move audience context functions to authenticator package

2025-07-29 14:37:00 +00:00 · 2018-10-31 14:50:11 -07:00 · 2018-10-31 14:50:11 -07:00 · 817cf70191
commit 817cf70191
parent dc23974148
12 changed files with 30 additions and 29 deletions
--- a/staging/src/k8s.io/apiserver/pkg/authentication/authenticator/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/authenticator/BUILD
@ -5,7 +5,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 go_library(
    name = "go_default_library",
    srcs = [
-        "helpers.go",
+        "audiences.go",
        "interfaces.go",
    ],
    importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/authentication/authenticator",
@ -28,6 +28,6 @@ filegroup(

 go_test(
    name = "go_default_test",
-    srcs = ["helpers_test.go"],
+    srcs = ["audiences_test.go"],
    embed = [":go_default_library"],
 )
--- a/staging/src/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go
@ -16,9 +16,30 @@ limitations under the License.

 package authenticator

+import "context"
+
 // Audiences is a container for the Audiences of a token.
 type Audiences []string

+// The key type is unexported to prevent collisions
+type key int
+
+const (
+	// audiencesKey is the context key for request audiences.
+	audiencesKey key = iota
+)
+
+// WithAudiences returns a context that stores a request's expected audiences.
+func WithAudiences(ctx context.Context, auds Audiences) context.Context {
+	return context.WithValue(ctx, audiencesKey, auds)
+}
+
+// AudiencesFrom returns a request's expected audiences stored in the request context.
+func AudiencesFrom(ctx context.Context) (Audiences, bool) {
+	auds, ok := ctx.Value(audiencesKey).(Audiences)
+	return auds, ok
+}
+
 // Has checks if Audiences contains a specific audiences.
 func (a Audiences) Has(taud string) bool {
 	for _, aud := range a {
--- a/staging/src/k8s.io/apiserver/pkg/authentication/authenticator/audiences_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/authenticator/audiences_test.go
--- a/staging/src/k8s.io/apiserver/pkg/authentication/request/anonymous/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/request/anonymous/BUILD
@ -25,7 +25,6 @@ go_library(
    deps = [
        "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
-        "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
    ],
 )

--- a/staging/src/k8s.io/apiserver/pkg/authentication/request/anonymous/anonymous.go
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/request/anonymous/anonymous.go
@ -21,7 +21,6 @@ import (

 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
-	"k8s.io/apiserver/pkg/endpoints/request"
 )

 const (
@ -32,7 +31,7 @@ const (

 func NewAuthenticator() authenticator.Request {
 	return authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
-		auds, _ := request.AudiencesFrom(req.Context())
+		auds, _ := authenticator.AudiencesFrom(req.Context())
 		return &authenticator.Response{
 			User: &user.DefaultInfo{
 				Name:   anonymousUser,
--- a/staging/src/k8s.io/apiserver/pkg/authentication/token/cache/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/token/cache/BUILD
@ -17,7 +17,6 @@ go_test(
        "//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
-        "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
        "//vendor/github.com/pborman/uuid:go_default_library",
    ],
 )
@ -35,7 +34,6 @@ go_library(
        "//staging/src/k8s.io/apimachinery/pkg/util/cache:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
-        "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
    ],
 )

--- a/staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go
@ -23,7 +23,6 @@ import (

 	utilclock "k8s.io/apimachinery/pkg/util/clock"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
-	"k8s.io/apiserver/pkg/endpoints/request"
 )

 // cacheRecord holds the three return values of the authenticator.Token AuthenticateToken method
@ -67,7 +66,7 @@ func newWithClock(authenticator authenticator.Token, successTTL, failureTTL time

 // AuthenticateToken implements authenticator.Token
 func (a *cachedTokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) {
-	auds, _ := request.AudiencesFrom(ctx)
+	auds, _ := authenticator.AudiencesFrom(ctx)

 	key := keyFunc(auds, token)
 	if record, ok := a.cache.get(key); ok {
--- a/staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator_test.go
@ -25,7 +25,6 @@ import (
 	utilclock "k8s.io/apimachinery/pkg/util/clock"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
-	"k8s.io/apiserver/pkg/endpoints/request"
 )

 func TestCachedTokenAuthenticator(t *testing.T) {
@ -109,7 +108,7 @@ func TestCachedTokenAuthenticator(t *testing.T) {
 func TestCachedTokenAuthenticatorWithAudiences(t *testing.T) {
 	resultUsers := make(map[string]user.Info)
 	fakeAuth := authenticator.TokenFunc(func(ctx context.Context, token string) (*authenticator.Response, bool, error) {
-		auds, _ := request.AudiencesFrom(ctx)
+		auds, _ := authenticator.AudiencesFrom(ctx)
 		return &authenticator.Response{User: resultUsers[auds[0]+token]}, true, nil
 	})
 	fakeClock := utilclock.NewFakeClock(time.Now())
@ -119,10 +118,10 @@ func TestCachedTokenAuthenticatorWithAudiences(t *testing.T) {
 	resultUsers["audAusertoken1"] = &user.DefaultInfo{Name: "user1"}
 	resultUsers["audBusertoken1"] = &user.DefaultInfo{Name: "user1-different"}

-	if u, ok, _ := a.AuthenticateToken(request.WithAudiences(context.Background(), []string{"audA"}), "usertoken1"); !ok || u.User.GetName() != "user1" {
+	if u, ok, _ := a.AuthenticateToken(authenticator.WithAudiences(context.Background(), []string{"audA"}), "usertoken1"); !ok || u.User.GetName() != "user1" {
 		t.Errorf("Expected user1")
 	}
-	if u, ok, _ := a.AuthenticateToken(request.WithAudiences(context.Background(), []string{"audB"}), "usertoken1"); !ok || u.User.GetName() != "user1-different" {
+	if u, ok, _ := a.AuthenticateToken(authenticator.WithAudiences(context.Background(), []string{"audB"}), "usertoken1"); !ok || u.User.GetName() != "user1-different" {
 		t.Errorf("Expected user1-different")
 	}
 }
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go
@ -57,7 +57,7 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed
 	}
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 		if len(apiAuds) > 0 {
-			req = req.WithContext(genericapirequest.WithAudiences(req.Context(), apiAuds))
+			req = req.WithContext(authenticator.WithAudiences(req.Context(), apiAuds))
 		}
 		resp, ok, err := auth.AuthenticateRequest(req)
 		if err != nil || !ok {
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/request/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/request/BUILD
@ -35,7 +35,6 @@ go_library(
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
-        "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
        "//vendor/github.com/golang/glog:go_default_library",
    ],
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/request/context.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/request/context.go
@ -21,7 +21,6 @@ import (

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/apis/audit"
-	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 )

@ -95,14 +94,3 @@ func AuditEventFrom(ctx context.Context) *audit.Event {
 	ev, _ := ctx.Value(auditKey).(*audit.Event)
 	return ev
 }
-
-// WithAudiences returns a context that stores a request's expected audiences.
-func WithAudiences(ctx context.Context, auds authenticator.Audiences) context.Context {
-	return context.WithValue(ctx, audiencesKey, auds)
-}
-
-// AudiencesFrom returns a request's expected audiences stored in the request context.
-func AudiencesFrom(ctx context.Context) (authenticator.Audiences, bool) {
-	auds, ok := ctx.Value(audiencesKey).(authenticator.Audiences)
-	return auds, ok
-}
--- a/staging/src/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go
@ -25,7 +25,6 @@ import (

 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
-	"k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/client-go/rest"
 )

@ -80,7 +79,7 @@ func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config,
 type InsecureSuperuser struct{}

 func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) {
-	auds, _ := request.AudiencesFrom(req.Context())
+	auds, _ := authenticator.AudiencesFrom(req.Context())
 	return &authenticator.Response{
 		User: &user.DefaultInfo{
 			Name:   "system:unsecured",