kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #66033 from liggitt/x509-cleanup 

Automatic merge from submit-queue (batch tested with PRs 65931, 65705, 66033). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Remove unused x509 code

We don't intend to use/support these user extraction methods

```release-note
NONE
```

Kubernetes-commit: 4b4408c339bc81c9d96a93d07f163e42bd0f3322
This commit is contained in:
Kubernetes Publisher 2018-07-10 14:09:12 -07:00
parent 2eca029519 524198321e
commit 07a1d2e3e4
3 changed files with 31 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
Godeps/Godeps.json generated
View File

@ -832,127 +832,127 @@
},
{
"ImportPath": "k8s.io/api/admission/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/apps/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/apps/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/apps/v1beta2",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/authentication/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/authentication/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/authorization/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/authorization/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/autoscaling/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/autoscaling/v2beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/batch/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/batch/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/batch/v2alpha1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/certificates/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/coordination/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/core/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/events/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/extensions/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/networking/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/policy/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/rbac/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/rbac/v1alpha1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/rbac/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/scheduling/v1alpha1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/scheduling/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/settings/v1alpha1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/storage/v1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/storage/v1alpha1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/api/storage/v1beta1",
"Rev": "8be2a0b24ed0dac9cfc1ac2d987ea16cfcdbecb6"
"Rev": "86095a23dfb6454e708e23833a9f227ce697ca0e"
},
{
"ImportPath": "k8s.io/apimachinery/pkg/api/equality",

23
pkg/authentication/request/x509/x509.go
View File

@ -19,7 +19,6 @@ package x509
import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"fmt"
"net/http"
"time"
@ -191,25 +190,3 @@ var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate
Groups: chain[0].Subject.Organization,
}, true, nil
})
// DNSNameUserConversion builds user info from a certificate chain using the first DNSName on the certificate
var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
if len(chain[0].DNSNames) == 0 {
return nil, false, nil
}
return &user.DefaultInfo{Name: chain[0].DNSNames[0]}, true, nil
})
// EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate
var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
var emailAddressOID asn1.ObjectIdentifier = []int{1, 2, 840, 113549, 1, 9, 1}
if len(chain[0].EmailAddresses) == 0 {
for _, name := range chain[0].Subject.Names {
if name.Type.Equal(emailAddressOID) {
return &user.DefaultInfo{Name: name.Value.(string)}, true, nil
}
}
return nil, false, nil
}
return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil
})

35
pkg/authentication/request/x509/x509_test.go
View File

@ -586,41 +586,6 @@ func TestX509(t *testing.T) {
ExpectOK: true,
ExpectErr: false,
},
"empty dns": {
Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert),
User: DNSNameUserConversion,
ExpectOK: false,
ExpectErr: false,
},
"dns": {
Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientDNSCert),
User: DNSNameUserConversion,
ExpectUserName: "client_dns.example.com",
ExpectOK: true,
ExpectErr: false,
},
"empty email": {
Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert),
User: EmailAddressUserConversion,
ExpectOK: false,
ExpectErr: false,
},
"email": {
Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientEmailCert),
User: EmailAddressUserConversion,
ExpectUserName: "client_email@example.com",
ExpectOK: true,
ExpectErr: false,
},
"custom conversion error": {
Opts: getDefaultVerifyOptions(t),