authn.go doesn't belong in pkg/apiserver

apiserver does not need to know about specific authentication
mechanisms, and does not need to take dependencies on all the
authentication packages.
This commit is contained in:
Clayton Coleman 2015-12-24 16:05:04 -05:00
parent 500493a3ac
commit 3d5ed379b0
2 changed files with 7 additions and 5 deletions

View File

@ -41,6 +41,7 @@ import (
"k8s.io/kubernetes/pkg/api/validation" "k8s.io/kubernetes/pkg/api/validation"
"k8s.io/kubernetes/pkg/apis/extensions" "k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/kubernetes/pkg/apiserver" "k8s.io/kubernetes/pkg/apiserver"
"k8s.io/kubernetes/pkg/apiserver/authenticator"
"k8s.io/kubernetes/pkg/capabilities" "k8s.io/kubernetes/pkg/capabilities"
client "k8s.io/kubernetes/pkg/client/unversioned" client "k8s.io/kubernetes/pkg/client/unversioned"
"k8s.io/kubernetes/pkg/cloudprovider" "k8s.io/kubernetes/pkg/cloudprovider"
@ -485,13 +486,13 @@ func (s *APIServer) Run(_ []string) error {
// Default to the private server key for service account token signing // Default to the private server key for service account token signing
if s.ServiceAccountKeyFile == "" && s.TLSPrivateKeyFile != "" { if s.ServiceAccountKeyFile == "" && s.TLSPrivateKeyFile != "" {
if apiserver.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) { if authenticator.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) {
s.ServiceAccountKeyFile = s.TLSPrivateKeyFile s.ServiceAccountKeyFile = s.TLSPrivateKeyFile
} else { } else {
glog.Warning("No RSA key provided, service account token authentication disabled") glog.Warning("No RSA key provided, service account token authentication disabled")
} }
} }
authenticator, err := apiserver.NewAuthenticator(apiserver.AuthenticatorConfig{ authenticator, err := authenticator.New(authenticator.AuthenticatorConfig{
BasicAuthFile: s.BasicAuthFile, BasicAuthFile: s.BasicAuthFile,
ClientCAFile: s.ClientCAFile, ClientCAFile: s.ClientCAFile,
TokenAuthFile: s.TokenAuthFile, TokenAuthFile: s.TokenAuthFile,

View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package apiserver package authenticator
import ( import (
"crypto/rsa" "crypto/rsa"
@ -47,8 +47,9 @@ type AuthenticatorConfig struct {
KeystoneURL string KeystoneURL string
} }
// NewAuthenticator returns an authenticator.Request or an error // New returns an authenticator.Request or an error that supports the standard
func NewAuthenticator(config AuthenticatorConfig) (authenticator.Request, error) { // Kubernetes authentication mechanisms.
func New(config AuthenticatorConfig) (authenticator.Request, error) {
var authenticators []authenticator.Request var authenticators []authenticator.Request
if len(config.BasicAuthFile) > 0 { if len(config.BasicAuthFile) > 0 {