Merge pull request #2892 from erictune/delete_whoami

Remove whoami handler.
This commit is contained in:
bgrant0607 2014-12-12 09:51:27 -08:00
commit 21a1bf24fa
3 changed files with 0 additions and 129 deletions

View File

@ -1,52 +0,0 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package master
import (
"net/http"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator"
"github.com/emicklei/go-restful"
)
// handleWhoAmI returns the user-string which this request is authenticated as (if any).
// Useful for debugging authentication. Always returns HTTP status okay and a human
// readable (not intended as API) description of authentication state of request.
func handleWhoAmI(auth authenticator.Request) restful.RouteFunction {
return func(req *restful.Request, resp *restful.Response) {
// This is supposed to go away, so it's not worth the effort to convert to restful
w := resp.ResponseWriter
w.Header().Set("Content-Type", "text/plain")
w.WriteHeader(http.StatusOK)
if auth == nil {
w.Write([]byte("NO AUTHENTICATION SUPPORT"))
return
}
userInfo, ok, err := auth.AuthenticateRequest(req.Request)
if err != nil {
w.Write([]byte("ERROR WHILE AUTHENTICATING"))
return
}
if !ok {
w.Write([]byte("NOT AUTHENTICATED"))
return
}
w.Write([]byte("AUTHENTICATED AS " + userInfo.GetName()))
return
}
}

View File

@ -373,8 +373,6 @@ func (m *Master) init(c *Config) {
if authenticator != nil {
handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler)
}
// TODO: Remove temporary _whoami handler
m.rootWebService.Route(m.rootWebService.GET("/_whoami").To(handleWhoAmI(authenticator)))
// Install root web services
m.handlerContainer.Add(m.rootWebService)

View File

@ -60,81 +60,6 @@ func getTestTokenAuth() authenticator.Request {
return bearertoken.New(tokenAuthenticator)
}
// TestWhoAmI passes a known Bearer Token to the master's /_whoami endpoint and checks that
// the master authenticates the user.
func TestWhoAmI(t *testing.T) {
deleteAllEtcdKeys()
// Set up a master
helper, err := master.NewEtcdHelper(newEtcdClient(), "v1beta1")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
var m *master.Master
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
m.Handler.ServeHTTP(w, req)
}))
defer s.Close()
m = master.New(&master.Config{
Client: client.NewOrDie(&client.Config{Host: s.URL}),
EtcdHelper: helper,
KubeletClient: client.FakeKubeletClient{},
EnableLogsSupport: false,
EnableUISupport: false,
APIPrefix: "/api",
Authenticator: getTestTokenAuth(),
Authorizer: apiserver.NewAlwaysAllowAuthorizer(),
})
// TODO: also test TLS, using e.g NewUnsafeTLSTransport() and NewClientCertTLSTransport() (see pkg/client/helper.go)
transport := http.DefaultTransport
testCases := []struct {
name string
token string
expected string
succeeds bool
}{
{"Valid token", AliceToken, "AUTHENTICATED AS alice", true},
{"Unknown token", UnknownToken, "", false},
{"No token", "", "", false},
}
for _, tc := range testCases {
req, err := http.NewRequest("GET", s.URL+"/_whoami", nil)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tc.token))
func() {
resp, err := transport.RoundTrip(req)
defer resp.Body.Close()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if tc.succeeds {
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
actual := string(body)
if tc.expected != actual {
t.Errorf("case: %s expected: %v got: %v", tc.name, tc.expected, actual)
}
} else {
if resp.StatusCode != http.StatusUnauthorized {
t.Errorf("case: %s expected Unauthorized, got: %v", tc.name, resp.StatusCode)
}
}
}()
}
}
// Bodies for requests used in subsequent tests.
var aPod string = `
{