Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
c9f4d8e5
Commit
c9f4d8e5
authored
Apr 28, 2015
by
Brendan Burns
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #7425 from roberthbailey/basic-auth-headers
Set the 'WWW-Authenticate' header on 401 responses when basic auth is enabled
parents
19ae113f
4304b1d2
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
16 additions
and
2 deletions
+16
-2
server.go
cmd/kube-apiserver/app/server.go
+1
-0
handlers.go
pkg/auth/handlers/handlers.go
+12
-1
master.go
pkg/master/master.go
+3
-1
No files found.
cmd/kube-apiserver/app/server.go
View file @
c9f4d8e5
...
@@ -307,6 +307,7 @@ func (s *APIServer) Run(_ []string) error {
...
@@ -307,6 +307,7 @@ func (s *APIServer) Run(_ []string) error {
ReadWritePort
:
s
.
SecurePort
,
ReadWritePort
:
s
.
SecurePort
,
PublicAddress
:
net
.
IP
(
s
.
BindAddress
),
PublicAddress
:
net
.
IP
(
s
.
BindAddress
),
Authenticator
:
authenticator
,
Authenticator
:
authenticator
,
SupportsBasicAuth
:
len
(
s
.
BasicAuthFile
)
>
0
,
Authorizer
:
authorizer
,
Authorizer
:
authorizer
,
AdmissionControl
:
admissionController
,
AdmissionControl
:
admissionController
,
DisableV1Beta3
:
disableV1beta3
,
DisableV1Beta3
:
disableV1beta3
,
...
...
pkg/auth/handlers/handlers.go
View file @
c9f4d8e5
...
@@ -49,7 +49,18 @@ func NewRequestAuthenticator(mapper api.RequestContextMapper, auth authenticator
...
@@ -49,7 +49,18 @@ func NewRequestAuthenticator(mapper api.RequestContextMapper, auth authenticator
)
)
}
}
var
Unauthorized
http
.
HandlerFunc
=
unauthorized
func
Unauthorized
(
supportsBasicAuth
bool
)
http
.
HandlerFunc
{
if
supportsBasicAuth
{
return
unauthorizedBasicAuth
}
return
unauthorized
}
// unauthorizedBasicAuth serves an unauthorized message to clients.
func
unauthorizedBasicAuth
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
)
{
w
.
Header
()
.
Set
(
"WWW-Authenticate"
,
`Basic realm="kubernetes-master"`
)
http
.
Error
(
w
,
"Unauthorized"
,
http
.
StatusUnauthorized
)
}
// unauthorized serves an unauthorized message to clients.
// unauthorized serves an unauthorized message to clients.
func
unauthorized
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
)
{
func
unauthorized
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
)
{
...
...
pkg/master/master.go
View file @
c9f4d8e5
...
@@ -94,6 +94,8 @@ type Config struct {
...
@@ -94,6 +94,8 @@ type Config struct {
APIPrefix
string
APIPrefix
string
CorsAllowedOriginList
util
.
StringList
CorsAllowedOriginList
util
.
StringList
Authenticator
authenticator
.
Request
Authenticator
authenticator
.
Request
// TODO(roberthbailey): Remove once the server no longer supports http basic auth.
SupportsBasicAuth
bool
Authorizer
authorizer
.
Authorizer
Authorizer
authorizer
.
Authorizer
AdmissionControl
admission
.
Interface
AdmissionControl
admission
.
Interface
MasterServiceNamespace
string
MasterServiceNamespace
string
...
@@ -500,7 +502,7 @@ func (m *Master) init(c *Config) {
...
@@ -500,7 +502,7 @@ func (m *Master) init(c *Config) {
// Install Authenticator
// Install Authenticator
if
c
.
Authenticator
!=
nil
{
if
c
.
Authenticator
!=
nil
{
authenticatedHandler
,
err
:=
handlers
.
NewRequestAuthenticator
(
m
.
requestContextMapper
,
c
.
Authenticator
,
handlers
.
Unauthorized
,
handler
)
authenticatedHandler
,
err
:=
handlers
.
NewRequestAuthenticator
(
m
.
requestContextMapper
,
c
.
Authenticator
,
handlers
.
Unauthorized
(
c
.
SupportsBasicAuth
)
,
handler
)
if
err
!=
nil
{
if
err
!=
nil
{
glog
.
Fatalf
(
"Could not initialize authenticator: %v"
,
err
)
glog
.
Fatalf
(
"Could not initialize authenticator: %v"
,
err
)
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment