Merge pull request #40005 from sttts/sttts-pkg-auth-handlers-genericapiserver

Automatic merge from submit-queue (batch tested with PRs 40008, 40005, 40018)

genericapiserver: move pkg/auth/handlers into filters

Move authn filters to the other api related filters.

cmd/kube-aggregator/pkg/apiserver/BUILD

@@ -8,6 +8,30 @@ load(
     "go_test",
 )
 
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "handler_apis_test.go",
+        "handler_proxy_test.go",
+    ],
+    library = ":go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//cmd/kube-aggregator/pkg/apis/apiregistration:go_default_library",
+        "//cmd/kube-aggregator/pkg/client/listers/apiregistration/internalversion:go_default_library",
+        "//pkg/api:go_default_library",
+        "//pkg/api/v1:go_default_library",
+        "//pkg/client/cache:go_default_library",
+        "//pkg/client/listers/core/v1:go_default_library",
+        "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
+        "//vendor:k8s.io/apimachinery/pkg/runtime",
+        "//vendor:k8s.io/apimachinery/pkg/util/diff",
+        "//vendor:k8s.io/apimachinery/pkg/util/sets",
+        "//vendor:k8s.io/apiserver/pkg/authentication/user",
+        "//vendor:k8s.io/apiserver/pkg/request",
+    ],
+)
+
 go_library(
     name = "go_default_library",
     srcs = [
@@ -27,7 +51,6 @@ go_library(
         "//cmd/kube-aggregator/pkg/client/listers/apiregistration/internalversion:go_default_library",
         "//cmd/kube-aggregator/pkg/registry/apiservice/etcd:go_default_library",
         "//pkg/api:go_default_library",
-        "//pkg/auth/handlers:go_default_library",
         "//pkg/client/cache:go_default_library",
         "//pkg/client/clientset_generated/clientset:go_default_library",
         "//pkg/client/informers/informers_generated:go_default_library",
@@ -56,30 +79,6 @@ go_library(
     ],
 )
 
-go_test(
-    name = "go_default_test",
-    srcs = [
-        "handler_apis_test.go",
-        "handler_proxy_test.go",
-    ],
-    library = ":go_default_library",
-    tags = ["automanaged"],
-    deps = [
-        "//cmd/kube-aggregator/pkg/apis/apiregistration:go_default_library",
-        "//cmd/kube-aggregator/pkg/client/listers/apiregistration/internalversion:go_default_library",
-        "//pkg/api:go_default_library",
-        "//pkg/api/v1:go_default_library",
-        "//pkg/client/cache:go_default_library",
-        "//pkg/client/listers/core/v1:go_default_library",
-        "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
-        "//vendor:k8s.io/apimachinery/pkg/runtime",
-        "//vendor:k8s.io/apimachinery/pkg/util/diff",
-        "//vendor:k8s.io/apimachinery/pkg/util/sets",
-        "//vendor:k8s.io/apiserver/pkg/authentication/user",
-        "//vendor:k8s.io/apiserver/pkg/request",
-    ],
-)
-
 filegroup(
     name = "package-srcs",
     srcs = glob(["**"]),

cmd/kube-aggregator/pkg/apiserver/apiserver.go

@@ -23,7 +23,6 @@ import (
 
 	"k8s.io/apimachinery/pkg/util/wait"
 	genericapirequest "k8s.io/apiserver/pkg/request"
-	authhandlers "k8s.io/kubernetes/pkg/auth/handlers"
 	kubeclientset "k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
 	kubeinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated"
 	v1listers "k8s.io/kubernetes/pkg/client/listers/core/v1"
@@ -191,7 +190,7 @@ func (h *handlerChainConfig) handlerChain(apiHandler http.Handler, c *genericapi
 	handler = genericapifilters.WithImpersonation(handler, c.RequestContextMapper, c.Authorizer)
 	// audit to stdout to help with debugging as we get this started
 	handler = genericapifilters.WithAudit(handler, c.RequestContextMapper, os.Stdout)
-	handler = authhandlers.WithAuthentication(handler, c.RequestContextMapper, c.Authenticator, authhandlers.Unauthorized(c.SupportsBasicAuth))
+	handler = genericapifilters.WithAuthentication(handler, c.RequestContextMapper, c.Authenticator, genericapifilters.Unauthorized(c.SupportsBasicAuth))
 
 	handler = genericfilters.WithCORS(handler, c.CorsAllowedOriginList, nil, nil, nil, "true")
 	handler = genericfilters.WithPanicRecovery(handler, c.RequestContextMapper)

pkg/BUILD

@@ -31,7 +31,6 @@ filegroup(
         "//pkg/apis/rbac:all-srcs",
         "//pkg/apis/storage:all-srcs",
         "//pkg/auth/authorizer/abac:all-srcs",
-        "//pkg/auth/handlers:all-srcs",
         "//pkg/auth/user:all-srcs",
         "//pkg/capabilities:all-srcs",
         "//pkg/client/cache:all-srcs",

pkg/auth/handlers/BUILD

@@ -1,46 +0,0 @@
-package(default_visibility = ["//visibility:public"])
-
-licenses(["notice"])
-
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_library",
-    "go_test",
-)
-
-go_library(
-    name = "go_default_library",
-    srcs = ["handlers.go"],
-    tags = ["automanaged"],
-    deps = [
-        "//vendor:github.com/golang/glog",
-        "//vendor:github.com/prometheus/client_golang/prometheus",
-        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
-        "//vendor:k8s.io/apiserver/pkg/request",
-    ],
-)
-
-go_test(
-    name = "go_default_test",
-    srcs = ["handlers_test.go"],
-    library = ":go_default_library",
-    tags = ["automanaged"],
-    deps = [
-        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
-        "//vendor:k8s.io/apiserver/pkg/authentication/user",
-        "//vendor:k8s.io/apiserver/pkg/request",
-    ],
-)
-
-filegroup(
-    name = "package-srcs",
-    srcs = glob(["**"]),
-    tags = ["automanaged"],
-    visibility = ["//visibility:private"],
-)
-
-filegroup(
-    name = "all-srcs",
-    srcs = [":package-srcs"],
-    tags = ["automanaged"],
-)

pkg/genericapiserver/BUILD

@@ -68,7 +68,6 @@ go_library(
     deps = [
         "//pkg/admission:go_default_library",
         "//pkg/api:go_default_library",
-        "//pkg/auth/handlers:go_default_library",
         "//pkg/client/restclient:go_default_library",
         "//pkg/genericapiserver/api:go_default_library",
         "//pkg/genericapiserver/api/filters:go_default_library",

pkg/genericapiserver/api/filters/BUILD

@@ -8,10 +8,34 @@ load(
     "go_test",
 )
 
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "audit_test.go",
+        "authentication_test.go",
+        "authorization_test.go",
+        "impersonation_test.go",
+        "requestinfo_test.go",
+    ],
+    library = ":go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/authentication:go_default_library",
+        "//pkg/apis/batch:go_default_library",
+        "//pkg/genericapiserver/api/handlers/responsewriters:go_default_library",
+        "//vendor:k8s.io/apimachinery/pkg/util/sets",
+        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
+        "//vendor:k8s.io/apiserver/pkg/authentication/user",
+        "//vendor:k8s.io/apiserver/pkg/authorization/authorizer",
+        "//vendor:k8s.io/apiserver/pkg/request",
+    ],
+)
+
 go_library(
     name = "go_default_library",
     srcs = [
         "audit.go",
+        "authentication.go",
         "authorization.go",
         "doc.go",
         "impersonation.go",
@@ -24,7 +48,9 @@ go_library(
         "//pkg/genericapiserver/api/handlers/responsewriters:go_default_library",
         "//vendor:github.com/golang/glog",
         "//vendor:github.com/pborman/uuid",
+        "//vendor:github.com/prometheus/client_golang/prometheus",
         "//vendor:k8s.io/apimachinery/pkg/util/net",
+        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
         "//vendor:k8s.io/apiserver/pkg/authentication/serviceaccount",
         "//vendor:k8s.io/apiserver/pkg/authentication/user",
         "//vendor:k8s.io/apiserver/pkg/authorization/authorizer",
@@ -33,27 +59,6 @@ go_library(
     ],
 )
 
-go_test(
-    name = "go_default_test",
-    srcs = [
-        "audit_test.go",
-        "authorization_test.go",
-        "impersonation_test.go",
-        "requestinfo_test.go",
-    ],
-    library = ":go_default_library",
-    tags = ["automanaged"],
-    deps = [
-        "//pkg/apis/authentication:go_default_library",
-        "//pkg/apis/batch:go_default_library",
-        "//pkg/genericapiserver/api/handlers/responsewriters:go_default_library",
-        "//vendor:k8s.io/apimachinery/pkg/util/sets",
-        "//vendor:k8s.io/apiserver/pkg/authentication/user",
-        "//vendor:k8s.io/apiserver/pkg/authorization/authorizer",
-        "//vendor:k8s.io/apiserver/pkg/request",
-    ],
-)
-
 filegroup(
     name = "package-srcs",
     srcs = glob(["**"]),

pkg/genericapiserver/api/filters/authentication.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package handlers
+package filters
 
 import (
 	"net/http"

pkg/genericapiserver/api/filters/authentication_test.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package handlers
+package filters
 
 import (
 	"errors"

pkg/genericapiserver/config.go

@@ -50,7 +50,6 @@ import (
 	apirequest "k8s.io/apiserver/pkg/request"
 	"k8s.io/kubernetes/pkg/admission"
 	"k8s.io/kubernetes/pkg/api"
-	authhandlers "k8s.io/kubernetes/pkg/auth/handlers"
 	"k8s.io/kubernetes/pkg/client/restclient"
 	genericapifilters "k8s.io/kubernetes/pkg/genericapiserver/api/filters"
 	apiopenapi "k8s.io/kubernetes/pkg/genericapiserver/api/openapi"
@@ -573,7 +572,7 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) (secure, insec
 		handler = genericapifilters.WithAuthorization(handler, c.RequestContextMapper, c.Authorizer)
 		handler = genericapifilters.WithImpersonation(handler, c.RequestContextMapper, c.Authorizer)
 		handler = audit(handler) // before impersonation to read original user
-		handler = authhandlers.WithAuthentication(handler, c.RequestContextMapper, c.Authenticator, authhandlers.Unauthorized(c.SupportsBasicAuth))
+		handler = genericapifilters.WithAuthentication(handler, c.RequestContextMapper, c.Authenticator, genericapifilters.Unauthorized(c.SupportsBasicAuth))
 		return handler
 	}