mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-04 09:49:50 +00:00
Merge pull request #120985 from palnabarun/3221/fix-authorizer-name
[StructuredAuthorizationConfiguration] Fix the level at which authorizer name is surfaced
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
6f5fa2eb2f
@ -167,8 +167,8 @@ func (o *BuiltInAuthorizationOptions) buildAuthorizationConfiguration() (*authzc
|
|||||||
case authzmodes.ModeWebhook:
|
case authzmodes.ModeWebhook:
|
||||||
authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{
|
authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{
|
||||||
Type: authzconfig.TypeWebhook,
|
Type: authzconfig.TypeWebhook,
|
||||||
|
Name: defaultWebhookName,
|
||||||
Webhook: &authzconfig.WebhookConfiguration{
|
Webhook: &authzconfig.WebhookConfiguration{
|
||||||
Name: defaultWebhookName,
|
|
||||||
AuthorizedTTL: metav1.Duration{Duration: o.WebhookCacheAuthorizedTTL},
|
AuthorizedTTL: metav1.Duration{Duration: o.WebhookCacheAuthorizedTTL},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: o.WebhookCacheUnauthorizedTTL},
|
UnauthorizedTTL: metav1.Duration{Duration: o.WebhookCacheUnauthorizedTTL},
|
||||||
// Timeout and FailurePolicy are required for the new configuration.
|
// Timeout and FailurePolicy are required for the new configuration.
|
||||||
@ -183,9 +183,18 @@ func (o *BuiltInAuthorizationOptions) buildAuthorizationConfiguration() (*authzc
|
|||||||
},
|
},
|
||||||
})
|
})
|
||||||
default:
|
default:
|
||||||
authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{Type: authzconfig.AuthorizerType(mode)})
|
authorizers = append(authorizers, authzconfig.AuthorizerConfiguration{
|
||||||
|
Type: authzconfig.AuthorizerType(mode),
|
||||||
|
Name: getNameForAuthorizerMode(mode),
|
||||||
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return &authzconfig.AuthorizationConfiguration{Authorizers: authorizers}, nil
|
return &authzconfig.AuthorizationConfiguration{Authorizers: authorizers}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getNameForAuthorizerMode returns the name to be set for the mode in AuthorizationConfiguration
|
||||||
|
// For now, lower cases the mode name
|
||||||
|
func getNameForAuthorizerMode(mode string) string {
|
||||||
|
return strings.ToLower(mode)
|
||||||
|
}
|
||||||
|
|||||||
@ -228,18 +228,19 @@ type AuthorizerConfiguration struct {
|
|||||||
// types like Node, RBAC, ABAC, etc.
|
// types like Node, RBAC, ABAC, etc.
|
||||||
Type AuthorizerType
|
Type AuthorizerType
|
||||||
|
|
||||||
|
// Name used to describe the webhook
|
||||||
|
// This is explicitly used in monitoring machinery for metrics
|
||||||
|
// Note: Names must be DNS1123 labels like `myauthorizername` or
|
||||||
|
// subdomains like `myauthorizer.example.domain`
|
||||||
|
// Required, with no default
|
||||||
|
Name string
|
||||||
|
|
||||||
// Webhook defines the configuration for a Webhook authorizer
|
// Webhook defines the configuration for a Webhook authorizer
|
||||||
// Must be defined when Type=Webhook
|
// Must be defined when Type=Webhook
|
||||||
Webhook *WebhookConfiguration
|
Webhook *WebhookConfiguration
|
||||||
}
|
}
|
||||||
|
|
||||||
type WebhookConfiguration struct {
|
type WebhookConfiguration struct {
|
||||||
// Name used to describe the webhook
|
|
||||||
// This is explicitly used in monitoring machinery for metrics
|
|
||||||
// Note: Names must be DNS1123 labels like `mywebhookname` or
|
|
||||||
// subdomains like `webhookname.example.domain`
|
|
||||||
// Required, with no default
|
|
||||||
Name string
|
|
||||||
// The duration to cache 'authorized' responses from the webhook
|
// The duration to cache 'authorized' responses from the webhook
|
||||||
// authorizer.
|
// authorizer.
|
||||||
// Same as setting `--authorization-webhook-cache-authorized-ttl` flag
|
// Same as setting `--authorization-webhook-cache-authorized-ttl` flag
|
||||||
|
|||||||
@ -298,6 +298,13 @@ type AuthorizerConfiguration struct {
|
|||||||
// types like Node, RBAC, ABAC, etc.
|
// types like Node, RBAC, ABAC, etc.
|
||||||
Type string `json:"type"`
|
Type string `json:"type"`
|
||||||
|
|
||||||
|
// Name used to describe the webhook
|
||||||
|
// This is explicitly used in monitoring machinery for metrics
|
||||||
|
// Note: Names must be DNS1123 labels like `myauthorizername` or
|
||||||
|
// subdomains like `myauthorizer.example.domain`
|
||||||
|
// Required, with no default
|
||||||
|
Name string `json:"name"`
|
||||||
|
|
||||||
// Webhook defines the configuration for a Webhook authorizer
|
// Webhook defines the configuration for a Webhook authorizer
|
||||||
// Must be defined when Type=Webhook
|
// Must be defined when Type=Webhook
|
||||||
// Must not be defined when Type!=Webhook
|
// Must not be defined when Type!=Webhook
|
||||||
@ -305,12 +312,6 @@ type AuthorizerConfiguration struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type WebhookConfiguration struct {
|
type WebhookConfiguration struct {
|
||||||
// Name used to describe the webhook
|
|
||||||
// This is explicitly used in monitoring machinery for metrics
|
|
||||||
// Note: Names must be DNS1123 labels like `mywebhookname` or
|
|
||||||
// subdomains like `webhookname.example.domain`
|
|
||||||
// Required, with no default
|
|
||||||
Name string `json:"name"`
|
|
||||||
// The duration to cache 'authorized' responses from the webhook
|
// The duration to cache 'authorized' responses from the webhook
|
||||||
// authorizer.
|
// authorizer.
|
||||||
// Same as setting `--authorization-webhook-cache-authorized-ttl` flag
|
// Same as setting `--authorization-webhook-cache-authorized-ttl` flag
|
||||||
|
|||||||
@ -335,6 +335,7 @@ func Convert_apiserver_AuthorizationConfiguration_To_v1alpha1_AuthorizationConfi
|
|||||||
|
|
||||||
func autoConvert_v1alpha1_AuthorizerConfiguration_To_apiserver_AuthorizerConfiguration(in *AuthorizerConfiguration, out *apiserver.AuthorizerConfiguration, s conversion.Scope) error {
|
func autoConvert_v1alpha1_AuthorizerConfiguration_To_apiserver_AuthorizerConfiguration(in *AuthorizerConfiguration, out *apiserver.AuthorizerConfiguration, s conversion.Scope) error {
|
||||||
out.Type = apiserver.AuthorizerType(in.Type)
|
out.Type = apiserver.AuthorizerType(in.Type)
|
||||||
|
out.Name = in.Name
|
||||||
out.Webhook = (*apiserver.WebhookConfiguration)(unsafe.Pointer(in.Webhook))
|
out.Webhook = (*apiserver.WebhookConfiguration)(unsafe.Pointer(in.Webhook))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -346,6 +347,7 @@ func Convert_v1alpha1_AuthorizerConfiguration_To_apiserver_AuthorizerConfigurati
|
|||||||
|
|
||||||
func autoConvert_apiserver_AuthorizerConfiguration_To_v1alpha1_AuthorizerConfiguration(in *apiserver.AuthorizerConfiguration, out *AuthorizerConfiguration, s conversion.Scope) error {
|
func autoConvert_apiserver_AuthorizerConfiguration_To_v1alpha1_AuthorizerConfiguration(in *apiserver.AuthorizerConfiguration, out *AuthorizerConfiguration, s conversion.Scope) error {
|
||||||
out.Type = string(in.Type)
|
out.Type = string(in.Type)
|
||||||
|
out.Name = in.Name
|
||||||
out.Webhook = (*WebhookConfiguration)(unsafe.Pointer(in.Webhook))
|
out.Webhook = (*WebhookConfiguration)(unsafe.Pointer(in.Webhook))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -677,7 +679,6 @@ func Convert_apiserver_UDSTransport_To_v1alpha1_UDSTransport(in *apiserver.UDSTr
|
|||||||
}
|
}
|
||||||
|
|
||||||
func autoConvert_v1alpha1_WebhookConfiguration_To_apiserver_WebhookConfiguration(in *WebhookConfiguration, out *apiserver.WebhookConfiguration, s conversion.Scope) error {
|
func autoConvert_v1alpha1_WebhookConfiguration_To_apiserver_WebhookConfiguration(in *WebhookConfiguration, out *apiserver.WebhookConfiguration, s conversion.Scope) error {
|
||||||
out.Name = in.Name
|
|
||||||
out.AuthorizedTTL = in.AuthorizedTTL
|
out.AuthorizedTTL = in.AuthorizedTTL
|
||||||
out.UnauthorizedTTL = in.UnauthorizedTTL
|
out.UnauthorizedTTL = in.UnauthorizedTTL
|
||||||
out.Timeout = in.Timeout
|
out.Timeout = in.Timeout
|
||||||
@ -697,7 +698,6 @@ func Convert_v1alpha1_WebhookConfiguration_To_apiserver_WebhookConfiguration(in
|
|||||||
}
|
}
|
||||||
|
|
||||||
func autoConvert_apiserver_WebhookConfiguration_To_v1alpha1_WebhookConfiguration(in *apiserver.WebhookConfiguration, out *WebhookConfiguration, s conversion.Scope) error {
|
func autoConvert_apiserver_WebhookConfiguration_To_v1alpha1_WebhookConfiguration(in *apiserver.WebhookConfiguration, out *WebhookConfiguration, s conversion.Scope) error {
|
||||||
out.Name = in.Name
|
|
||||||
out.AuthorizedTTL = in.AuthorizedTTL
|
out.AuthorizedTTL = in.AuthorizedTTL
|
||||||
out.UnauthorizedTTL = in.UnauthorizedTTL
|
out.UnauthorizedTTL = in.UnauthorizedTTL
|
||||||
out.Timeout = in.Timeout
|
out.Timeout = in.Timeout
|
||||||
|
|||||||
@ -18,6 +18,7 @@ package validation
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
utilvalidation "k8s.io/apimachinery/pkg/util/validation"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
@ -28,7 +29,6 @@ import (
|
|||||||
"k8s.io/api/authorization/v1beta1"
|
"k8s.io/api/authorization/v1beta1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
utilvalidation "k8s.io/apimachinery/pkg/util/validation"
|
|
||||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||||
api "k8s.io/apiserver/pkg/apis/apiserver"
|
api "k8s.io/apiserver/pkg/apis/apiserver"
|
||||||
"k8s.io/client-go/util/cert"
|
"k8s.io/client-go/util/cert"
|
||||||
@ -220,7 +220,7 @@ func ValidateAuthorizationConfiguration(fldPath *field.Path, c *api.Authorizatio
|
|||||||
}
|
}
|
||||||
|
|
||||||
seenAuthorizerTypes := sets.NewString()
|
seenAuthorizerTypes := sets.NewString()
|
||||||
seenWebhookNames := sets.NewString()
|
seenAuthorizerNames := sets.NewString()
|
||||||
for i, a := range c.Authorizers {
|
for i, a := range c.Authorizers {
|
||||||
fldPath := fldPath.Child("authorizers").Index(i)
|
fldPath := fldPath.Child("authorizers").Index(i)
|
||||||
aType := string(a.Type)
|
aType := string(a.Type)
|
||||||
@ -238,13 +238,22 @@ func ValidateAuthorizationConfiguration(fldPath *field.Path, c *api.Authorizatio
|
|||||||
}
|
}
|
||||||
seenAuthorizerTypes.Insert(aType)
|
seenAuthorizerTypes.Insert(aType)
|
||||||
|
|
||||||
|
if len(a.Name) == 0 {
|
||||||
|
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
|
||||||
|
} else if seenAuthorizerNames.Has(a.Name) {
|
||||||
|
allErrs = append(allErrs, field.Duplicate(fldPath.Child("name"), a.Name))
|
||||||
|
} else if errs := utilvalidation.IsDNS1123Subdomain(a.Name); len(errs) != 0 {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), a.Name, fmt.Sprintf("authorizer name is invalid: %s", strings.Join(errs, ", "))))
|
||||||
|
}
|
||||||
|
seenAuthorizerNames.Insert(a.Name)
|
||||||
|
|
||||||
switch a.Type {
|
switch a.Type {
|
||||||
case api.TypeWebhook:
|
case api.TypeWebhook:
|
||||||
if a.Webhook == nil {
|
if a.Webhook == nil {
|
||||||
allErrs = append(allErrs, field.Required(fldPath.Child("webhook"), "required when type=Webhook"))
|
allErrs = append(allErrs, field.Required(fldPath.Child("webhook"), "required when type=Webhook"))
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
allErrs = append(allErrs, ValidateWebhookConfiguration(fldPath, a.Webhook, seenWebhookNames)...)
|
allErrs = append(allErrs, ValidateWebhookConfiguration(fldPath, a.Webhook)...)
|
||||||
default:
|
default:
|
||||||
if a.Webhook != nil {
|
if a.Webhook != nil {
|
||||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("webhook"), "non-null", "may only be specified when type=Webhook"))
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("webhook"), "non-null", "may only be specified when type=Webhook"))
|
||||||
@ -255,16 +264,8 @@ func ValidateAuthorizationConfiguration(fldPath *field.Path, c *api.Authorizatio
|
|||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
func ValidateWebhookConfiguration(fldPath *field.Path, c *api.WebhookConfiguration, seenNames sets.String) field.ErrorList {
|
func ValidateWebhookConfiguration(fldPath *field.Path, c *api.WebhookConfiguration) field.ErrorList {
|
||||||
allErrs := field.ErrorList{}
|
allErrs := field.ErrorList{}
|
||||||
if len(c.Name) == 0 {
|
|
||||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
|
|
||||||
} else if seenNames.Has(c.Name) {
|
|
||||||
allErrs = append(allErrs, field.Duplicate(fldPath.Child("name"), c.Name))
|
|
||||||
} else if errs := utilvalidation.IsDNS1123Subdomain(c.Name); len(errs) != 0 {
|
|
||||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), c.Name, fmt.Sprintf("webhook name is invalid: %s", strings.Join(errs, ", "))))
|
|
||||||
}
|
|
||||||
seenNames.Insert(c.Name)
|
|
||||||
|
|
||||||
if c.Timeout.Duration == 0 {
|
if c.Timeout.Duration == 0 {
|
||||||
allErrs = append(allErrs, field.Required(fldPath.Child("timeout"), ""))
|
allErrs = append(allErrs, field.Required(fldPath.Child("timeout"), ""))
|
||||||
|
|||||||
@ -448,7 +448,7 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
repeatableTypes: sets.NewString(),
|
repeatableTypes: sets.NewString(),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "type is required if an authorizer is defined",
|
name: "type and name are required if an authorizer is defined",
|
||||||
configuration: api.AuthorizationConfiguration{
|
configuration: api.AuthorizationConfiguration{
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{},
|
{},
|
||||||
@ -458,14 +458,88 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
knownTypes: sets.NewString(string("Webhook")),
|
knownTypes: sets.NewString(string("Webhook")),
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "authorizer names should be of non-zero length",
|
||||||
|
configuration: api.AuthorizationConfiguration{
|
||||||
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
|
{
|
||||||
|
Type: "Foo",
|
||||||
|
Name: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedErrList: field.ErrorList{field.Required(field.NewPath("name"), "")},
|
||||||
|
knownTypes: sets.NewString(string("Foo")),
|
||||||
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "authorizer names should be unique",
|
||||||
|
configuration: api.AuthorizationConfiguration{
|
||||||
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
|
{
|
||||||
|
Type: "Foo",
|
||||||
|
Name: "foo",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Type: "Bar",
|
||||||
|
Name: "foo",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("name"), "foo")},
|
||||||
|
knownTypes: sets.NewString(string("Foo"), string("Bar")),
|
||||||
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "authorizer names should be DNS1123 labels",
|
||||||
|
configuration: api.AuthorizationConfiguration{
|
||||||
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
|
{
|
||||||
|
Type: "Foo",
|
||||||
|
Name: "myauthorizer",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedErrList: field.ErrorList{},
|
||||||
|
knownTypes: sets.NewString(string("Foo")),
|
||||||
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "authorizer names should be DNS1123 subdomains",
|
||||||
|
configuration: api.AuthorizationConfiguration{
|
||||||
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
|
{
|
||||||
|
Type: "Foo",
|
||||||
|
Name: "foo.example.domain",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedErrList: field.ErrorList{},
|
||||||
|
knownTypes: sets.NewString(string("Foo")),
|
||||||
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "authorizer names should not be invalid DNS1123 labels or subdomains",
|
||||||
|
configuration: api.AuthorizationConfiguration{
|
||||||
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
|
{
|
||||||
|
Type: "Foo",
|
||||||
|
Name: "FOO.example.domain",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("name"), "FOO.example.domain", "")},
|
||||||
|
knownTypes: sets.NewString(string("Foo")),
|
||||||
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "bare minimum configuration with Webhook",
|
name: "bare minimum configuration with Webhook",
|
||||||
configuration: api.AuthorizationConfiguration{
|
configuration: api.AuthorizationConfiguration{
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -489,8 +563,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -504,8 +578,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "second-webhook",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "second-webhook",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -542,14 +616,16 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Foo",
|
Type: "Foo",
|
||||||
|
Name: "foo-1",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Type: "Foo",
|
Type: "Foo",
|
||||||
|
Name: "foo-2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("type"), "Foo")},
|
expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("type"), "Foo")},
|
||||||
knownTypes: sets.NewString([]string{string("Foo"), string("Webhook")}...),
|
knownTypes: sets.NewString(string("Foo")),
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -558,6 +634,7 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -571,6 +648,7 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Foo",
|
Type: "Foo",
|
||||||
|
Name: "foo",
|
||||||
Webhook: &api.WebhookConfiguration{},
|
Webhook: &api.WebhookConfiguration{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -579,154 +657,14 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
knownTypes: sets.NewString(string("Foo")),
|
knownTypes: sets.NewString(string("Foo")),
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
repeatableTypes: sets.NewString(string("Webhook")),
|
||||||
},
|
},
|
||||||
{
|
|
||||||
name: "webhook name should be of non-zero length",
|
|
||||||
configuration: api.AuthorizationConfiguration{
|
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
|
||||||
{
|
|
||||||
Type: "Webhook",
|
|
||||||
Webhook: &api.WebhookConfiguration{
|
|
||||||
Name: "",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
|
||||||
FailurePolicy: "NoOpinion",
|
|
||||||
SubjectAccessReviewVersion: "v1",
|
|
||||||
MatchConditionSubjectAccessReviewVersion: "v1",
|
|
||||||
ConnectionInfo: api.WebhookConnectionInfo{
|
|
||||||
Type: "InClusterConfig",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("name"), "")},
|
|
||||||
knownTypes: sets.NewString(string("Webhook")),
|
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "webhook names should be unique",
|
|
||||||
configuration: api.AuthorizationConfiguration{
|
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
|
||||||
{
|
|
||||||
Type: "Webhook",
|
|
||||||
Webhook: &api.WebhookConfiguration{
|
|
||||||
Name: "name-1",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
|
||||||
FailurePolicy: "NoOpinion",
|
|
||||||
SubjectAccessReviewVersion: "v1",
|
|
||||||
MatchConditionSubjectAccessReviewVersion: "v1",
|
|
||||||
ConnectionInfo: api.WebhookConnectionInfo{
|
|
||||||
Type: "InClusterConfig",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Type: "Webhook",
|
|
||||||
Webhook: &api.WebhookConfiguration{
|
|
||||||
Name: "name-1",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
|
||||||
FailurePolicy: "NoOpinion",
|
|
||||||
SubjectAccessReviewVersion: "v1",
|
|
||||||
MatchConditionSubjectAccessReviewVersion: "v1",
|
|
||||||
ConnectionInfo: api.WebhookConnectionInfo{
|
|
||||||
Type: "InClusterConfig",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("name"), "name-1")},
|
|
||||||
knownTypes: sets.NewString(string("Webhook")),
|
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "webhook names should be DNS1123 labels",
|
|
||||||
configuration: api.AuthorizationConfiguration{
|
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
|
||||||
{
|
|
||||||
Type: "Webhook",
|
|
||||||
Webhook: &api.WebhookConfiguration{
|
|
||||||
Name: "mywebhookname",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
|
||||||
FailurePolicy: "NoOpinion",
|
|
||||||
SubjectAccessReviewVersion: "v1",
|
|
||||||
MatchConditionSubjectAccessReviewVersion: "v1",
|
|
||||||
ConnectionInfo: api.WebhookConnectionInfo{
|
|
||||||
Type: "InClusterConfig",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
expectedErrList: field.ErrorList{},
|
|
||||||
knownTypes: sets.NewString(string("Webhook")),
|
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "webhook names should be DNS1123 subdomains",
|
|
||||||
configuration: api.AuthorizationConfiguration{
|
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
|
||||||
{
|
|
||||||
Type: "Webhook",
|
|
||||||
Webhook: &api.WebhookConfiguration{
|
|
||||||
Name: "webhookname.example.domain",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
|
||||||
FailurePolicy: "NoOpinion",
|
|
||||||
SubjectAccessReviewVersion: "v1",
|
|
||||||
MatchConditionSubjectAccessReviewVersion: "v1",
|
|
||||||
ConnectionInfo: api.WebhookConnectionInfo{
|
|
||||||
Type: "InClusterConfig",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
expectedErrList: field.ErrorList{},
|
|
||||||
knownTypes: sets.NewString(string("Webhook")),
|
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "webhook names should not be invalid DNS1123 labels or subdomains",
|
|
||||||
configuration: api.AuthorizationConfiguration{
|
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
|
||||||
{
|
|
||||||
Type: "Webhook",
|
|
||||||
Webhook: &api.WebhookConfiguration{
|
|
||||||
Name: "WEBHOOKNAME.example.domain",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
|
||||||
FailurePolicy: "NoOpinion",
|
|
||||||
SubjectAccessReviewVersion: "v1",
|
|
||||||
MatchConditionSubjectAccessReviewVersion: "v1",
|
|
||||||
ConnectionInfo: api.WebhookConnectionInfo{
|
|
||||||
Type: "InClusterConfig",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("name"), "WEBHOOKNAME.example.domain", "")},
|
|
||||||
knownTypes: sets.NewString(string("Webhook")),
|
|
||||||
repeatableTypes: sets.NewString(string("Webhook")),
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
name: "timeout should be specified",
|
name: "timeout should be specified",
|
||||||
configuration: api.AuthorizationConfiguration{
|
configuration: api.AuthorizationConfiguration{
|
||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -750,8 +688,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
Timeout: metav1.Duration{Duration: 0 * time.Second},
|
Timeout: metav1.Duration{Duration: 0 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
@ -775,8 +713,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
Timeout: metav1.Duration{Duration: -30 * time.Second},
|
Timeout: metav1.Duration{Duration: -30 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
@ -800,8 +738,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
Timeout: metav1.Duration{Duration: 60 * time.Second},
|
Timeout: metav1.Duration{Duration: 60 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
@ -825,8 +763,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -849,8 +787,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: -30 * time.Second},
|
AuthorizedTTL: metav1.Duration{Duration: -30 * time.Second},
|
||||||
@ -874,8 +812,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
@ -898,8 +836,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
FailurePolicy: "NoOpinion",
|
FailurePolicy: "NoOpinion",
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
@ -923,8 +861,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -947,8 +885,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -972,8 +910,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -996,8 +934,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1021,8 +959,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1045,8 +983,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1070,8 +1008,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1092,8 +1030,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1119,8 +1057,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1147,8 +1085,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1172,8 +1110,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
@ -1198,8 +1136,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
|||||||
Authorizers: []api.AuthorizerConfiguration{
|
Authorizers: []api.AuthorizerConfiguration{
|
||||||
{
|
{
|
||||||
Type: "Webhook",
|
Type: "Webhook",
|
||||||
|
Name: "default",
|
||||||
Webhook: &api.WebhookConfiguration{
|
Webhook: &api.WebhookConfiguration{
|
||||||
Name: "default",
|
|
||||||
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
Timeout: metav1.Duration{Duration: 5 * time.Second},
|
||||||
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
AuthorizedTTL: metav1.Duration{Duration: 5 * time.Minute},
|
||||||
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
UnauthorizedTTL: metav1.Duration{Duration: 30 * time.Second},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user