Merge pull request #2892 from erictune/delete_whoami

Remove whoami handler.
2025-07-30 15:05:27 +00:00 · 2014-12-12 09:51:27 -08:00 · 2014-12-12 09:51:27 -08:00 · 21a1bf24fa
commit 21a1bf24fa
parent 129074671c 029a9b6400
3 changed files with 0 additions and 129 deletions
--- a/pkg/master/handlers.go
+++ b/pkg/master/handlers.go
@ -1,52 +0,0 @@
-/*
-Copyright 2014 Google Inc. All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package master
-
-import (
-	"net/http"
-
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator"
-
-	"github.com/emicklei/go-restful"
-)
-
-// handleWhoAmI returns the user-string which this request is authenticated as (if any).
-// Useful for debugging authentication.  Always returns HTTP status okay and a human
-// readable (not intended as API) description of authentication state of request.
-func handleWhoAmI(auth authenticator.Request) restful.RouteFunction {
-	return func(req *restful.Request, resp *restful.Response) {
-		// This is supposed to go away, so it's not worth the effort to convert to restful
-		w := resp.ResponseWriter
-		w.Header().Set("Content-Type", "text/plain")
-		w.WriteHeader(http.StatusOK)
-		if auth == nil {
-			w.Write([]byte("NO AUTHENTICATION SUPPORT"))
-			return
-		}
-		userInfo, ok, err := auth.AuthenticateRequest(req.Request)
-		if err != nil {
-			w.Write([]byte("ERROR WHILE AUTHENTICATING"))
-			return
-		}
-		if !ok {
-			w.Write([]byte("NOT AUTHENTICATED"))
-			return
-		}
-		w.Write([]byte("AUTHENTICATED AS " + userInfo.GetName()))
-		return
-	}
-}
--- a/pkg/master/master.go
+++ b/pkg/master/master.go
@ -373,8 +373,6 @@ func (m *Master) init(c *Config) {
 	if authenticator != nil {
 		handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler)
 	}
-	// TODO: Remove temporary _whoami handler
-	m.rootWebService.Route(m.rootWebService.GET("/_whoami").To(handleWhoAmI(authenticator)))

 	// Install root web services
 	m.handlerContainer.Add(m.rootWebService)
--- a/test/integration/auth_test.go
+++ b/test/integration/auth_test.go
@ -60,81 +60,6 @@ func getTestTokenAuth() authenticator.Request {
 	return bearertoken.New(tokenAuthenticator)
 }

-// TestWhoAmI passes a known Bearer Token to the master's /_whoami endpoint and checks that
-// the master authenticates the user.
-func TestWhoAmI(t *testing.T) {
-	deleteAllEtcdKeys()
-
-	// Set up a master
-
-	helper, err := master.NewEtcdHelper(newEtcdClient(), "v1beta1")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	var m *master.Master
-	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		m.Handler.ServeHTTP(w, req)
-	}))
-	defer s.Close()
-
-	m = master.New(&master.Config{
-		Client:            client.NewOrDie(&client.Config{Host: s.URL}),
-		EtcdHelper:        helper,
-		KubeletClient:     client.FakeKubeletClient{},
-		EnableLogsSupport: false,
-		EnableUISupport:   false,
-		APIPrefix:         "/api",
-		Authenticator:     getTestTokenAuth(),
-		Authorizer:        apiserver.NewAlwaysAllowAuthorizer(),
-	})
-
-	// TODO: also test TLS, using e.g NewUnsafeTLSTransport() and NewClientCertTLSTransport() (see pkg/client/helper.go)
-	transport := http.DefaultTransport
-
-	testCases := []struct {
-		name     string
-		token    string
-		expected string
-		succeeds bool
-	}{
-		{"Valid token", AliceToken, "AUTHENTICATED AS alice", true},
-		{"Unknown token", UnknownToken, "", false},
-		{"No token", "", "", false},
-	}
-	for _, tc := range testCases {
-		req, err := http.NewRequest("GET", s.URL+"/_whoami", nil)
-		if err != nil {
-			t.Fatalf("unexpected error: %v", err)
-		}
-		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tc.token))
-		func() {
-			resp, err := transport.RoundTrip(req)
-			defer resp.Body.Close()
-			if err != nil {
-				t.Fatalf("unexpected error: %v", err)
-			}
-
-			if tc.succeeds {
-				body, err := ioutil.ReadAll(resp.Body)
-				if err != nil {
-					t.Fatalf("unexpected error: %v", err)
-				}
-
-				actual := string(body)
-				if tc.expected != actual {
-					t.Errorf("case: %s expected: %v got: %v", tc.name, tc.expected, actual)
-				}
-			} else {
-				if resp.StatusCode != http.StatusUnauthorized {
-					t.Errorf("case: %s expected Unauthorized, got: %v", tc.name, resp.StatusCode)
-				}
-
-			}
-		}()
-	}
-}
-
 // Bodies for requests used in subsequent tests.
 var aPod string = `
 {