github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 13:07:07 +00:00
Code Issues Projects Releases Wiki Activity

Remove whoami handler.

Browse Source 
This was a temporary thing.  Not aware of anyone using it.
This commit is contained in:
Eric Tune 2014-12-03 21:49:48 -08:00
parent 7cf0c4d7d7
commit 029a9b6400
3 changed files with 0 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
pkg/master/handlers.go
View File

@ -1,52 +0,0 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package master
import (
"net/http"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator"
"github.com/emicklei/go-restful"
)
// handleWhoAmI returns the user-string which this request is authenticated as (if any).
// Useful for debugging authentication. Always returns HTTP status okay and a human
// readable (not intended as API) description of authentication state of request.
func handleWhoAmI(auth authenticator.Request) restful.RouteFunction {
return func(req *restful.Request, resp *restful.Response) {
// This is supposed to go away, so it's not worth the effort to convert to restful
w := resp.ResponseWriter
w.Header().Set("Content-Type", "text/plain")
w.WriteHeader(http.StatusOK)
if auth == nil {
w.Write([]byte("NO AUTHENTICATION SUPPORT"))
return
}
userInfo, ok, err := auth.AuthenticateRequest(req.Request)
if err != nil {
w.Write([]byte("ERROR WHILE AUTHENTICATING"))
return
}
if !ok {
w.Write([]byte("NOT AUTHENTICATED"))
return
}
w.Write([]byte("AUTHENTICATED AS " + userInfo.GetName()))
return
}
}

2
pkg/master/master.go
View File

@ -373,8 +373,6 @@ func (m *Master) init(c *Config) {
if authenticator != nil { if authenticator != nil {
handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler) handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler)
} }
// TODO: Remove temporary _whoami handler
m.rootWebService.Route(m.rootWebService.GET("/_whoami").To(handleWhoAmI(authenticator)))
// Install root web services // Install root web services
m.handlerContainer.Add(m.rootWebService) m.handlerContainer.Add(m.rootWebService)

75
test/integration/auth_test.go
View File

@ -60,81 +60,6 @@ func getTestTokenAuth() authenticator.Request {
return bearertoken.New(tokenAuthenticator) return bearertoken.New(tokenAuthenticator)
} }
// TestWhoAmI passes a known Bearer Token to the master's /_whoami endpoint and checks that
// the master authenticates the user.
func TestWhoAmI(t *testing.T) {
deleteAllEtcdKeys()
// Set up a master
helper, err := master.NewEtcdHelper(newEtcdClient(), "v1beta1")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
var m *master.Master
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
m.Handler.ServeHTTP(w, req)
}))
defer s.Close()
m = master.New(&master.Config{
Client: client.NewOrDie(&client.Config{Host: s.URL}),
EtcdHelper: helper,
KubeletClient: client.FakeKubeletClient{},
EnableLogsSupport: false,
EnableUISupport: false,
APIPrefix: "/api",
Authenticator: getTestTokenAuth(),
Authorizer: apiserver.NewAlwaysAllowAuthorizer(),
})
// TODO: also test TLS, using e.g NewUnsafeTLSTransport() and NewClientCertTLSTransport() (see pkg/client/helper.go)
transport := http.DefaultTransport
testCases := []struct {
name string
token string
expected string
succeeds bool
}{
{"Valid token", AliceToken, "AUTHENTICATED AS alice", true},
{"Unknown token", UnknownToken, "", false},
{"No token", "", "", false},
}
for _, tc := range testCases {
req, err := http.NewRequest("GET", s.URL+"/_whoami", nil)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tc.token))
func() {
resp, err := transport.RoundTrip(req)
defer resp.Body.Close()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if tc.succeeds {
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
actual := string(body)
if tc.expected != actual {
t.Errorf("case: %s expected: %v got: %v", tc.name, tc.expected, actual)
}
} else {
if resp.StatusCode != http.StatusUnauthorized {
t.Errorf("case: %s expected Unauthorized, got: %v", tc.name, resp.StatusCode)
}
}
}()
}
}
// Bodies for requests used in subsequent tests. // Bodies for requests used in subsequent tests.
var aPod string = ` var aPod string = `
{ {