From 0e77e2b80040eb3b17994c38c639e0a29ba45a11 Mon Sep 17 00:00:00 2001 From: xilabao Date: Fri, 10 Feb 2017 11:51:48 +0800 Subject: [PATCH] fix token validation in kubeadm --- cmd/kubeadm/app/apis/kubeadm/validation/BUILD | 5 +++- .../app/apis/kubeadm/validation/validation.go | 6 +++++ .../kubeadm/validation/validation_test.go | 24 +++++++++++++++++++ cmd/kubeadm/app/node/discovery.go | 3 +++ 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/BUILD b/cmd/kubeadm/app/apis/kubeadm/validation/BUILD index 62a7ebc6608..e1523b87f8d 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/BUILD +++ b/cmd/kubeadm/app/apis/kubeadm/validation/BUILD @@ -38,5 +38,8 @@ go_test( srcs = ["validation_test.go"], library = ":go_default_library", tags = ["automanaged"], - deps = ["//vendor:k8s.io/apimachinery/pkg/util/validation/field"], + deps = [ + "//cmd/kubeadm/app/apis/kubeadm:go_default_library", + "//vendor:k8s.io/apimachinery/pkg/util/validation/field", + ], ) diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go index 8afc92e82db..77313e1f3c2 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go @@ -71,6 +71,12 @@ func ValidateHTTPSDiscovery(c *kubeadm.HTTPSDiscovery, fldPath *field.Path) fiel func ValidateTokenDiscovery(c *kubeadm.TokenDiscovery, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} + if len(c.ID) == 0 || len(c.Secret) == 0 { + allErrs = append(allErrs, field.Invalid(fldPath, nil, "token must be specific as :")) + } + if len(c.Addresses) == 0 { + allErrs = append(allErrs, field.Invalid(fldPath, nil, "at least one address is required")) + } return allErrs } diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go index 8fb314efdec..244846133ff 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go @@ -20,8 +20,32 @@ import ( "testing" "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" ) +func TestValidateTokenDiscovery(t *testing.T) { + var tests = []struct { + c *kubeadm.TokenDiscovery + f *field.Path + expected bool + }{ + {&kubeadm.TokenDiscovery{ID: "772ef5", Secret: "6b6baab1d4a0a171", Addresses: []string{"192.168.122.100:9898"}}, nil, true}, + {&kubeadm.TokenDiscovery{ID: "", Secret: "6b6baab1d4a0a171", Addresses: []string{"192.168.122.100:9898"}}, nil, false}, + {&kubeadm.TokenDiscovery{ID: "772ef5", Secret: "", Addresses: []string{"192.168.122.100:9898"}}, nil, false}, + {&kubeadm.TokenDiscovery{ID: "772ef5", Secret: "6b6baab1d4a0a171", Addresses: []string{}}, nil, false}, + } + for _, rt := range tests { + err := ValidateTokenDiscovery(rt.c, rt.f).ToAggregate() + if (err == nil) != rt.expected { + t.Errorf( + "failed ValidateTokenDiscovery:\n\texpected: %t\n\t actual: %t", + rt.expected, + (err == nil), + ) + } + } +} + func TestValidateServiceSubnet(t *testing.T) { var tests = []struct { s string diff --git a/cmd/kubeadm/app/node/discovery.go b/cmd/kubeadm/app/node/discovery.go index 8501e7114be..439d55a26c7 100644 --- a/cmd/kubeadm/app/node/discovery.go +++ b/cmd/kubeadm/app/node/discovery.go @@ -33,6 +33,9 @@ import ( const discoveryRetryTimeout = 5 * time.Second func RetrieveTrustedClusterInfo(d *kubeadmapi.TokenDiscovery) (*kubeadmapi.ClusterInfo, error) { + if len(d.Addresses) == 0 { + return nil, fmt.Errorf("the address is required to generate the requestURL") + } requestURL := fmt.Sprintf("http://%s/cluster-info/v1/?token-id=%s", d.Addresses[0], d.ID) req, err := http.NewRequest("GET", requestURL, nil) if err != nil {