github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

fix token validation in kubeadm

Browse Source
This commit is contained in:
xilabao 2017-02-10 11:51:48 +08:00
parent 46becf2c81
commit 0e77e2b800
4 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/kubeadm/app/apis/kubeadm/validation/BUILD
View File

@ -38,5 +38,8 @@ go_test(
srcs = ["validation_test.go"], srcs = ["validation_test.go"],
library = ":go_default_library", library = ":go_default_library",
tags = ["automanaged"], tags = ["automanaged"],
deps = ["//vendor:k8s.io/apimachinery/pkg/util/validation/field"], deps = [
"//cmd/kubeadm/app/apis/kubeadm:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/util/validation/field",
],
) )

6
cmd/kubeadm/app/apis/kubeadm/validation/validation.go
View File

@ -71,6 +71,12 @@ func ValidateHTTPSDiscovery(c *kubeadm.HTTPSDiscovery, fldPath *field.Path) fiel
func ValidateTokenDiscovery(c *kubeadm.TokenDiscovery, fldPath *field.Path) field.ErrorList { func ValidateTokenDiscovery(c *kubeadm.TokenDiscovery, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
if len(c.ID) == 0 || len(c.Secret) == 0 {
allErrs = append(allErrs, field.Invalid(fldPath, nil, "token must be specific as <ID>:<Secret>"))
}
if len(c.Addresses) == 0 {
allErrs = append(allErrs, field.Invalid(fldPath, nil, "at least one address is required"))
}
return allErrs return allErrs
} }

24
cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
View File

@ -20,8 +20,32 @@ import (
"testing" "testing"
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
) )
func TestValidateTokenDiscovery(t *testing.T) {
var tests = []struct {
c *kubeadm.TokenDiscovery
f *field.Path
expected bool
}{
{&kubeadm.TokenDiscovery{ID: "772ef5", Secret: "6b6baab1d4a0a171", Addresses: []string{"192.168.122.100:9898"}}, nil, true},
{&kubeadm.TokenDiscovery{ID: "", Secret: "6b6baab1d4a0a171", Addresses: []string{"192.168.122.100:9898"}}, nil, false},
{&kubeadm.TokenDiscovery{ID: "772ef5", Secret: "", Addresses: []string{"192.168.122.100:9898"}}, nil, false},
{&kubeadm.TokenDiscovery{ID: "772ef5", Secret: "6b6baab1d4a0a171", Addresses: []string{}}, nil, false},
}
for _, rt := range tests {
err := ValidateTokenDiscovery(rt.c, rt.f).ToAggregate()
if (err == nil) != rt.expected {
t.Errorf(
"failed ValidateTokenDiscovery:\n\texpected: %t\n\t actual: %t",
rt.expected,
(err == nil),
)
}
}
}
func TestValidateServiceSubnet(t *testing.T) { func TestValidateServiceSubnet(t *testing.T) {
var tests = []struct { var tests = []struct {
s string s string

3
cmd/kubeadm/app/node/discovery.go
View File

@ -33,6 +33,9 @@ import (
const discoveryRetryTimeout = 5 * time.Second const discoveryRetryTimeout = 5 * time.Second
func RetrieveTrustedClusterInfo(d *kubeadmapi.TokenDiscovery) (*kubeadmapi.ClusterInfo, error) { func RetrieveTrustedClusterInfo(d *kubeadmapi.TokenDiscovery) (*kubeadmapi.ClusterInfo, error) {
if len(d.Addresses) == 0 {
return nil, fmt.Errorf("the address is required to generate the requestURL")
}
requestURL := fmt.Sprintf("http://%s/cluster-info/v1/?token-id=%s", d.Addresses[0], d.ID) requestURL := fmt.Sprintf("http://%s/cluster-info/v1/?token-id=%s", d.Addresses[0], d.ID)
req, err := http.NewRequest("GET", requestURL, nil) req, err := http.NewRequest("GET", requestURL, nil)
if err != nil { if err != nil {