kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

echo audiences in anonymous and insecure authenticators 

part of https://github.com/kubernetes/kubernetes/issues/69893

Kubernetes-commit: f94bc6193e1e299b1cb258b59504fab81cf8da1c
This commit is contained in:
Mike Danese 2018-10-26 15:29:55 -07:00 committed by Kubernetes Publisher
parent 7ba8fae5dc
commit 7c1e7ec029
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/authentication/request/anonymous/anonymous.go
View File

@ -21,6 +21,7 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
) )
const ( const (
@ -31,11 +32,13 @@ const (
func NewAuthenticator() authenticator.Request { func NewAuthenticator() authenticator.Request {
return authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) { return authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
auds, _ := request.AudiencesFrom(req.Context())
return &authenticator.Response{ return &authenticator.Response{
User: &user.DefaultInfo{ User: &user.DefaultInfo{
Name: anonymousUser, Name: anonymousUser,
Groups: []string{unauthenticatedGroup}, Groups: []string{unauthenticatedGroup},
}, },
Audiences: auds,
}, true, nil }, true, nil
}) })
} }

3
pkg/authentication/request/anonymous/anonymous_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package anonymous package anonymous
import ( import (
"net/http"
"testing" "testing"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
@ -26,7 +27,7 @@ import (
func TestAnonymous(t *testing.T) { func TestAnonymous(t *testing.T) {
var a authenticator.Request = NewAuthenticator() var a authenticator.Request = NewAuthenticator()
r, ok, err := a.AuthenticateRequest(nil) r, ok, err := a.AuthenticateRequest(&http.Request{})
if err != nil { if err != nil {
t.Fatalf("Unexpected error %v", err) t.Fatalf("Unexpected error %v", err)
} }

3
pkg/server/deprecated_insecure_serving.go
View File

@ -25,6 +25,7 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
) )
@ -79,10 +80,12 @@ func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config,
type InsecureSuperuser struct{} type InsecureSuperuser struct{}
func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) {
auds, _ := request.AudiencesFrom(req.Context())
return &authenticator.Response{ return &authenticator.Response{
User: &user.DefaultInfo{ User: &user.DefaultInfo{
Name: "system:unsecured", Name: "system:unsecured",
Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated}, Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated},
}, },
Audiences: auds,
}, true, nil }, true, nil
} }