Address review comments

rgruchalski-klarrio · rgruchalski-klarrio · commit d79e4be98398 · 2024-03-04T09:02:55.000+01:00
Signed-off-by: Radek Gruchalski &lt;radek.gruchalski@klarrio.com&gt;
diff --git a/internal/request/http.go b/internal/request/http.go
@@ -16,14 +16,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-var defaultServiceAccountGroups = []string{
-	serviceaccount.AllServiceAccountsGroup,
-	user.AllAuthenticated}
-
-func GetDefaultServiceAccountGroups() []string {
-	return defaultServiceAccountGroups
-}
-
 type http struct {
 	*h.Request
 	authTypes                  []AuthType
@@ -43,7 +35,6 @@ func (h http) GetHTTPRequest() *h.Request {
 
 //nolint:funlen
 func (h http) GetUserAndGroups() (username string, groups []string, err error) {
-
 	for _, fn := range h.authenticationFns() {
 		// User authentication data is extracted according to the preferred order:
 		// in case of first match blocking the iteration
@@ -119,7 +110,8 @@ func (h http) GetUserAndGroups() (username string, groups []string, err error) {
 			// - system:authenticated
 			if namespace, _, err := serviceaccount.SplitUsername(username); err == nil {
 				groups = append(groups, fmt.Sprintf("%s%s", serviceaccount.ServiceAccountGroupPrefix, namespace))
-				groups = append(groups, defaultServiceAccountGroups...)
+				groups = append(groups, serviceaccount.AllServiceAccountsGroup)
+				groups = append(groups, user.AllAuthenticated)
 			}
 		}()
 	}
diff --git a/internal/request/http_test.go b/internal/request/http_test.go
@@ -17,6 +17,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"k8s.io/apiserver/pkg/authentication/serviceaccount"
+	"k8s.io/apiserver/pkg/authentication/user"
 
 	"github.com/projectcapsule/capsule-proxy/internal/request"
 )
@@ -127,11 +128,12 @@ func Test_http_GetUserAndGroups(t *testing.T) {
 				client: testClient(func(ctx context.Context, obj client.Object) error {
 					ac := obj.(*authorizationv1.SubjectAccessReview)
 					ac.Status.Allowed = true
+
 					return nil
 				}),
 			},
 			wantUsername: serviceaccount.ServiceAccountUsernamePrefix + "ns:account",
-			wantGroups:   append([]string{fmt.Sprintf("%s%s", serviceaccount.ServiceAccountGroupPrefix, "ns")}, request.GetDefaultServiceAccountGroups()...),
+			wantGroups:   []string{fmt.Sprintf("%s%s", serviceaccount.ServiceAccountGroupPrefix, "ns"), serviceaccount.AllServiceAccountsGroup, user.AllAuthenticated},
 			wantErr:      false,
 		},
 		{
