From 3d5ed379b0a1135748d5a15c686a1ef8508050f8 Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Thu, 24 Dec 2015 16:05:04 -0500 Subject: [PATCH] authn.go doesn't belong in pkg/apiserver apiserver does not need to know about specific authentication mechanisms, and does not need to take dependencies on all the authentication packages. --- cmd/kube-apiserver/app/server.go | 5 +++-- pkg/apiserver/{ => authenticator}/authn.go | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) rename pkg/apiserver/{ => authenticator}/authn.go (96%) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 7b13b02c21d..e6ffdecaa14 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -41,6 +41,7 @@ import ( "k8s.io/kubernetes/pkg/api/validation" "k8s.io/kubernetes/pkg/apis/extensions" "k8s.io/kubernetes/pkg/apiserver" + "k8s.io/kubernetes/pkg/apiserver/authenticator" "k8s.io/kubernetes/pkg/capabilities" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/cloudprovider" @@ -485,13 +486,13 @@ func (s *APIServer) Run(_ []string) error { // Default to the private server key for service account token signing if s.ServiceAccountKeyFile == "" && s.TLSPrivateKeyFile != "" { - if apiserver.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) { + if authenticator.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) { s.ServiceAccountKeyFile = s.TLSPrivateKeyFile } else { glog.Warning("No RSA key provided, service account token authentication disabled") } } - authenticator, err := apiserver.NewAuthenticator(apiserver.AuthenticatorConfig{ + authenticator, err := authenticator.New(authenticator.AuthenticatorConfig{ BasicAuthFile: s.BasicAuthFile, ClientCAFile: s.ClientCAFile, TokenAuthFile: s.TokenAuthFile, diff --git a/pkg/apiserver/authn.go b/pkg/apiserver/authenticator/authn.go similarity index 96% rename from pkg/apiserver/authn.go rename to pkg/apiserver/authenticator/authn.go index a586ba9ca08..a8bbfccd9b6 100644 --- a/pkg/apiserver/authn.go +++ b/pkg/apiserver/authenticator/authn.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package apiserver +package authenticator import ( "crypto/rsa" @@ -47,8 +47,9 @@ type AuthenticatorConfig struct { KeystoneURL string } -// NewAuthenticator returns an authenticator.Request or an error -func NewAuthenticator(config AuthenticatorConfig) (authenticator.Request, error) { +// New returns an authenticator.Request or an error that supports the standard +// Kubernetes authentication mechanisms. +func New(config AuthenticatorConfig) (authenticator.Request, error) { var authenticators []authenticator.Request if len(config.BasicAuthFile) > 0 {