UIDs on that path.
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>kube:admin bootstrap user scenario (#135)1 parent 381f3ba commit a186a18
2 files changed
Lines changed: 27 additions & 29 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
117 | 117 | | |
118 | 118 | | |
119 | 119 | | |
120 | | - | |
| 120 | + | |
121 | 121 | | |
122 | 122 | | |
123 | 123 | | |
124 | 124 | | |
125 | | - | |
126 | | - | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
127 | 128 | | |
128 | 129 | | |
129 | 130 | | |
130 | 131 | | |
131 | 132 | | |
132 | | - | |
| 133 | + | |
133 | 134 | | |
134 | 135 | | |
135 | 136 | | |
| |||
166 | 167 | | |
167 | 168 | | |
168 | 169 | | |
169 | | - | |
170 | | - | |
171 | | - | |
172 | | - | |
173 | | - | |
174 | | - | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
175 | 173 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
46 | 46 | | |
47 | 47 | | |
48 | 48 | | |
49 | | - | |
| 49 | + | |
50 | 50 | | |
51 | | - | |
| 51 | + | |
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
56 | | - | |
| 56 | + | |
57 | 57 | | |
58 | | - | |
| 58 | + | |
| 59 | + | |
59 | 60 | | |
60 | | - | |
| 61 | + | |
61 | 62 | | |
62 | 63 | | |
63 | | - | |
| 64 | + | |
64 | 65 | | |
65 | | - | |
66 | | - | |
| 66 | + | |
67 | 67 | | |
68 | | - | |
| 68 | + | |
69 | 69 | | |
70 | 70 | | |
71 | 71 | | |
72 | 72 | | |
73 | | - | |
74 | 73 | | |
| 74 | + | |
75 | 75 | | |
76 | 76 | | |
77 | 77 | | |
78 | 78 | | |
79 | | - | |
| 79 | + | |
80 | 80 | | |
81 | | - | |
| 81 | + | |
| 82 | + | |
82 | 83 | | |
83 | | - | |
| 84 | + | |
84 | 85 | | |
85 | 86 | | |
86 | | - | |
| 87 | + | |
87 | 88 | | |
88 | | - | |
89 | | - | |
90 | | - | |
| 89 | + | |
| 90 | + | |
91 | 91 | | |
92 | | - | |
| 92 | + | |
93 | 93 | | |
94 | 94 | | |
95 | 95 | | |
| |||
100 | 100 | | |
101 | 101 | | |
102 | 102 | | |
103 | | - | |
104 | 103 | | |
| 104 | + | |
105 | 105 | | |
106 | 106 | | |
107 | 107 | | |
| |||
0 commit comments