Merge pull request #69002 from HotelsDotCom/do-not-verify-x509-with-no-wrapped-auth

Remove excessive warnings with x509 certificate auth Kubernetes-commit: 38a9fc6aa240c99b17a93764fb5473bf6342ff9d
2018-10-12 13:09:52 -07:00 · 2018-10-12 13:09:52 -07:00 · d44a702c23
parent c30426fbcf a948ad1df7
commit d44a702c23
2 changed files with 33 additions and 35 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -880,131 +880,131 @@
 		},
 		{
 			"ImportPath": "k8s.io/api/admission/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta2",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta2",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v2alpha1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/certificates/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/coordination/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/core/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/events/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/extensions/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/policy/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1alpha1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1alpha1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/settings/v1alpha1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1alpha1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1beta1",
-			"Rev": "26c7a45db37856b19f05ba5aa21d2df4b81ecff3"
+			"Rev": "dc4eec57aa42d7a46325ffd367f94a1021df1cb7"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting",
--- a/pkg/authentication/request/x509/x509.go
+++ b/pkg/authentication/request/x509/x509.go
@ -23,7 +23,6 @@ import (
 	"net/http"
 	"time"

-	"github.com/golang/glog"
 	"github.com/prometheus/client_golang/prometheus"

 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
@ -168,8 +167,7 @@ func (a *Verifier) verifySubject(subject pkix.Name) error {
 	if a.allowedCommonNames.Has(subject.CommonName) {
 		return nil
 	}
-	glog.Warningf("x509: subject with cn=%s is not in the allowed list: %v", subject.CommonName, a.allowedCommonNames.List())
-	return fmt.Errorf("x509: subject with cn=%s is not allowed", subject.CommonName)
+	return fmt.Errorf("x509: subject with cn=%s is not in the allowed list", subject.CommonName)
 }

 // DefaultVerifyOptions returns VerifyOptions that use the system root certificates, current time,