*: remove --insecure-allow-any-token option
e2e and integration tests have been switched over to the tokenfile authenticator instead. ```release-note The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging. ``` Kubernetes-commit: e2f2ab67f29d3e859e0b3e6668d8d770d93132fc
This commit is contained in:
Eric Chiang
Kubernetes Publisher
parent
157dcc8988
commit
6fb062b0b3
|
|
@ -1,24 +0,0 @@
|
|||
package(default_visibility = ["//visibility:public"])
|
||||
|
||||
licenses(["notice"])
|
||||
|
||||
load(
|
||||
"@io_bazel_rules_go//go:def.bzl",
|
||||
"go_library",
|
||||
"go_test",
|
||||
)
|
||||
|
||||
go_test(
|
||||
name = "go_default_test",
|
||||
srcs = ["anytoken_test.go"],
|
||||
library = ":go_default_library",
|
||||
tags = ["automanaged"],
|
||||
deps = ["//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library"],
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = ["anytoken.go"],
|
||||
tags = ["automanaged"],
|
||||
deps = ["//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library"],
|
||||
)
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
/*
|
||||
Copyright 2016 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package anytoken
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
)
|
||||
|
||||
type AnyTokenAuthenticator struct{}
|
||||
|
||||
func (AnyTokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) {
|
||||
lastSlash := strings.LastIndex(value, "/")
|
||||
if lastSlash == -1 {
|
||||
return &user.DefaultInfo{Name: value}, true, nil
|
||||
}
|
||||
|
||||
ret := &user.DefaultInfo{Name: value[:lastSlash]}
|
||||
|
||||
groupString := value[lastSlash+1:]
|
||||
if len(groupString) == 0 {
|
||||
return ret, true, nil
|
||||
}
|
||||
|
||||
ret.Groups = strings.Split(groupString, ",")
|
||||
return ret, true, nil
|
||||
}
|
||||
|
|
@ -1,71 +0,0 @@
|
|||
/*
|
||||
Copyright 2016 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package anytoken
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
)
|
||||
|
||||
func TestAnyTokenAuthenticator(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
token string
|
||||
|
||||
expectedUser user.Info
|
||||
}{
|
||||
{
|
||||
name: "user only",
|
||||
token: "joe",
|
||||
expectedUser: &user.DefaultInfo{Name: "joe"},
|
||||
},
|
||||
{
|
||||
name: "user with slash",
|
||||
token: "scheme/joe/",
|
||||
expectedUser: &user.DefaultInfo{Name: "scheme/joe"},
|
||||
},
|
||||
{
|
||||
name: "user with groups",
|
||||
token: "joe/group1,group2",
|
||||
expectedUser: &user.DefaultInfo{Name: "joe", Groups: []string{"group1", "group2"}},
|
||||
},
|
||||
{
|
||||
name: "user with slash and groups",
|
||||
token: "scheme/joe/group1,group2",
|
||||
expectedUser: &user.DefaultInfo{Name: "scheme/joe", Groups: []string{"group1", "group2"}},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
actualUser, _, _ := AnyTokenAuthenticator{}.AuthenticateToken(tc.token)
|
||||
|
||||
if len(actualUser.GetExtra()) != 0 {
|
||||
t.Errorf("%q: got extra: %v", tc.name, actualUser.GetExtra())
|
||||
}
|
||||
if len(actualUser.GetUID()) != 0 {
|
||||
t.Errorf("%q: got extra: %v", tc.name, actualUser.GetUID())
|
||||
}
|
||||
if e, a := tc.expectedUser.GetName(), actualUser.GetName(); e != a {
|
||||
t.Errorf("%q: expected %v, got %v", tc.name, e, a)
|
||||
}
|
||||
if e, a := tc.expectedUser.GetGroups(), actualUser.GetGroups(); !reflect.DeepEqual(e, a) {
|
||||
t.Errorf("%q: expected %v, got %v", tc.name, e, a)
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue