Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
33f59e43
Unverified
Commit
33f59e43
authored
May 31, 2018
by
Lucas Käldström
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Move helper funcs and constants to the client-go Bootstrap Token package from kubeadm
parent
d02cf08e
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
243 additions
and
13 deletions
+243
-13
OWNERS
staging/src/k8s.io/client-go/tools/bootstrap/token/OWNERS
+0
-0
doc.go
...ing/src/k8s.io/client-go/tools/bootstrap/token/api/doc.go
+2
-2
types.go
...g/src/k8s.io/client-go/tools/bootstrap/token/api/types.go
+17
-5
helpers.go
...rc/k8s.io/client-go/tools/bootstrap/token/util/helpers.go
+87
-6
helpers_test.go
...s.io/client-go/tools/bootstrap/token/util/helpers_test.go
+137
-0
No files found.
staging/src/k8s.io/client-go/tools/bootstrap/token/
api/
OWNERS
→
staging/src/k8s.io/client-go/tools/bootstrap/token/OWNERS
View file @
33f59e43
File moved
staging/src/k8s.io/client-go/tools/bootstrap/token/api/doc.go
View file @
33f59e43
...
...
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
// Package api (
pkg
/bootstrap/token/api) contains constants and types needed for
// Package api (
k8s.io/client-go/tools
/bootstrap/token/api) contains constants and types needed for
// bootstrap tokens as maintained by the BootstrapSigner and TokenCleaner
// controllers (in pkg/controller/bootstrap)
// controllers (in
k8s.io/kubernetes/
pkg/controller/bootstrap)
package
api
// import "k8s.io/client-go/tools/bootstrap/token/api"
staging/src/k8s.io/client-go/tools/bootstrap/token/api/types.go
View file @
33f59e43
...
...
@@ -86,14 +86,26 @@ const (
// authenticate as. The full username given is "system:bootstrap:<token-id>".
BootstrapUserPrefix
=
"system:bootstrap:"
// BootstrapGroupPattern is the valid regex pattern that all groups
// assigned to a bootstrap token by BootstrapTokenExtraGroupsKey must match.
// See also ValidateBootstrapGroupName().
BootstrapGroupPattern
=
"system:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]"
// BootstrapDefaultGroup is the default group for bootstrapping bearer
// tokens (in addition to any groups from BootstrapTokenExtraGroupsKey).
BootstrapDefaultGroup
=
"system:bootstrappers"
// BootstrapGroupPattern is the valid regex pattern that all groups
// assigned to a bootstrap token by BootstrapTokenExtraGroupsKey must match.
// See also util.ValidateBootstrapGroupName()
BootstrapGroupPattern
=
`\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z`
// BootstrapTokenPattern defines the {id}.{secret} regular expression pattern
BootstrapTokenPattern
=
`\A([a-z0-9]{6})\.([a-z0-9]{16})\z`
// BootstrapTokenIDPattern defines token's id regular expression pattern
BootstrapTokenIDPattern
=
`\A([a-z0-9]{6})\z`
// BootstrapTokenIDBytes defines the number of bytes used for the Bootstrap Token's ID field
BootstrapTokenIDBytes
=
6
// BootstrapTokenSecretBytes defines the number of bytes used the Bootstrap Token's Secret field
BootstrapTokenSecretBytes
=
16
)
// KnownTokenUsages specifies the known functions a token will get.
...
...
staging/src/k8s.io/client-go/tools/bootstrap/token/util/helpers.go
View file @
33f59e43
...
...
@@ -17,20 +17,101 @@ limitations under the License.
package
util
import
(
"bufio"
"crypto/rand"
"fmt"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/client-go/tools/bootstrap/token/api"
"regexp"
"strings"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/client-go/tools/bootstrap/token/api"
)
// validBootstrapTokenChars defines the characters a bootstrap token can consist of
const
validBootstrapTokenChars
=
"0123456789abcdefghijklmnopqrstuvwxyz"
var
(
// BootstrapTokenRegexp is a compiled regular expression of TokenRegexpString
BootstrapTokenRegexp
=
regexp
.
MustCompile
(
api
.
BootstrapTokenPattern
)
// BootstrapTokenIDRegexp is a compiled regular expression of TokenIDRegexpString
BootstrapTokenIDRegexp
=
regexp
.
MustCompile
(
api
.
BootstrapTokenIDPattern
)
// BootstrapGroupRegexp is a compiled regular expression of BootstrapGroupPattern
BootstrapGroupRegexp
=
regexp
.
MustCompile
(
api
.
BootstrapGroupPattern
)
)
var
bootstrapGroupRegexp
=
regexp
.
MustCompile
(
`\A`
+
api
.
BootstrapGroupPattern
+
`\z`
)
// GenerateBootstrapToken generates a new, random Bootstrap Token.
func
GenerateBootstrapToken
()
(
string
,
error
)
{
tokenID
,
err
:=
randBytes
(
api
.
BootstrapTokenIDBytes
)
if
err
!=
nil
{
return
""
,
err
}
tokenSecret
,
err
:=
randBytes
(
api
.
BootstrapTokenSecretBytes
)
if
err
!=
nil
{
return
""
,
err
}
return
TokenFromIDAndSecret
(
tokenID
,
tokenSecret
),
nil
}
// randBytes returns a random string consisting of the characters in
// validBootstrapTokenChars, with the length customized by the parameter
func
randBytes
(
length
int
)
(
string
,
error
)
{
// len("0123456789abcdefghijklmnopqrstuvwxyz") = 36 which doesn't evenly divide
// the possible values of a byte: 256 mod 36 = 4. Discard any random bytes we
// read that are >= 252 so the bytes we evenly divide the character set.
const
maxByteValue
=
252
var
(
b
byte
err
error
token
=
make
([]
byte
,
length
)
)
reader
:=
bufio
.
NewReaderSize
(
rand
.
Reader
,
length
*
2
)
for
i
:=
range
token
{
for
{
if
b
,
err
=
reader
.
ReadByte
();
err
!=
nil
{
return
""
,
err
}
if
b
<
maxByteValue
{
break
}
}
token
[
i
]
=
validBootstrapTokenChars
[
int
(
b
)
%
len
(
validBootstrapTokenChars
)]
}
return
string
(
token
),
nil
}
// TokenFromIDAndSecret returns the full token which is of the form "{id}.{secret}"
func
TokenFromIDAndSecret
(
id
,
secret
string
)
string
{
return
fmt
.
Sprintf
(
"%s.%s"
,
id
,
secret
)
}
// IsValidBootstrapToken returns whether the given string is valid as a Bootstrap Token and
// in other words satisfies the BootstrapTokenRegexp
func
IsValidBootstrapToken
(
token
string
)
bool
{
return
BootstrapTokenRegexp
.
MatchString
(
token
)
}
// IsValidBootstrapTokenID returns whether the given string is valid as a Bootstrap Token ID and
// in other words satisfies the BootstrapTokenIDRegexp
func
IsValidBootstrapTokenID
(
tokenID
string
)
bool
{
return
BootstrapTokenIDRegexp
.
MatchString
(
tokenID
)
}
// BootstrapTokenSecretName returns the expected name for the Secret storing the
// Bootstrap Token in the Kubernetes API.
func
BootstrapTokenSecretName
(
tokenID
string
)
string
{
return
fmt
.
Sprintf
(
"%s%s"
,
api
.
BootstrapTokenSecretPrefix
,
tokenID
)
}
// ValidateBootstrapGroupName checks if the provided group name is a valid
// bootstrap group name. Returns nil if valid or a validation error if invalid.
// TODO(mattmoyer): this validation should migrate out to client-go (see https://github.com/kubernetes/client-go/issues/114)
func
ValidateBootstrapGroupName
(
name
string
)
error
{
if
b
ootstrapGroupRegexp
.
Match
([]
byte
(
name
))
{
if
B
ootstrapGroupRegexp
.
Match
([]
byte
(
name
))
{
return
nil
}
return
fmt
.
Errorf
(
"bootstrap group %q is invalid (must match %s)"
,
name
,
api
.
BootstrapGroupPattern
)
...
...
@@ -46,7 +127,7 @@ func ValidateUsages(usages []string) error {
}
}
if
len
(
invalidUsages
)
>
0
{
return
fmt
.
Errorf
(
"invalid
e
bootstrap token usage string: %s, valid usage options: %s"
,
strings
.
Join
(
invalidUsages
.
List
(),
","
),
strings
.
Join
(
api
.
KnownTokenUsages
,
","
))
return
fmt
.
Errorf
(
"invalid bootstrap token usage string: %s, valid usage options: %s"
,
strings
.
Join
(
invalidUsages
.
List
(),
","
),
strings
.
Join
(
api
.
KnownTokenUsages
,
","
))
}
return
nil
}
staging/src/k8s.io/client-go/tools/bootstrap/token/util/helpers_test.go
View file @
33f59e43
...
...
@@ -21,6 +21,143 @@ import (
"testing"
)
func
TestGenerateBootstrapToken
(
t
*
testing
.
T
)
{
token
,
err
:=
GenerateBootstrapToken
()
if
err
!=
nil
{
t
.
Fatalf
(
"GenerateBootstrapToken returned an unexpected error: %+v"
,
err
)
}
if
!
IsValidBootstrapToken
(
token
)
{
t
.
Errorf
(
"GenerateBootstrapToken didn't generate a valid token: %q"
,
token
)
}
}
func
TestRandBytes
(
t
*
testing
.
T
)
{
var
randTest
=
[]
int
{
0
,
1
,
2
,
3
,
100
,
}
for
_
,
rt
:=
range
randTest
{
actual
,
err
:=
randBytes
(
rt
)
if
err
!=
nil
{
t
.
Errorf
(
"failed randBytes: %v"
,
err
)
}
if
len
(
actual
)
!=
rt
{
t
.
Errorf
(
"failed randBytes:
\n\t
expected: %d
\n\t
actual: %d
\n
"
,
rt
,
len
(
actual
))
}
}
}
func
TestTokenFromIDAndSecret
(
t
*
testing
.
T
)
{
var
tests
=
[]
struct
{
id
string
secret
string
expected
string
}{
{
"foo"
,
"bar"
,
"foo.bar"
},
// should use default
{
"abcdef"
,
"abcdef0123456789"
,
"abcdef.abcdef0123456789"
},
{
"h"
,
"b"
,
"h.b"
},
}
for
_
,
rt
:=
range
tests
{
actual
:=
TokenFromIDAndSecret
(
rt
.
id
,
rt
.
secret
)
if
actual
!=
rt
.
expected
{
t
.
Errorf
(
"failed TokenFromIDAndSecret:
\n\t
expected: %s
\n\t
actual: %s"
,
rt
.
expected
,
actual
,
)
}
}
}
func
TestIsValidBootstrapToken
(
t
*
testing
.
T
)
{
var
tests
=
[]
struct
{
token
string
expected
bool
}{
{
token
:
""
,
expected
:
false
},
{
token
:
"."
,
expected
:
false
},
{
token
:
"1234567890123456789012"
,
expected
:
false
},
// invalid parcel size
{
token
:
"12345.1234567890123456"
,
expected
:
false
},
// invalid parcel size
{
token
:
".1234567890123456"
,
expected
:
false
},
// invalid parcel size
{
token
:
"123456."
,
expected
:
false
},
// invalid parcel size
{
token
:
"123456:1234567890.123456"
,
expected
:
false
},
// invalid separation
{
token
:
"abcdef:1234567890123456"
,
expected
:
false
},
// invalid separation
{
token
:
"Abcdef.1234567890123456"
,
expected
:
false
},
// invalid token id
{
token
:
"123456.AABBCCDDEEFFGGHH"
,
expected
:
false
},
// invalid token secret
{
token
:
"123456.AABBCCD-EEFFGGHH"
,
expected
:
false
},
// invalid character
{
token
:
"abc*ef.1234567890123456"
,
expected
:
false
},
// invalid character
{
token
:
"abcdef.1234567890123456"
,
expected
:
true
},
{
token
:
"123456.aabbccddeeffgghh"
,
expected
:
true
},
{
token
:
"ABCDEF.abcdef0123456789"
,
expected
:
false
},
{
token
:
"abcdef.abcdef0123456789"
,
expected
:
true
},
{
token
:
"123456.1234560123456789"
,
expected
:
true
},
}
for
_
,
rt
:=
range
tests
{
actual
:=
IsValidBootstrapToken
(
rt
.
token
)
if
actual
!=
rt
.
expected
{
t
.
Errorf
(
"failed IsValidBootstrapToken for the token %q
\n\t
expected: %t
\n\t
actual: %t"
,
rt
.
token
,
rt
.
expected
,
actual
,
)
}
}
}
func
TestIsValidBootstrapTokenID
(
t
*
testing
.
T
)
{
var
tests
=
[]
struct
{
tokenID
string
expected
bool
}{
{
tokenID
:
""
,
expected
:
false
},
{
tokenID
:
"1234567890123456789012"
,
expected
:
false
},
{
tokenID
:
"12345"
,
expected
:
false
},
{
tokenID
:
"Abcdef"
,
expected
:
false
},
{
tokenID
:
"ABCDEF"
,
expected
:
false
},
{
tokenID
:
"abcdef."
,
expected
:
false
},
{
tokenID
:
"abcdef"
,
expected
:
true
},
{
tokenID
:
"123456"
,
expected
:
true
},
}
for
_
,
rt
:=
range
tests
{
actual
:=
IsValidBootstrapTokenID
(
rt
.
tokenID
)
if
actual
!=
rt
.
expected
{
t
.
Errorf
(
"failed IsValidBootstrapTokenID for the token %q
\n\t
expected: %t
\n\t
actual: %t"
,
rt
.
tokenID
,
rt
.
expected
,
actual
,
)
}
}
}
func
TestBootstrapTokenSecretName
(
t
*
testing
.
T
)
{
var
tests
=
[]
struct
{
tokenID
string
expected
string
}{
{
"foo"
,
"bootstrap-token-foo"
},
{
"bar"
,
"bootstrap-token-bar"
},
{
""
,
"bootstrap-token-"
},
{
"abcdef"
,
"bootstrap-token-abcdef"
},
}
for
_
,
rt
:=
range
tests
{
actual
:=
BootstrapTokenSecretName
(
rt
.
tokenID
)
if
actual
!=
rt
.
expected
{
t
.
Errorf
(
"failed BootstrapTokenSecretName:
\n\t
expected: %s
\n\t
actual: %s"
,
rt
.
expected
,
actual
,
)
}
}
}
func
TestValidateBootstrapGroupName
(
t
*
testing
.
T
)
{
tests
:=
[]
struct
{
name
string
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment