Merge pull request #70310 from mikedanese/trev10

echo audiences in anonymous and insecure authenticators
This commit is contained in:
k8s-ci-robot 2018-10-29 17:11:18 -07:00 committed by GitHub
commit 952e7b07c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 1 deletions

View File

@ -25,6 +25,7 @@ go_library(
deps = [ deps = [
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
], ],
) )

View File

@ -21,6 +21,7 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
) )
const ( const (
@ -31,11 +32,13 @@ const (
func NewAuthenticator() authenticator.Request { func NewAuthenticator() authenticator.Request {
return authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) { return authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
auds, _ := request.AudiencesFrom(req.Context())
return &authenticator.Response{ return &authenticator.Response{
User: &user.DefaultInfo{ User: &user.DefaultInfo{
Name: anonymousUser, Name: anonymousUser,
Groups: []string{unauthenticatedGroup}, Groups: []string{unauthenticatedGroup},
}, },
Audiences: auds,
}, true, nil }, true, nil
}) })
} }

View File

@ -17,6 +17,7 @@ limitations under the License.
package anonymous package anonymous
import ( import (
"net/http"
"testing" "testing"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
@ -26,7 +27,7 @@ import (
func TestAnonymous(t *testing.T) { func TestAnonymous(t *testing.T) {
var a authenticator.Request = NewAuthenticator() var a authenticator.Request = NewAuthenticator()
r, ok, err := a.AuthenticateRequest(nil) r, ok, err := a.AuthenticateRequest(&http.Request{})
if err != nil { if err != nil {
t.Fatalf("Unexpected error %v", err) t.Fatalf("Unexpected error %v", err)
} }

View File

@ -25,6 +25,7 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
) )
@ -79,10 +80,12 @@ func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config,
type InsecureSuperuser struct{} type InsecureSuperuser struct{}
func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) {
auds, _ := request.AudiencesFrom(req.Context())
return &authenticator.Response{ return &authenticator.Response{
User: &user.DefaultInfo{ User: &user.DefaultInfo{
Name: "system:unsecured", Name: "system:unsecured",
Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated}, Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated},
}, },
Audiences: auds,
}, true, nil }, true, nil
} }