Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
c279a53c
Commit
c279a53c
authored
Oct 12, 2017
by
Shyam Jeedigunta
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Optimize random string generator to avoid multiple locks & use bitmasking
parent
0564d529
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
41 additions
and
16 deletions
+41
-16
tokens_controller_test.go
pkg/controller/serviceaccount/tokens_controller_test.go
+8
-8
rand.go
staging/src/k8s.io/apimachinery/pkg/util/rand/rand.go
+33
-8
No files found.
pkg/controller/serviceaccount/tokens_controller_test.go
View file @
c279a53c
...
...
@@ -73,7 +73,7 @@ func tokenSecretReferences() []v1.ObjectReference {
// addTokenSecretReference adds a reference to the ServiceAccountToken that will be created
func
addTokenSecretReference
(
refs
[]
v1
.
ObjectReference
)
[]
v1
.
ObjectReference
{
return
addNamedTokenSecretReference
(
refs
,
"default-token-
stdp
g"
)
return
addNamedTokenSecretReference
(
refs
,
"default-token-
xn8f
g"
)
}
// addNamedTokenSecretReference adds a reference to the named ServiceAccountToken
...
...
@@ -118,9 +118,9 @@ func opaqueSecret() *v1.Secret {
}
// createdTokenSecret returns the ServiceAccountToken secret posted when creating a new token secret.
// Named "default-token-
stdp
g", since that is the first generated name after rand.Seed(1)
// Named "default-token-
xn8f
g", since that is the first generated name after rand.Seed(1)
func
createdTokenSecret
(
overrideName
...
string
)
*
v1
.
Secret
{
return
namedCreatedTokenSecret
(
"default-token-
stdp
g"
)
return
namedCreatedTokenSecret
(
"default-token-
xn8f
g"
)
}
// namedTokenSecret returns the ServiceAccountToken secret posted when creating a new token secret with the given name.
...
...
@@ -264,12 +264,12 @@ func TestTokenCreation(t *testing.T) {
// Attempt 2
core
.
NewGetAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"serviceaccounts"
},
metav1
.
NamespaceDefault
,
"default"
),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
jk9r
t"
)),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
txhz
t"
)),
// Attempt 3
core
.
NewGetAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"serviceaccounts"
},
metav1
.
NamespaceDefault
,
"default"
),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
684pg
"
)),
core
.
NewUpdateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"serviceaccounts"
},
metav1
.
NamespaceDefault
,
serviceAccount
(
addNamedTokenSecretReference
(
emptySecretReferences
(),
"default-token-
684pg
"
))),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
vnmz7
"
)),
core
.
NewUpdateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"serviceaccounts"
},
metav1
.
NamespaceDefault
,
serviceAccount
(
addNamedTokenSecretReference
(
emptySecretReferences
(),
"default-token-
vnmz7
"
))),
},
},
"new serviceaccount with no secrets encountering unending create error"
:
{
...
...
@@ -293,10 +293,10 @@ func TestTokenCreation(t *testing.T) {
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
createdTokenSecret
()),
// Retry 1
core
.
NewGetAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"serviceaccounts"
},
metav1
.
NamespaceDefault
,
"default"
),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
jk9r
t"
)),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
txhz
t"
)),
// Retry 2
core
.
NewGetAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"serviceaccounts"
},
metav1
.
NamespaceDefault
,
"default"
),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
684pg
"
)),
core
.
NewCreateAction
(
schema
.
GroupVersionResource
{
Version
:
"v1"
,
Resource
:
"secrets"
},
metav1
.
NamespaceDefault
,
namedCreatedTokenSecret
(
"default-token-
vnmz7
"
)),
},
},
"new serviceaccount with missing secrets"
:
{
...
...
staging/src/k8s.io/apimachinery/pkg/util/rand/rand.go
View file @
c279a53c
...
...
@@ -70,16 +70,41 @@ func Perm(n int) []int {
return
rng
.
rand
.
Perm
(
n
)
}
// We omit vowels from the set of available characters to reduce the chances
// of "bad words" being formed.
var
alphanums
=
[]
rune
(
"bcdfghjklmnpqrstvwxz2456789"
)
const
(
// We omit vowels from the set of available characters to reduce the chances
// of "bad words" being formed.
alphanums
=
"bcdfghjklmnpqrstvwxz2456789"
// No. of bits required to index into alphanums string.
alphanumsIdxBits
=
5
// Mask used to extract last alphanumsIdxBits of an int.
alphanumsIdxMask
=
1
<<
alphanumsIdxBits
-
1
// No. of random letters we can extract from a single int63.
maxAlphanumsPerInt
=
63
/
alphanumsIdxBits
)
// String generates a random alphanumeric string, without vowels, which is n
// characters long. This will panic if n is less than zero.
func
String
(
length
int
)
string
{
b
:=
make
([]
rune
,
length
)
for
i
:=
range
b
{
b
[
i
]
=
alphanums
[
Intn
(
len
(
alphanums
))]
// How the random string is created:
// - we generate random int63's
// - from each int63, we are extracting multiple random letters by bit-shifting and masking
// - if some index is out of range of alphanums we neglect it (unlikely to happen multiple times in a row)
func
String
(
n
int
)
string
{
b
:=
make
([]
byte
,
n
)
rng
.
Lock
()
defer
rng
.
Unlock
()
randomInt63
:=
rng
.
rand
.
Int63
()
remaining
:=
maxAlphanumsPerInt
for
i
:=
0
;
i
<
n
;
{
if
remaining
==
0
{
randomInt63
,
remaining
=
rng
.
rand
.
Int63
(),
maxAlphanumsPerInt
}
if
idx
:=
int
(
randomInt63
&
alphanumsIdxMask
);
idx
<
len
(
alphanums
)
{
b
[
i
]
=
alphanums
[
idx
]
i
++
}
randomInt63
>>=
alphanumsIdxBits
remaining
--
}
return
string
(
b
)
}
...
...
@@ -87,7 +112,7 @@ func String(length int) string {
// SafeEncodeString encodes s using the same characters as rand.String. This reduces the chances of bad words and
// ensures that strings generated from hash functions appear consistent throughout the API.
func
SafeEncodeString
(
s
string
)
string
{
r
:=
make
([]
run
e
,
len
(
s
))
r
:=
make
([]
byt
e
,
len
(
s
))
for
i
,
b
:=
range
[]
rune
(
s
)
{
r
[
i
]
=
alphanums
[(
int
(
b
)
%
len
(
alphanums
))]
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment