From 029a9b6400b165bda860dd1295422e57e6424f3d Mon Sep 17 00:00:00 2001 From: Eric Tune Date: Wed, 3 Dec 2014 21:49:48 -0800 Subject: [PATCH] Remove whoami handler. This was a temporary thing. Not aware of anyone using it. --- pkg/master/handlers.go | 52 ------------------------ pkg/master/master.go | 2 - test/integration/auth_test.go | 75 ----------------------------------- 3 files changed, 129 deletions(-) delete mode 100644 pkg/master/handlers.go diff --git a/pkg/master/handlers.go b/pkg/master/handlers.go deleted file mode 100644 index 3cff68028e1..00000000000 --- a/pkg/master/handlers.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2014 Google Inc. All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package master - -import ( - "net/http" - - "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator" - - "github.com/emicklei/go-restful" -) - -// handleWhoAmI returns the user-string which this request is authenticated as (if any). -// Useful for debugging authentication. Always returns HTTP status okay and a human -// readable (not intended as API) description of authentication state of request. -func handleWhoAmI(auth authenticator.Request) restful.RouteFunction { - return func(req *restful.Request, resp *restful.Response) { - // This is supposed to go away, so it's not worth the effort to convert to restful - w := resp.ResponseWriter - w.Header().Set("Content-Type", "text/plain") - w.WriteHeader(http.StatusOK) - if auth == nil { - w.Write([]byte("NO AUTHENTICATION SUPPORT")) - return - } - userInfo, ok, err := auth.AuthenticateRequest(req.Request) - if err != nil { - w.Write([]byte("ERROR WHILE AUTHENTICATING")) - return - } - if !ok { - w.Write([]byte("NOT AUTHENTICATED")) - return - } - w.Write([]byte("AUTHENTICATED AS " + userInfo.GetName())) - return - } -} diff --git a/pkg/master/master.go b/pkg/master/master.go index 568216ff596..63ec9a34ae3 100644 --- a/pkg/master/master.go +++ b/pkg/master/master.go @@ -373,8 +373,6 @@ func (m *Master) init(c *Config) { if authenticator != nil { handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler) } - // TODO: Remove temporary _whoami handler - m.rootWebService.Route(m.rootWebService.GET("/_whoami").To(handleWhoAmI(authenticator))) // Install root web services m.handlerContainer.Add(m.rootWebService) diff --git a/test/integration/auth_test.go b/test/integration/auth_test.go index 1319656fa14..bd1a8baec21 100644 --- a/test/integration/auth_test.go +++ b/test/integration/auth_test.go @@ -60,81 +60,6 @@ func getTestTokenAuth() authenticator.Request { return bearertoken.New(tokenAuthenticator) } -// TestWhoAmI passes a known Bearer Token to the master's /_whoami endpoint and checks that -// the master authenticates the user. -func TestWhoAmI(t *testing.T) { - deleteAllEtcdKeys() - - // Set up a master - - helper, err := master.NewEtcdHelper(newEtcdClient(), "v1beta1") - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - var m *master.Master - s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - m.Handler.ServeHTTP(w, req) - })) - defer s.Close() - - m = master.New(&master.Config{ - Client: client.NewOrDie(&client.Config{Host: s.URL}), - EtcdHelper: helper, - KubeletClient: client.FakeKubeletClient{}, - EnableLogsSupport: false, - EnableUISupport: false, - APIPrefix: "/api", - Authenticator: getTestTokenAuth(), - Authorizer: apiserver.NewAlwaysAllowAuthorizer(), - }) - - // TODO: also test TLS, using e.g NewUnsafeTLSTransport() and NewClientCertTLSTransport() (see pkg/client/helper.go) - transport := http.DefaultTransport - - testCases := []struct { - name string - token string - expected string - succeeds bool - }{ - {"Valid token", AliceToken, "AUTHENTICATED AS alice", true}, - {"Unknown token", UnknownToken, "", false}, - {"No token", "", "", false}, - } - for _, tc := range testCases { - req, err := http.NewRequest("GET", s.URL+"/_whoami", nil) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tc.token)) - func() { - resp, err := transport.RoundTrip(req) - defer resp.Body.Close() - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - if tc.succeeds { - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - actual := string(body) - if tc.expected != actual { - t.Errorf("case: %s expected: %v got: %v", tc.name, tc.expected, actual) - } - } else { - if resp.StatusCode != http.StatusUnauthorized { - t.Errorf("case: %s expected Unauthorized, got: %v", tc.name, resp.StatusCode) - } - - } - }() - } -} - // Bodies for requests used in subsequent tests. var aPod string = ` {