Merge pull request #35101 from xilabao/auth-duplicate-detect

Automatic merge from submit-queue (batch tested with PRs 35101, 38215, 38092)

auth duplicate detect

I think we should not allow people set duplicate tokens in token file or set duplicate usernames in password file. because the default action overwriting the old data may let people misunderstand.

plugin/pkg/auth/authenticator/password/passwordfile/BUILD

@@ -14,7 +14,10 @@ go_library(
     name = "go_default_library",
     srcs = ["passwordfile.go"],
     tags = ["automanaged"],
-    deps = ["//pkg/auth/user:go_default_library"],
+    deps = [
+        "//pkg/auth/user:go_default_library",
+        "//vendor:github.com/golang/glog",
+    ],
 )
 
 go_test(

plugin/pkg/auth/authenticator/password/passwordfile/passwordfile.go

@@ -22,6 +22,7 @@ import (
 	"io"
 	"os"
 
+	"github.com/golang/glog"
 	"k8s.io/kubernetes/pkg/auth/user"
 )
 
@@ -43,6 +44,7 @@ func NewCSV(path string) (*PasswordAuthenticator, error) {
 	}
 	defer file.Close()
 
+	recordNum := 0
 	users := make(map[string]*userPasswordInfo)
 	reader := csv.NewReader(file)
 	for {
@@ -60,6 +62,10 @@ func NewCSV(path string) (*PasswordAuthenticator, error) {
 			info:     &user.DefaultInfo{Name: record[1], UID: record[2]},
 			password: record[0],
 		}
+		recordNum++
+		if _, exist := users[obj.info.Name]; exist {
+			glog.Warningf("duplicate username '%s' has been found in password file '%s', record number '%d'", obj.info.Name, path, recordNum)
+		}
 		users[obj.info.Name] = obj
 	}
 

plugin/pkg/auth/authenticator/token/tokenfile/BUILD

@@ -14,7 +14,10 @@ go_library(
     name = "go_default_library",
     srcs = ["tokenfile.go"],
     tags = ["automanaged"],
-    deps = ["//pkg/auth/user:go_default_library"],
+    deps = [
+        "//pkg/auth/user:go_default_library",
+        "//vendor:github.com/golang/glog",
+    ],
 )
 
 go_test(

plugin/pkg/auth/authenticator/token/tokenfile/tokenfile.go

@@ -23,6 +23,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/golang/glog"
 	"k8s.io/kubernetes/pkg/auth/user"
 )
 
@@ -46,6 +47,7 @@ func NewCSV(path string) (*TokenAuthenticator, error) {
 	}
 	defer file.Close()
 
+	recordNum := 0
 	tokens := make(map[string]*user.DefaultInfo)
 	reader := csv.NewReader(file)
 	reader.FieldsPerRecord = -1
@@ -64,6 +66,10 @@ func NewCSV(path string) (*TokenAuthenticator, error) {
 			Name: record[1],
 			UID:  record[2],
 		}
+		recordNum++
+		if _, exist := tokens[record[0]]; exist {
+			glog.Warningf("duplicate token has been found in token file '%s', record number '%d'", path, recordNum)
+		}
 		tokens[record[0]] = obj
 
 		if len(record) >= 4 {