mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-26 05:03:09 +00:00
Merge pull request #79153 from MikeSpreitzer/fix73409
Make AuthorizeClientBearerToken actually return if authn or authz is nil
This commit is contained in:
commit
a807cb625b
@ -662,6 +662,7 @@ func AuthorizeClientBearerToken(loopback *restclient.Config, authn *Authenticati
|
|||||||
}
|
}
|
||||||
if authn == nil || authz == nil {
|
if authn == nil || authz == nil {
|
||||||
// prevent nil pointer panic
|
// prevent nil pointer panic
|
||||||
|
return
|
||||||
}
|
}
|
||||||
if authn.Authenticator == nil || authz.Authorizer == nil {
|
if authn.Authenticator == nil || authz.Authorizer == nil {
|
||||||
// authenticator or authorizer might be nil if we want to bypass authz/authn
|
// authenticator or authorizer might be nil if we want to bypass authz/authn
|
||||||
|
@ -23,6 +23,7 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
@ -32,6 +33,39 @@ import (
|
|||||||
"k8s.io/client-go/rest"
|
"k8s.io/client-go/rest"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func TestAuthorizeClientBearerTokenNoops(t *testing.T) {
|
||||||
|
// All of these should do nothing (not panic, no side-effects)
|
||||||
|
cfgGens := []func() *rest.Config{
|
||||||
|
func() *rest.Config { return nil },
|
||||||
|
func() *rest.Config { return &rest.Config{} },
|
||||||
|
func() *rest.Config { return &rest.Config{BearerToken: "mu"} },
|
||||||
|
}
|
||||||
|
authcGens := []func() *AuthenticationInfo{
|
||||||
|
func() *AuthenticationInfo { return nil },
|
||||||
|
func() *AuthenticationInfo { return &AuthenticationInfo{} },
|
||||||
|
}
|
||||||
|
authzGens := []func() *AuthorizationInfo{
|
||||||
|
func() *AuthorizationInfo { return nil },
|
||||||
|
func() *AuthorizationInfo { return &AuthorizationInfo{} },
|
||||||
|
}
|
||||||
|
for _, cfgGen := range cfgGens {
|
||||||
|
for _, authcGen := range authcGens {
|
||||||
|
for _, authzGen := range authzGens {
|
||||||
|
pConfig := cfgGen()
|
||||||
|
pAuthc := authcGen()
|
||||||
|
pAuthz := authzGen()
|
||||||
|
AuthorizeClientBearerToken(pConfig, pAuthc, pAuthz)
|
||||||
|
if before, after := authcGen(), pAuthc; !reflect.DeepEqual(before, after) {
|
||||||
|
t.Errorf("AuthorizeClientBearerToken(%v, %#+v, %v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
|
||||||
|
}
|
||||||
|
if before, after := authzGen(), pAuthz; !reflect.DeepEqual(before, after) {
|
||||||
|
t.Errorf("AuthorizeClientBearerToken(%v, %v, %#+v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestNewWithDelegate(t *testing.T) {
|
func TestNewWithDelegate(t *testing.T) {
|
||||||
delegateConfig := NewConfig(codecs)
|
delegateConfig := NewConfig(codecs)
|
||||||
delegateConfig.ExternalAddress = "192.168.10.4:443"
|
delegateConfig.ExternalAddress = "192.168.10.4:443"
|
||||||
|
Loading…
Reference in New Issue
Block a user