fix(kubernetes): clear user token from kube token cache on logout + update cluster rolebindings for user on change of team/user authorization [EE-6298] (#10603)

2023-11-10 10:06:50 +13:00
parent ddd30dd17a
commit 280a2fe093
13 changed files with 149 additions and 22 deletions
--- a/api/http/handler/auth/handler.go
+++ b/api/http/handler/auth/handler.go
@@ -24,6 +24,7 @@ type Handler struct {
 	ProxyManager                *proxy.Manager
 	KubernetesTokenCacheManager *kubernetes.TokenCacheManager
 	passwordStrengthChecker     security.PasswordStrengthChecker
+	bouncer                     security.BouncerService
 }

 // NewHandler creates a handler to manage authentication operations.
@@ -31,6 +32,7 @@ func NewHandler(bouncer security.BouncerService, rateLimiter *security.RateLimit
 	h := &Handler{
 		Router:                  mux.NewRouter(),
 		passwordStrengthChecker: passwordStrengthChecker,
+		bouncer:                 bouncer,
 	}

 	h.Handle("/auth/oauth/validate",
@@ -39,6 +41,5 @@ func NewHandler(bouncer security.BouncerService, rateLimiter *security.RateLimit
 		rateLimiter.LimitAccess(bouncer.PublicAccess(httperror.LoggerHandler(h.authenticate)))).Methods(http.MethodPost)
 	h.Handle("/auth/logout",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.logout))).Methods(http.MethodPost)
-
 	return h
 }