mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
Merge pull request #79153 from MikeSpreitzer/fix73409
Make AuthorizeClientBearerToken actually return if authn or authz is nil
This commit is contained in:
commit
a807cb625b
@ -662,6 +662,7 @@ func AuthorizeClientBearerToken(loopback *restclient.Config, authn *Authenticati
|
||||
}
|
||||
if authn == nil || authz == nil {
|
||||
// prevent nil pointer panic
|
||||
return
|
||||
}
|
||||
if authn.Authenticator == nil || authz.Authorizer == nil {
|
||||
// authenticator or authorizer might be nil if we want to bypass authz/authn
|
||||
|
@ -23,6 +23,7 @@ import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/http/httputil"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
@ -32,6 +33,39 @@ import (
|
||||
"k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
func TestAuthorizeClientBearerTokenNoops(t *testing.T) {
|
||||
// All of these should do nothing (not panic, no side-effects)
|
||||
cfgGens := []func() *rest.Config{
|
||||
func() *rest.Config { return nil },
|
||||
func() *rest.Config { return &rest.Config{} },
|
||||
func() *rest.Config { return &rest.Config{BearerToken: "mu"} },
|
||||
}
|
||||
authcGens := []func() *AuthenticationInfo{
|
||||
func() *AuthenticationInfo { return nil },
|
||||
func() *AuthenticationInfo { return &AuthenticationInfo{} },
|
||||
}
|
||||
authzGens := []func() *AuthorizationInfo{
|
||||
func() *AuthorizationInfo { return nil },
|
||||
func() *AuthorizationInfo { return &AuthorizationInfo{} },
|
||||
}
|
||||
for _, cfgGen := range cfgGens {
|
||||
for _, authcGen := range authcGens {
|
||||
for _, authzGen := range authzGens {
|
||||
pConfig := cfgGen()
|
||||
pAuthc := authcGen()
|
||||
pAuthz := authzGen()
|
||||
AuthorizeClientBearerToken(pConfig, pAuthc, pAuthz)
|
||||
if before, after := authcGen(), pAuthc; !reflect.DeepEqual(before, after) {
|
||||
t.Errorf("AuthorizeClientBearerToken(%v, %#+v, %v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
|
||||
}
|
||||
if before, after := authzGen(), pAuthz; !reflect.DeepEqual(before, after) {
|
||||
t.Errorf("AuthorizeClientBearerToken(%v, %v, %#+v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewWithDelegate(t *testing.T) {
|
||||
delegateConfig := NewConfig(codecs)
|
||||
delegateConfig.ExternalAddress = "192.168.10.4:443"
|
||||
|
Loading…
Reference in New Issue
Block a user