mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
Merge pull request #90064 from neolit123/1.19-fix-authz-warning
kubeadm: fix misleading warning for authz modes
This commit is contained in:
commit
613cd04d8c
@ -222,16 +222,31 @@ func getAuthzModes(authzModeExtraArgs string) string {
|
|||||||
|
|
||||||
// only return the user provided mode if at least one was valid
|
// only return the user provided mode if at least one was valid
|
||||||
if len(mode) > 0 {
|
if len(mode) > 0 {
|
||||||
klog.Warningf("the default kube-apiserver authorization-mode is %q; using %q",
|
if !compareAuthzModes(defaultMode, mode) {
|
||||||
strings.Join(defaultMode, ","),
|
klog.Warningf("the default kube-apiserver authorization-mode is %q; using %q",
|
||||||
strings.Join(mode, ","),
|
strings.Join(defaultMode, ","),
|
||||||
)
|
strings.Join(mode, ","),
|
||||||
|
)
|
||||||
|
}
|
||||||
return strings.Join(mode, ",")
|
return strings.Join(mode, ",")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return strings.Join(defaultMode, ",")
|
return strings.Join(defaultMode, ",")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// compareAuthzModes compares two given authz modes and returns false if they do not match
|
||||||
|
func compareAuthzModes(a, b []string) bool {
|
||||||
|
if len(a) != len(b) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
for i, m := range a {
|
||||||
|
if m != b[i] {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
func isValidAuthzMode(authzMode string) bool {
|
func isValidAuthzMode(authzMode string) bool {
|
||||||
allModes := []string{
|
allModes := []string{
|
||||||
kubeadmconstants.ModeNode,
|
kubeadmconstants.ModeNode,
|
||||||
|
@ -1144,3 +1144,43 @@ func TestIsValidAuthzMode(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestCompareAuthzModes(t *testing.T) {
|
||||||
|
var tests = []struct {
|
||||||
|
name string
|
||||||
|
modesA []string
|
||||||
|
modesB []string
|
||||||
|
equal bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "modes match",
|
||||||
|
modesA: []string{"a", "b", "c"},
|
||||||
|
modesB: []string{"a", "b", "c"},
|
||||||
|
equal: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "modes order does not match",
|
||||||
|
modesA: []string{"a", "c", "b"},
|
||||||
|
modesB: []string{"a", "b", "c"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "modes do not match; A has less modes",
|
||||||
|
modesA: []string{"a", "b"},
|
||||||
|
modesB: []string{"a", "b", "c"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "modes do not match; B has less modes",
|
||||||
|
modesA: []string{"a", "b", "c"},
|
||||||
|
modesB: []string{"a", "b"},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, rt := range tests {
|
||||||
|
t.Run(rt.name, func(t *testing.T) {
|
||||||
|
equal := compareAuthzModes(rt.modesA, rt.modesB)
|
||||||
|
if equal != rt.equal {
|
||||||
|
t.Errorf("failed compareAuthzModes:\nexpected:\n%v\nsaw:\n%v", rt.equal, equal)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user