Merge pull request #15 from carmark/list_bug

add admin's username into white list instead of tenant

Author: feiskyer

pkg/api/types.go

@@ -144,8 +144,8 @@ type ObjectMeta struct {
 }
 
 const (
-	// TenantAdmin
-	TenantAdmin string = "admin"
+	// UserAdmin the username of the administrator
+	UserAdmin string = "admin"
 	// TenantDefault
 	TenantDefault string = "default"
 	// TenantAll is the default argument to specify on a context when you want to list or filter resources across all tenants

pkg/apiserver/resthandler.go

@@ -281,7 +281,8 @@ func ListResource(r rest.Lister, rw rest.Watcher, scope RequestScope, forceWatch
 		}
 		//
 		url := req.Request.URL.String()
-		if strings.Index(url, "https://") == 0 {
+		userinfo, _ := api.UserFrom(ctx)
+		if strings.Index(url, "https://") == 0 && userinfo.GetName() != api.UserAdmin {
 			tenant := api.TenantValue(ctx)
 			if err := filterListInTenant(result, tenant, scope.Kind, scope.Namer); err != nil {
 				errorJSON(err, scope.Codec, w)
@@ -833,9 +834,6 @@ func filterListInTenant(obj runtime.Object, tenant string, kind string, namer Sc
 	if !runtime.IsListType(obj) {
 		return nil
 	}
-	if tenant == api.TenantAdmin {
-		return nil
-	}
 
 	// Set self-link of objects in the list.
 	items, err := runtime.ExtractList(obj)

pkg/auth/authorizer/keystone/keystone.go

@@ -143,6 +143,7 @@ func (ka *keystoneAuthorizer) Authorize(a authorizer.Attributes) (string, error)
 
 func isWhiteListedUser(username string) bool {
 	whiteList := map[string]bool{
+		api.UserAdmin:               true,
 		"kubelet":                   true,
 		"kube_proxy":                true,
 		"system:scheduler":          true,