mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Remove whoami handler.
This was a temporary thing. Not aware of anyone using it.
This commit is contained in:
parent
7cf0c4d7d7
commit
029a9b6400
@ -1,52 +0,0 @@
|
|||||||
/*
|
|
||||||
Copyright 2014 Google Inc. All rights reserved.
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package master
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net/http"
|
|
||||||
|
|
||||||
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator"
|
|
||||||
|
|
||||||
"github.com/emicklei/go-restful"
|
|
||||||
)
|
|
||||||
|
|
||||||
// handleWhoAmI returns the user-string which this request is authenticated as (if any).
|
|
||||||
// Useful for debugging authentication. Always returns HTTP status okay and a human
|
|
||||||
// readable (not intended as API) description of authentication state of request.
|
|
||||||
func handleWhoAmI(auth authenticator.Request) restful.RouteFunction {
|
|
||||||
return func(req *restful.Request, resp *restful.Response) {
|
|
||||||
// This is supposed to go away, so it's not worth the effort to convert to restful
|
|
||||||
w := resp.ResponseWriter
|
|
||||||
w.Header().Set("Content-Type", "text/plain")
|
|
||||||
w.WriteHeader(http.StatusOK)
|
|
||||||
if auth == nil {
|
|
||||||
w.Write([]byte("NO AUTHENTICATION SUPPORT"))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
userInfo, ok, err := auth.AuthenticateRequest(req.Request)
|
|
||||||
if err != nil {
|
|
||||||
w.Write([]byte("ERROR WHILE AUTHENTICATING"))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if !ok {
|
|
||||||
w.Write([]byte("NOT AUTHENTICATED"))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
w.Write([]byte("AUTHENTICATED AS " + userInfo.GetName()))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
@ -373,8 +373,6 @@ func (m *Master) init(c *Config) {
|
|||||||
if authenticator != nil {
|
if authenticator != nil {
|
||||||
handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler)
|
handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler)
|
||||||
}
|
}
|
||||||
// TODO: Remove temporary _whoami handler
|
|
||||||
m.rootWebService.Route(m.rootWebService.GET("/_whoami").To(handleWhoAmI(authenticator)))
|
|
||||||
|
|
||||||
// Install root web services
|
// Install root web services
|
||||||
m.handlerContainer.Add(m.rootWebService)
|
m.handlerContainer.Add(m.rootWebService)
|
||||||
|
@ -60,81 +60,6 @@ func getTestTokenAuth() authenticator.Request {
|
|||||||
return bearertoken.New(tokenAuthenticator)
|
return bearertoken.New(tokenAuthenticator)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestWhoAmI passes a known Bearer Token to the master's /_whoami endpoint and checks that
|
|
||||||
// the master authenticates the user.
|
|
||||||
func TestWhoAmI(t *testing.T) {
|
|
||||||
deleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// Set up a master
|
|
||||||
|
|
||||||
helper, err := master.NewEtcdHelper(newEtcdClient(), "v1beta1")
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("unexpected error: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var m *master.Master
|
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
m = master.New(&master.Config{
|
|
||||||
Client: client.NewOrDie(&client.Config{Host: s.URL}),
|
|
||||||
EtcdHelper: helper,
|
|
||||||
KubeletClient: client.FakeKubeletClient{},
|
|
||||||
EnableLogsSupport: false,
|
|
||||||
EnableUISupport: false,
|
|
||||||
APIPrefix: "/api",
|
|
||||||
Authenticator: getTestTokenAuth(),
|
|
||||||
Authorizer: apiserver.NewAlwaysAllowAuthorizer(),
|
|
||||||
})
|
|
||||||
|
|
||||||
// TODO: also test TLS, using e.g NewUnsafeTLSTransport() and NewClientCertTLSTransport() (see pkg/client/helper.go)
|
|
||||||
transport := http.DefaultTransport
|
|
||||||
|
|
||||||
testCases := []struct {
|
|
||||||
name string
|
|
||||||
token string
|
|
||||||
expected string
|
|
||||||
succeeds bool
|
|
||||||
}{
|
|
||||||
{"Valid token", AliceToken, "AUTHENTICATED AS alice", true},
|
|
||||||
{"Unknown token", UnknownToken, "", false},
|
|
||||||
{"No token", "", "", false},
|
|
||||||
}
|
|
||||||
for _, tc := range testCases {
|
|
||||||
req, err := http.NewRequest("GET", s.URL+"/_whoami", nil)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("unexpected error: %v", err)
|
|
||||||
}
|
|
||||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tc.token))
|
|
||||||
func() {
|
|
||||||
resp, err := transport.RoundTrip(req)
|
|
||||||
defer resp.Body.Close()
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("unexpected error: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if tc.succeeds {
|
|
||||||
body, err := ioutil.ReadAll(resp.Body)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("unexpected error: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
actual := string(body)
|
|
||||||
if tc.expected != actual {
|
|
||||||
t.Errorf("case: %s expected: %v got: %v", tc.name, tc.expected, actual)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if resp.StatusCode != http.StatusUnauthorized {
|
|
||||||
t.Errorf("case: %s expected Unauthorized, got: %v", tc.name, resp.StatusCode)
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Bodies for requests used in subsequent tests.
|
// Bodies for requests used in subsequent tests.
|
||||||
var aPod string = `
|
var aPod string = `
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user