Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
817cf701
Commit
817cf701
authored
Oct 31, 2018
by
Mike Danese
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
move audience context functions to authenticator package
parent
dc239741
Show whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
30 additions
and
29 deletions
+30
-29
BUILD
...c/k8s.io/apiserver/pkg/authentication/authenticator/BUILD
+2
-2
audiences.go
...o/apiserver/pkg/authentication/authenticator/audiences.go
+21
-0
audiences_test.go
...server/pkg/authentication/authenticator/audiences_test.go
+0
-0
BUILD
...s.io/apiserver/pkg/authentication/request/anonymous/BUILD
+0
-1
anonymous.go
...iserver/pkg/authentication/request/anonymous/anonymous.go
+1
-2
BUILD
...src/k8s.io/apiserver/pkg/authentication/token/cache/BUILD
+0
-2
cached_token_authenticator.go
.../authentication/token/cache/cached_token_authenticator.go
+1
-2
cached_token_authenticator_test.go
...entication/token/cache/cached_token_authenticator_test.go
+3
-4
authentication.go
.../k8s.io/apiserver/pkg/endpoints/filters/authentication.go
+1
-1
BUILD
staging/src/k8s.io/apiserver/pkg/endpoints/request/BUILD
+0
-1
context.go
...ing/src/k8s.io/apiserver/pkg/endpoints/request/context.go
+0
-12
deprecated_insecure_serving.go
...8s.io/apiserver/pkg/server/deprecated_insecure_serving.go
+1
-2
No files found.
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/BUILD
View file @
817cf701
...
@@ -5,7 +5,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
...
@@ -5,7 +5,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
go_library(
go_library(
name = "go_default_library",
name = "go_default_library",
srcs = [
srcs = [
"
helper
s.go",
"
audience
s.go",
"interfaces.go",
"interfaces.go",
],
],
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/authentication/authenticator",
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/authentication/authenticator",
...
@@ -28,6 +28,6 @@ filegroup(
...
@@ -28,6 +28,6 @@ filegroup(
go_test(
go_test(
name = "go_default_test",
name = "go_default_test",
srcs = ["
helper
s_test.go"],
srcs = ["
audience
s_test.go"],
embed = [":go_default_library"],
embed = [":go_default_library"],
)
)
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/
helper
s.go
→
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/
audience
s.go
View file @
817cf701
...
@@ -16,9 +16,30 @@ limitations under the License.
...
@@ -16,9 +16,30 @@ limitations under the License.
package
authenticator
package
authenticator
import
"context"
// Audiences is a container for the Audiences of a token.
// Audiences is a container for the Audiences of a token.
type
Audiences
[]
string
type
Audiences
[]
string
// The key type is unexported to prevent collisions
type
key
int
const
(
// audiencesKey is the context key for request audiences.
audiencesKey
key
=
iota
)
// WithAudiences returns a context that stores a request's expected audiences.
func
WithAudiences
(
ctx
context
.
Context
,
auds
Audiences
)
context
.
Context
{
return
context
.
WithValue
(
ctx
,
audiencesKey
,
auds
)
}
// AudiencesFrom returns a request's expected audiences stored in the request context.
func
AudiencesFrom
(
ctx
context
.
Context
)
(
Audiences
,
bool
)
{
auds
,
ok
:=
ctx
.
Value
(
audiencesKey
)
.
(
Audiences
)
return
auds
,
ok
}
// Has checks if Audiences contains a specific audiences.
// Has checks if Audiences contains a specific audiences.
func
(
a
Audiences
)
Has
(
taud
string
)
bool
{
func
(
a
Audiences
)
Has
(
taud
string
)
bool
{
for
_
,
aud
:=
range
a
{
for
_
,
aud
:=
range
a
{
...
...
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/
helper
s_test.go
→
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/
audience
s_test.go
View file @
817cf701
File moved
staging/src/k8s.io/apiserver/pkg/authentication/request/anonymous/BUILD
View file @
817cf701
...
@@ -25,7 +25,6 @@ go_library(
...
@@ -25,7 +25,6 @@ go_library(
deps = [
deps = [
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
],
],
)
)
...
...
staging/src/k8s.io/apiserver/pkg/authentication/request/anonymous/anonymous.go
View file @
817cf701
...
@@ -21,7 +21,6 @@ import (
...
@@ -21,7 +21,6 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
)
)
const
(
const
(
...
@@ -32,7 +31,7 @@ const (
...
@@ -32,7 +31,7 @@ const (
func
NewAuthenticator
()
authenticator
.
Request
{
func
NewAuthenticator
()
authenticator
.
Request
{
return
authenticator
.
RequestFunc
(
func
(
req
*
http
.
Request
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
return
authenticator
.
RequestFunc
(
func
(
req
*
http
.
Request
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
auds
,
_
:=
request
.
AudiencesFrom
(
req
.
Context
())
auds
,
_
:=
authenticator
.
AudiencesFrom
(
req
.
Context
())
return
&
authenticator
.
Response
{
return
&
authenticator
.
Response
{
User
:
&
user
.
DefaultInfo
{
User
:
&
user
.
DefaultInfo
{
Name
:
anonymousUser
,
Name
:
anonymousUser
,
...
...
staging/src/k8s.io/apiserver/pkg/authentication/token/cache/BUILD
View file @
817cf701
...
@@ -17,7 +17,6 @@ go_test(
...
@@ -17,7 +17,6 @@ go_test(
"//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
"//vendor/github.com/pborman/uuid:go_default_library",
"//vendor/github.com/pborman/uuid:go_default_library",
],
],
)
)
...
@@ -35,7 +34,6 @@ go_library(
...
@@ -35,7 +34,6 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/util/cache:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/cache:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
],
],
)
)
...
...
staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go
View file @
817cf701
...
@@ -23,7 +23,6 @@ import (
...
@@ -23,7 +23,6 @@ import (
utilclock
"k8s.io/apimachinery/pkg/util/clock"
utilclock
"k8s.io/apimachinery/pkg/util/clock"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/endpoints/request"
)
)
// cacheRecord holds the three return values of the authenticator.Token AuthenticateToken method
// cacheRecord holds the three return values of the authenticator.Token AuthenticateToken method
...
@@ -67,7 +66,7 @@ func newWithClock(authenticator authenticator.Token, successTTL, failureTTL time
...
@@ -67,7 +66,7 @@ func newWithClock(authenticator authenticator.Token, successTTL, failureTTL time
// AuthenticateToken implements authenticator.Token
// AuthenticateToken implements authenticator.Token
func
(
a
*
cachedTokenAuthenticator
)
AuthenticateToken
(
ctx
context
.
Context
,
token
string
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
func
(
a
*
cachedTokenAuthenticator
)
AuthenticateToken
(
ctx
context
.
Context
,
token
string
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
auds
,
_
:=
request
.
AudiencesFrom
(
ctx
)
auds
,
_
:=
authenticator
.
AudiencesFrom
(
ctx
)
key
:=
keyFunc
(
auds
,
token
)
key
:=
keyFunc
(
auds
,
token
)
if
record
,
ok
:=
a
.
cache
.
get
(
key
);
ok
{
if
record
,
ok
:=
a
.
cache
.
get
(
key
);
ok
{
...
...
staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator_test.go
View file @
817cf701
...
@@ -25,7 +25,6 @@ import (
...
@@ -25,7 +25,6 @@ import (
utilclock
"k8s.io/apimachinery/pkg/util/clock"
utilclock
"k8s.io/apimachinery/pkg/util/clock"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
)
)
func
TestCachedTokenAuthenticator
(
t
*
testing
.
T
)
{
func
TestCachedTokenAuthenticator
(
t
*
testing
.
T
)
{
...
@@ -109,7 +108,7 @@ func TestCachedTokenAuthenticator(t *testing.T) {
...
@@ -109,7 +108,7 @@ func TestCachedTokenAuthenticator(t *testing.T) {
func
TestCachedTokenAuthenticatorWithAudiences
(
t
*
testing
.
T
)
{
func
TestCachedTokenAuthenticatorWithAudiences
(
t
*
testing
.
T
)
{
resultUsers
:=
make
(
map
[
string
]
user
.
Info
)
resultUsers
:=
make
(
map
[
string
]
user
.
Info
)
fakeAuth
:=
authenticator
.
TokenFunc
(
func
(
ctx
context
.
Context
,
token
string
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
fakeAuth
:=
authenticator
.
TokenFunc
(
func
(
ctx
context
.
Context
,
token
string
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
auds
,
_
:=
request
.
AudiencesFrom
(
ctx
)
auds
,
_
:=
authenticator
.
AudiencesFrom
(
ctx
)
return
&
authenticator
.
Response
{
User
:
resultUsers
[
auds
[
0
]
+
token
]},
true
,
nil
return
&
authenticator
.
Response
{
User
:
resultUsers
[
auds
[
0
]
+
token
]},
true
,
nil
})
})
fakeClock
:=
utilclock
.
NewFakeClock
(
time
.
Now
())
fakeClock
:=
utilclock
.
NewFakeClock
(
time
.
Now
())
...
@@ -119,10 +118,10 @@ func TestCachedTokenAuthenticatorWithAudiences(t *testing.T) {
...
@@ -119,10 +118,10 @@ func TestCachedTokenAuthenticatorWithAudiences(t *testing.T) {
resultUsers
[
"audAusertoken1"
]
=
&
user
.
DefaultInfo
{
Name
:
"user1"
}
resultUsers
[
"audAusertoken1"
]
=
&
user
.
DefaultInfo
{
Name
:
"user1"
}
resultUsers
[
"audBusertoken1"
]
=
&
user
.
DefaultInfo
{
Name
:
"user1-different"
}
resultUsers
[
"audBusertoken1"
]
=
&
user
.
DefaultInfo
{
Name
:
"user1-different"
}
if
u
,
ok
,
_
:=
a
.
AuthenticateToken
(
request
.
WithAudiences
(
context
.
Background
(),
[]
string
{
"audA"
}),
"usertoken1"
);
!
ok
||
u
.
User
.
GetName
()
!=
"user1"
{
if
u
,
ok
,
_
:=
a
.
AuthenticateToken
(
authenticator
.
WithAudiences
(
context
.
Background
(),
[]
string
{
"audA"
}),
"usertoken1"
);
!
ok
||
u
.
User
.
GetName
()
!=
"user1"
{
t
.
Errorf
(
"Expected user1"
)
t
.
Errorf
(
"Expected user1"
)
}
}
if
u
,
ok
,
_
:=
a
.
AuthenticateToken
(
request
.
WithAudiences
(
context
.
Background
(),
[]
string
{
"audB"
}),
"usertoken1"
);
!
ok
||
u
.
User
.
GetName
()
!=
"user1-different"
{
if
u
,
ok
,
_
:=
a
.
AuthenticateToken
(
authenticator
.
WithAudiences
(
context
.
Background
(),
[]
string
{
"audB"
}),
"usertoken1"
);
!
ok
||
u
.
User
.
GetName
()
!=
"user1-different"
{
t
.
Errorf
(
"Expected user1-different"
)
t
.
Errorf
(
"Expected user1-different"
)
}
}
}
}
staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go
View file @
817cf701
...
@@ -57,7 +57,7 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed
...
@@ -57,7 +57,7 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed
}
}
return
http
.
HandlerFunc
(
func
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
)
{
return
http
.
HandlerFunc
(
func
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
)
{
if
len
(
apiAuds
)
>
0
{
if
len
(
apiAuds
)
>
0
{
req
=
req
.
WithContext
(
genericapirequest
.
WithAudiences
(
req
.
Context
(),
apiAuds
))
req
=
req
.
WithContext
(
authenticator
.
WithAudiences
(
req
.
Context
(),
apiAuds
))
}
}
resp
,
ok
,
err
:=
auth
.
AuthenticateRequest
(
req
)
resp
,
ok
,
err
:=
auth
.
AuthenticateRequest
(
req
)
if
err
!=
nil
||
!
ok
{
if
err
!=
nil
||
!
ok
{
...
...
staging/src/k8s.io/apiserver/pkg/endpoints/request/BUILD
View file @
817cf701
...
@@ -35,7 +35,6 @@ go_library(
...
@@ -35,7 +35,6 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
],
],
...
...
staging/src/k8s.io/apiserver/pkg/endpoints/request/context.go
View file @
817cf701
...
@@ -21,7 +21,6 @@ import (
...
@@ -21,7 +21,6 @@ import (
metav1
"k8s.io/apimachinery/pkg/apis/meta/v1"
metav1
"k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/apis/audit"
"k8s.io/apiserver/pkg/apis/audit"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/authentication/user"
)
)
...
@@ -95,14 +94,3 @@ func AuditEventFrom(ctx context.Context) *audit.Event {
...
@@ -95,14 +94,3 @@ func AuditEventFrom(ctx context.Context) *audit.Event {
ev
,
_
:=
ctx
.
Value
(
auditKey
)
.
(
*
audit
.
Event
)
ev
,
_
:=
ctx
.
Value
(
auditKey
)
.
(
*
audit
.
Event
)
return
ev
return
ev
}
}
// WithAudiences returns a context that stores a request's expected audiences.
func
WithAudiences
(
ctx
context
.
Context
,
auds
authenticator
.
Audiences
)
context
.
Context
{
return
context
.
WithValue
(
ctx
,
audiencesKey
,
auds
)
}
// AudiencesFrom returns a request's expected audiences stored in the request context.
func
AudiencesFrom
(
ctx
context
.
Context
)
(
authenticator
.
Audiences
,
bool
)
{
auds
,
ok
:=
ctx
.
Value
(
audiencesKey
)
.
(
authenticator
.
Audiences
)
return
auds
,
ok
}
staging/src/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go
View file @
817cf701
...
@@ -25,7 +25,6 @@ import (
...
@@ -25,7 +25,6 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/client-go/rest"
"k8s.io/client-go/rest"
)
)
...
@@ -80,7 +79,7 @@ func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config,
...
@@ -80,7 +79,7 @@ func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config,
type
InsecureSuperuser
struct
{}
type
InsecureSuperuser
struct
{}
func
(
InsecureSuperuser
)
AuthenticateRequest
(
req
*
http
.
Request
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
func
(
InsecureSuperuser
)
AuthenticateRequest
(
req
*
http
.
Request
)
(
*
authenticator
.
Response
,
bool
,
error
)
{
auds
,
_
:=
request
.
AudiencesFrom
(
req
.
Context
())
auds
,
_
:=
authenticator
.
AudiencesFrom
(
req
.
Context
())
return
&
authenticator
.
Response
{
return
&
authenticator
.
Response
{
User
:
&
user
.
DefaultInfo
{
User
:
&
user
.
DefaultInfo
{
Name
:
"system:unsecured"
,
Name
:
"system:unsecured"
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment