From 7c1e7ec029a1822f45d3648654ca7607cd6f5a86 Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Fri, 26 Oct 2018 15:29:55 -0700 Subject: [PATCH] echo audiences in anonymous and insecure authenticators part of https://github.com/kubernetes/kubernetes/issues/69893 Kubernetes-commit: f94bc6193e1e299b1cb258b59504fab81cf8da1c --- pkg/authentication/request/anonymous/anonymous.go | 3 +++ pkg/authentication/request/anonymous/anonymous_test.go | 3 ++- pkg/server/deprecated_insecure_serving.go | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/authentication/request/anonymous/anonymous.go b/pkg/authentication/request/anonymous/anonymous.go index 651832fd3..76ff13022 100644 --- a/pkg/authentication/request/anonymous/anonymous.go +++ b/pkg/authentication/request/anonymous/anonymous.go @@ -21,6 +21,7 @@ import ( "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/user" + "k8s.io/apiserver/pkg/endpoints/request" ) const ( @@ -31,11 +32,13 @@ const ( func NewAuthenticator() authenticator.Request { return authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) { + auds, _ := request.AudiencesFrom(req.Context()) return &authenticator.Response{ User: &user.DefaultInfo{ Name: anonymousUser, Groups: []string{unauthenticatedGroup}, }, + Audiences: auds, }, true, nil }) } diff --git a/pkg/authentication/request/anonymous/anonymous_test.go b/pkg/authentication/request/anonymous/anonymous_test.go index 7b27ff20e..494ab6097 100644 --- a/pkg/authentication/request/anonymous/anonymous_test.go +++ b/pkg/authentication/request/anonymous/anonymous_test.go @@ -17,6 +17,7 @@ limitations under the License. package anonymous import ( + "net/http" "testing" "k8s.io/apimachinery/pkg/util/sets" @@ -26,7 +27,7 @@ import ( func TestAnonymous(t *testing.T) { var a authenticator.Request = NewAuthenticator() - r, ok, err := a.AuthenticateRequest(nil) + r, ok, err := a.AuthenticateRequest(&http.Request{}) if err != nil { t.Fatalf("Unexpected error %v", err) } diff --git a/pkg/server/deprecated_insecure_serving.go b/pkg/server/deprecated_insecure_serving.go index 43fff06ec..cf84988a7 100644 --- a/pkg/server/deprecated_insecure_serving.go +++ b/pkg/server/deprecated_insecure_serving.go @@ -25,6 +25,7 @@ import ( "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/user" + "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/client-go/rest" ) @@ -79,10 +80,12 @@ func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config, type InsecureSuperuser struct{} func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { + auds, _ := request.AudiencesFrom(req.Context()) return &authenticator.Response{ User: &user.DefaultInfo{ Name: "system:unsecured", Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated}, }, + Audiences: auds, }, true, nil }