Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
c04fe8c2
Unverified
Commit
c04fe8c2
authored
Sep 14, 2018
by
k8s-ci-robot
Committed by
GitHub
Sep 14, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #66314 from jlowdermilk/cmdtokensource-reset
gcp client auth plugin: persist default cache on unauthorized
parents
516876b2
73e5e437
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
72 additions
and
23 deletions
+72
-23
gcp.go
...ng/src/k8s.io/client-go/plugin/pkg/client/auth/gcp/gcp.go
+22
-3
gcp_test.go
...c/k8s.io/client-go/plugin/pkg/client/auth/gcp/gcp_test.go
+50
-20
No files found.
staging/src/k8s.io/client-go/plugin/pkg/client/auth/gcp/gcp.go
View file @
c04fe8c2
...
...
@@ -174,7 +174,13 @@ func parseScopes(gcpConfig map[string]string) []string {
}
func
(
g
*
gcpAuthProvider
)
WrapTransport
(
rt
http
.
RoundTripper
)
http
.
RoundTripper
{
return
&
conditionalTransport
{
&
oauth2
.
Transport
{
Source
:
g
.
tokenSource
,
Base
:
rt
},
g
.
persister
}
var
resetCache
map
[
string
]
string
if
cts
,
ok
:=
g
.
tokenSource
.
(
*
cachedTokenSource
);
ok
{
resetCache
=
cts
.
baseCache
()
}
else
{
resetCache
=
make
(
map
[
string
]
string
)
}
return
&
conditionalTransport
{
&
oauth2
.
Transport
{
Source
:
g
.
tokenSource
,
Base
:
rt
},
g
.
persister
,
resetCache
}
}
func
(
g
*
gcpAuthProvider
)
Login
()
error
{
return
nil
}
...
...
@@ -247,6 +253,19 @@ func (t *cachedTokenSource) update(tok *oauth2.Token) map[string]string {
return
ret
}
// baseCache is the base configuration value for this TokenSource, without any cached ephemeral tokens.
func
(
t
*
cachedTokenSource
)
baseCache
()
map
[
string
]
string
{
t
.
lk
.
Lock
()
defer
t
.
lk
.
Unlock
()
ret
:=
map
[
string
]
string
{}
for
k
,
v
:=
range
t
.
cache
{
ret
[
k
]
=
v
}
delete
(
ret
,
"access-token"
)
delete
(
ret
,
"expiry"
)
return
ret
}
type
commandTokenSource
struct
{
cmd
string
args
[]
string
...
...
@@ -337,6 +356,7 @@ func parseJSONPath(input interface{}, name, template string) (string, error) {
type
conditionalTransport
struct
{
oauthTransport
*
oauth2
.
Transport
persister
restclient
.
AuthProviderConfigPersister
resetCache
map
[
string
]
string
}
var
_
net
.
RoundTripperWrapper
=
&
conditionalTransport
{}
...
...
@@ -354,8 +374,7 @@ func (t *conditionalTransport) RoundTrip(req *http.Request) (*http.Response, err
if
res
.
StatusCode
==
401
{
glog
.
V
(
4
)
.
Infof
(
"The credentials that were supplied are invalid for the target cluster"
)
emptyCache
:=
make
(
map
[
string
]
string
)
t
.
persister
.
Persist
(
emptyCache
)
t
.
persister
.
Persist
(
t
.
resetCache
)
}
return
res
,
nil
...
...
staging/src/k8s.io/client-go/plugin/pkg/client/auth/gcp/gcp_test.go
View file @
c04fe8c2
...
...
@@ -442,37 +442,61 @@ func (t *MockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
return
t
.
res
,
nil
}
func
Test
ClearingCredentials
(
t
*
testing
.
T
)
{
func
Test
_cmdTokenSource_roundTrip
(
t
*
testing
.
T
)
{
accessToken
:=
"fakeToken"
fakeExpiry
:=
time
.
Now
()
.
Add
(
time
.
Hour
)
cache
:=
map
[
string
]
string
{
"access-token"
:
"fakeToken"
,
"expiry"
:
fakeExpiry
.
String
(),
fakeExpiryStr
:=
fakeExpiry
.
Format
(
time
.
RFC3339Nano
)
fs
:=
&
fakeTokenSource
{
token
:
&
oauth2
.
Token
{
AccessToken
:
accessToken
,
Expiry
:
fakeExpiry
,
},
}
cts
:=
cachedTokenSource
{
source
:
nil
,
accessToken
:
cache
[
"access-token"
],
expiry
:
fakeExpiry
,
persister
:
nil
,
cache
:
nil
,
cmdCache
:=
map
[
string
]
string
{
"cmd-path"
:
"/path/to/tokensource/cmd"
,
"cmd-args"
:
"--output=json"
,
}
cmdCacheUpdated
:=
map
[
string
]
string
{
"cmd-path"
:
"/path/to/tokensource/cmd"
,
"cmd-args"
:
"--output=json"
,
"access-token"
:
accessToken
,
"expiry"
:
fakeExpiryStr
,
}
simpleCacheUpdated
:=
map
[
string
]
string
{
"access-token"
:
accessToken
,
"expiry"
:
fakeExpiryStr
,
}
tests
:=
[]
struct
{
name
string
res
http
.
Response
c
ache
map
[
string
]
string
name
string
res
http
.
Response
baseCache
,
expectedC
ache
map
[
string
]
string
}{
{
"Unauthorized"
,
http
.
Response
{
StatusCode
:
401
},
make
(
map
[
string
]
string
),
make
(
map
[
string
]
string
),
},
{
"Unauthorized, nonempty defaultCache"
,
http
.
Response
{
StatusCode
:
401
},
cmdCache
,
cmdCache
,
},
{
"Authorized"
,
http
.
Response
{
StatusCode
:
200
},
cache
,
make
(
map
[
string
]
string
),
simpleCacheUpdated
,
},
{
"Authorized, nonempty defaultCache"
,
http
.
Response
{
StatusCode
:
200
},
cmdCache
,
cmdCacheUpdated
,
},
}
...
...
@@ -480,17 +504,23 @@ func TestClearingCredentials(t *testing.T) {
req
:=
http
.
Request
{
Header
:
http
.
Header
{}}
for
_
,
tc
:=
range
tests
{
authProvider
:=
gcpAuthProvider
{
&
cts
,
persister
}
cts
,
err
:=
newCachedTokenSource
(
accessToken
,
fakeExpiry
.
String
(),
persister
,
fs
,
tc
.
baseCache
)
if
err
!=
nil
{
t
.
Fatalf
(
"unexpected error from newCachedTokenSource: %v"
,
err
)
}
authProvider
:=
gcpAuthProvider
{
cts
,
persister
}
fakeTransport
:=
MockTransport
{
&
tc
.
res
}
transport
:=
(
authProvider
.
WrapTransport
(
&
fakeTransport
))
persister
.
Persist
(
cache
)
// call Token to persist/update cache
if
_
,
err
:=
cts
.
Token
();
err
!=
nil
{
t
.
Fatalf
(
"unexpected error from cachedTokenSource.Token(): %v"
,
err
)
}
transport
.
RoundTrip
(
&
req
)
if
got
:=
persister
.
read
();
!
reflect
.
DeepEqual
(
got
,
tc
.
c
ache
)
{
t
.
Errorf
(
"got cache %v, want %v"
,
got
,
tc
.
c
ache
)
if
got
:=
persister
.
read
();
!
reflect
.
DeepEqual
(
got
,
tc
.
expectedC
ache
)
{
t
.
Errorf
(
"got cache %v, want %v"
,
got
,
tc
.
expectedC
ache
)
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment