github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-02-22 15:19:12 +00:00
Code Issues Projects Releases Wiki Activity

Update tests to use v1 for AuthenticationConfiguration

Browse Source 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
This commit is contained in:
Anish Ramasekar
2025-05-13 15:49:54 -07:00
parent aea874e5e4
commit 67345417c0
2 changed files with 116 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
pkg/kubeapiserver/options/authentication_test.go
View File

@@ -546,7 +546,7 @@ func TestToAuthenticationConfig_Anonymous(t *testing.T) {
name: "file-anonymous-disabled-AnonymousAuthConfigurableEndpoints-disabled",
args: []string{
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: false
@@ -559,7 +559,7 @@ anonymous:
enableAnonymousEndpoints: true,
args: []string{
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: false
@@ -572,7 +572,7 @@ anonymous:
Anonymous: &apiserver.AnonymousAuthConfig{Enabled: false},
},
AuthenticationConfigData: `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: false
@@ -585,7 +585,7 @@ anonymous:
enableAnonymousEndpoints: true,
args: []string{
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: true
@@ -598,7 +598,7 @@ anonymous:
Anonymous: &apiserver.AnonymousAuthConfig{Enabled: true},
},
AuthenticationConfigData: `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: true
@@ -611,7 +611,7 @@ anonymous:
enableAnonymousEndpoints: true,
args: []string{
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: false
@@ -626,7 +626,7 @@ anonymous:
enableAnonymousEndpoints: true,
args: []string{
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
conditions:
@@ -640,7 +640,7 @@ anonymous:
enableAnonymousEndpoints: true,
args: []string{
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: true
@@ -669,7 +669,7 @@ anonymous:
},
},
AuthenticationConfigData: `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: true
@@ -684,7 +684,7 @@ anonymous:
enableAnonymousEndpoints: true,
args: []string{"--anonymous-auth=True",
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
anonymous:
enabled: true
@@ -697,7 +697,7 @@ anonymous:
enableAnonymousEndpoints: true,
args: []string{"--anonymous-auth=True",
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -729,7 +729,7 @@ jwt:
},
},
AuthenticationConfigData: `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -982,7 +982,7 @@ func TestToAuthenticationConfig_OIDC(t *testing.T) {
name: "basic authentication configuration",
args: []string{
"--authentication-config=" + writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1013,7 +1013,7 @@ jwt:
},
},
AuthenticationConfigData: `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1462,6 +1462,82 @@ jwt:
"apiVersion":"apiserver.config.k8s.io/v1beta1",
"kind":"AuthenticationConfiguration"}`,
},
{
name: "v1 - json",
file: func() string {
return writeTempFile(t, `{
"apiVersion":"apiserver.config.k8s.io/v1",
"kind":"AuthenticationConfiguration",
"jwt":[{"issuer":{"url": "https://test-issuer"}}]}`)
},
expectedConfig: &apiserver.AuthenticationConfiguration{
JWT: []apiserver.JWTAuthenticator{
{
Issuer: apiserver.Issuer{
URL: "https://test-issuer",
},
},
},
},
expectedContentData: `{
"apiVersion":"apiserver.config.k8s.io/v1",
"kind":"AuthenticationConfiguration",
"jwt":[{"issuer":{"url": "https://test-issuer"}}]}`,
},
{
name: "v1 - yaml",
file: func() string {
return writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
url: https://test-issuer
claimMappings:
username:
claim: sub
prefix: ""
`)
},
expectedConfig: &apiserver.AuthenticationConfiguration{
JWT: []apiserver.JWTAuthenticator{
{
Issuer: apiserver.Issuer{
URL: "https://test-issuer",
},
ClaimMappings: apiserver.ClaimMappings{
Username: apiserver.PrefixedClaimOrExpression{
Claim: "sub",
Prefix: pointer.String(""),
},
},
},
},
},
expectedContentData: `
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
url: https://test-issuer
claimMappings:
username:
claim: sub
prefix: ""
`,
},
{
name: "v1 - no jwt",
file: func() string {
return writeTempFile(t, `{
"apiVersion":"apiserver.config.k8s.io/v1",
"kind":"AuthenticationConfiguration"}`)
},
expectedConfig: &apiserver.AuthenticationConfiguration{},
expectedContentData: `{
"apiVersion":"apiserver.config.k8s.io/v1",
"kind":"AuthenticationConfiguration"}`,
},
}
for _, tc := range testCases {

52
test/integration/apiserver/oidc/oidc_test.go
View File

@@ -152,7 +152,7 @@ func runTests(t *testing.T, useAuthenticationConfig bool) {
if useAuthenticationConfig {
authenticationConfig := fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1beta1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -285,7 +285,7 @@ jwt:
if useAuthenticationConfig {
authenticationConfig := fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -349,7 +349,7 @@ jwt:
if useAuthenticationConfig {
authenticationConfig := fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -472,7 +472,7 @@ func singleTestRunner[K utilsoidc.JosePrivateKey, L utilsoidc.JosePublicKey](
if useAuthenticationConfig {
fn = func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -602,7 +602,7 @@ func TestStructuredAuthenticationConfigCEL(t *testing.T) {
name: "username CEL expression is ok",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -652,7 +652,7 @@ jwt:
name: "groups CEL expression is ok",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -701,7 +701,7 @@ jwt:
name: "claim validation rule fails",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -746,7 +746,7 @@ jwt:
name: "extra mapping CEL expressions are ok",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -807,7 +807,7 @@ jwt:
name: "uid CEL expression is ok",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -856,7 +856,7 @@ jwt:
name: "user validation rule fails",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -905,7 +905,7 @@ jwt:
name: "multiple audiences check with claim validation rule is ok",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -957,7 +957,7 @@ jwt:
name: "non-string jti claim doesn't result in authentication error",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1051,7 +1051,7 @@ func TestStructuredAuthenticationConfigReload(t *testing.T) {
name: "old valid config to new valid config",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1069,7 +1069,7 @@ jwt:
},
newAuthConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1113,13 +1113,13 @@ jwt:
name: "old empty config to new valid config",
authConfigFn: func(t *testing.T, _, _ string) string {
return `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
`
},
newAuthConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1161,7 +1161,7 @@ jwt:
name: "old invalid config to new valid config",
authConfigFn: func(t *testing.T, issuerURL, _ string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1178,7 +1178,7 @@ jwt:
},
newAuthConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1216,7 +1216,7 @@ jwt:
name: "old valid config to new structurally invalid config (should be ignored)",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1234,7 +1234,7 @@ jwt:
},
newAuthConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1274,7 +1274,7 @@ jwt:
name: "old valid config to new valid empty config (should cause tokens to stop working)",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1292,7 +1292,7 @@ jwt:
},
newAuthConfigFn: func(t *testing.T, _, _ string) string {
return `
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
`
},
@@ -1317,7 +1317,7 @@ kind: AuthenticationConfiguration
name: "old valid config to new valid config with typo (should be ignored)",
authConfigFn: func(t *testing.T, issuerURL, caCert string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1335,7 +1335,7 @@ jwt:
},
newAuthConfigFn: func(t *testing.T, issuerURL, _ string) string {
return fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1547,7 +1547,7 @@ func TestStructuredAuthenticationDiscoveryURL(t *testing.T) {
discoveryURL := strings.TrimSuffix(tt.discoveryURL(oidcServer.URL()), "/") + "/.well-known/openid-configuration"
authenticationConfig := fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer:
@@ -1612,7 +1612,7 @@ func TestMultipleJWTAuthenticators(t *testing.T) {
oidcServer2 := utilsoidc.BuildAndRunTestServer(t, caFilePath2, caKeyFilePath2, "https://example.com")
authenticationConfig := fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1
kind: AuthenticationConfiguration
jwt:
- issuer: