mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-30 23:15:14 +00:00
authn.go doesn't belong in pkg/apiserver
apiserver does not need to know about specific authentication mechanisms, and does not need to take dependencies on all the authentication packages.
This commit is contained in:
parent
500493a3ac
commit
3d5ed379b0
@ -41,6 +41,7 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/api/validation"
|
"k8s.io/kubernetes/pkg/api/validation"
|
||||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||||
"k8s.io/kubernetes/pkg/apiserver"
|
"k8s.io/kubernetes/pkg/apiserver"
|
||||||
|
"k8s.io/kubernetes/pkg/apiserver/authenticator"
|
||||||
"k8s.io/kubernetes/pkg/capabilities"
|
"k8s.io/kubernetes/pkg/capabilities"
|
||||||
client "k8s.io/kubernetes/pkg/client/unversioned"
|
client "k8s.io/kubernetes/pkg/client/unversioned"
|
||||||
"k8s.io/kubernetes/pkg/cloudprovider"
|
"k8s.io/kubernetes/pkg/cloudprovider"
|
||||||
@ -485,13 +486,13 @@ func (s *APIServer) Run(_ []string) error {
|
|||||||
|
|
||||||
// Default to the private server key for service account token signing
|
// Default to the private server key for service account token signing
|
||||||
if s.ServiceAccountKeyFile == "" && s.TLSPrivateKeyFile != "" {
|
if s.ServiceAccountKeyFile == "" && s.TLSPrivateKeyFile != "" {
|
||||||
if apiserver.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) {
|
if authenticator.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) {
|
||||||
s.ServiceAccountKeyFile = s.TLSPrivateKeyFile
|
s.ServiceAccountKeyFile = s.TLSPrivateKeyFile
|
||||||
} else {
|
} else {
|
||||||
glog.Warning("No RSA key provided, service account token authentication disabled")
|
glog.Warning("No RSA key provided, service account token authentication disabled")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
authenticator, err := apiserver.NewAuthenticator(apiserver.AuthenticatorConfig{
|
authenticator, err := authenticator.New(authenticator.AuthenticatorConfig{
|
||||||
BasicAuthFile: s.BasicAuthFile,
|
BasicAuthFile: s.BasicAuthFile,
|
||||||
ClientCAFile: s.ClientCAFile,
|
ClientCAFile: s.ClientCAFile,
|
||||||
TokenAuthFile: s.TokenAuthFile,
|
TokenAuthFile: s.TokenAuthFile,
|
||||||
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package apiserver
|
package authenticator
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
@ -47,8 +47,9 @@ type AuthenticatorConfig struct {
|
|||||||
KeystoneURL string
|
KeystoneURL string
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewAuthenticator returns an authenticator.Request or an error
|
// New returns an authenticator.Request or an error that supports the standard
|
||||||
func NewAuthenticator(config AuthenticatorConfig) (authenticator.Request, error) {
|
// Kubernetes authentication mechanisms.
|
||||||
|
func New(config AuthenticatorConfig) (authenticator.Request, error) {
|
||||||
var authenticators []authenticator.Request
|
var authenticators []authenticator.Request
|
||||||
|
|
||||||
if len(config.BasicAuthFile) > 0 {
|
if len(config.BasicAuthFile) > 0 {
|
Loading…
Reference in New Issue
Block a user