From 3a4cd2dca6257996317c5bc11ece1504cd6bf2cc Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Fri, 1 Jul 2022 17:32:52 +0800
Subject: [PATCH] Fix: kube apply ignore userinfo for rt (#4300)

Signed-off-by: Somefive <yd219913@alibaba-inc.com>
(cherry picked from commit 2a9e741d4cd504535ea8fa4c4c6bb01179566215)

Co-authored-by: Somefive <yd219913@alibaba-inc.com>
---
 pkg/auth/userinfo.go           | 5 +++++
 pkg/resourcekeeper/dispatch.go | 1 +
 2 files changed, 6 insertions(+)

diff --git a/pkg/auth/userinfo.go b/pkg/auth/userinfo.go
index 5259b5045..7c512e870 100644
--- a/pkg/auth/userinfo.go
+++ b/pkg/auth/userinfo.go
@@ -47,6 +47,11 @@ func ContextWithUserInfo(ctx context.Context, app *v1beta1.Application) context.
 	return request.WithUser(ctx, GetUserInfoInAnnotation(&app.ObjectMeta))
 }
 
+// ContextClearUserInfo clear user info in context
+func ContextClearUserInfo(ctx context.Context) context.Context {
+	return request.WithUser(ctx, nil)
+}
+
 // SetUserInfoInAnnotation set username and group from userInfo into annotations
 // it will clear the existing service account annotation in avoid of permission leak
 func SetUserInfoInAnnotation(obj *metav1.ObjectMeta, userInfo authv1.UserInfo) {
diff --git a/pkg/resourcekeeper/dispatch.go b/pkg/resourcekeeper/dispatch.go
index 70c54a2ef..6baabe7d8 100644
--- a/pkg/resourcekeeper/dispatch.go
+++ b/pkg/resourcekeeper/dispatch.go
@@ -105,6 +105,7 @@ func (h *resourceKeeper) record(ctx context.Context, manifests []*unstructured.U
 	}
 
 	cfg := newDispatchConfig(options...)
+	ctx = auth.ContextClearUserInfo(ctx)
 	if len(rootManifests) != 0 {
 		rt, err := h.getRootRT(ctx)
 		if err != nil {