verify token file

Kubernetes-commit: 62c170fc1da2a94cd4dacd56f8f798f491b29ae1
2017-11-10 11:30:51 +08:00 · 2017-11-10 11:30:51 +08:00 · c79bc73664
parent bb42280c25
commit c79bc73664
2 changed files with 17 additions and 1 deletions
--- a/pkg/authentication/token/tokenfile/tokenfile.go
+++ b/pkg/authentication/token/tokenfile/tokenfile.go
@ -62,11 +62,17 @@ func NewCSV(path string) (*TokenAuthenticator, error) {
 		if len(record) < 3 {
 			return nil, fmt.Errorf("token file '%s' must have at least 3 columns (token, user name, user uid), found %d", path, len(record))
 		}
+
+		recordNum++
+		if record[0] == "" {
+			glog.Warningf("empty token has been found in token file '%s', record number '%d'", path, recordNum)
+			continue
+		}
+
 		obj := &user.DefaultInfo{
 			Name: record[1],
 			UID:  record[2],
 		}
-		recordNum++
 		if _, exist := tokens[record[0]]; exist {
 			glog.Warningf("duplicate token has been found in token file '%s', record number '%d'", path, recordNum)
 		}
--- a/pkg/authentication/token/tokenfile/tokenfile_test.go
+++ b/pkg/authentication/token/tokenfile/tokenfile_test.go
@ -125,6 +125,16 @@ func TestInsufficientColumnsTokenFile(t *testing.T) {
 	}
 }

+func TestEmptyTokenTokenFile(t *testing.T) {
+	auth, err := newWithContents(t, ",user5,uid5\n")
+	if err != nil {
+		t.Fatalf("unexpected error %v", err)
+	}
+	if len(auth.tokens) != 0 {
+		t.Fatalf("empty token should not be recorded")
+	}
+}
+
 func newWithContents(t *testing.T, contents string) (auth *TokenAuthenticator, err error) {
 	f, err := ioutil.TempFile("", "tokenfile_test")
 	if err != nil {