Merge pull request #79153 from MikeSpreitzer/fix73409

Make AuthorizeClientBearerToken actually return if authn or authz is nil
This commit is contained in:
Kubernetes Prow Robot 2019-07-02 02:15:11 -07:00 committed by GitHub
commit a807cb625b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 0 deletions

View File

@ -662,6 +662,7 @@ func AuthorizeClientBearerToken(loopback *restclient.Config, authn *Authenticati
}
if authn == nil || authz == nil {
// prevent nil pointer panic
return
}
if authn.Authenticator == nil || authz.Authorizer == nil {
// authenticator or authorizer might be nil if we want to bypass authz/authn

View File

@ -23,6 +23,7 @@ import (
"net/http"
"net/http/httptest"
"net/http/httputil"
"reflect"
"testing"
"k8s.io/apimachinery/pkg/util/sets"
@ -32,6 +33,39 @@ import (
"k8s.io/client-go/rest"
)
func TestAuthorizeClientBearerTokenNoops(t *testing.T) {
// All of these should do nothing (not panic, no side-effects)
cfgGens := []func() *rest.Config{
func() *rest.Config { return nil },
func() *rest.Config { return &rest.Config{} },
func() *rest.Config { return &rest.Config{BearerToken: "mu"} },
}
authcGens := []func() *AuthenticationInfo{
func() *AuthenticationInfo { return nil },
func() *AuthenticationInfo { return &AuthenticationInfo{} },
}
authzGens := []func() *AuthorizationInfo{
func() *AuthorizationInfo { return nil },
func() *AuthorizationInfo { return &AuthorizationInfo{} },
}
for _, cfgGen := range cfgGens {
for _, authcGen := range authcGens {
for _, authzGen := range authzGens {
pConfig := cfgGen()
pAuthc := authcGen()
pAuthz := authzGen()
AuthorizeClientBearerToken(pConfig, pAuthc, pAuthz)
if before, after := authcGen(), pAuthc; !reflect.DeepEqual(before, after) {
t.Errorf("AuthorizeClientBearerToken(%v, %#+v, %v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
}
if before, after := authzGen(), pAuthz; !reflect.DeepEqual(before, after) {
t.Errorf("AuthorizeClientBearerToken(%v, %v, %#+v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
}
}
}
}
}
func TestNewWithDelegate(t *testing.T) {
delegateConfig := NewConfig(codecs)
delegateConfig.ExternalAddress = "192.168.10.4:443"