github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #79153 from MikeSpreitzer/fix73409

Browse Source 
Make AuthorizeClientBearerToken actually return if authn or authz is nil
This commit is contained in:
Kubernetes Prow Robot 2019-07-02 02:15:11 -07:00 committed by GitHub
commit a807cb625b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
staging/src/k8s.io/apiserver/pkg/server/config.go
View File

@ -662,6 +662,7 @@ func AuthorizeClientBearerToken(loopback *restclient.Config, authn *Authenticati
} }
if authn == nil || authz == nil { if authn == nil || authz == nil {
// prevent nil pointer panic // prevent nil pointer panic
return
} }
if authn.Authenticator == nil || authz.Authorizer == nil { if authn.Authenticator == nil || authz.Authorizer == nil {
// authenticator or authorizer might be nil if we want to bypass authz/authn // authenticator or authorizer might be nil if we want to bypass authz/authn

34
staging/src/k8s.io/apiserver/pkg/server/config_test.go
View File

@ -23,6 +23,7 @@ import (
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"net/http/httputil" "net/http/httputil"
"reflect"
"testing" "testing"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
@ -32,6 +33,39 @@ import (
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
) )
func TestAuthorizeClientBearerTokenNoops(t *testing.T) {
// All of these should do nothing (not panic, no side-effects)
cfgGens := []func() *rest.Config{
func() *rest.Config { return nil },
func() *rest.Config { return &rest.Config{} },
func() *rest.Config { return &rest.Config{BearerToken: "mu"} },
}
authcGens := []func() *AuthenticationInfo{
func() *AuthenticationInfo { return nil },
func() *AuthenticationInfo { return &AuthenticationInfo{} },
}
authzGens := []func() *AuthorizationInfo{
func() *AuthorizationInfo { return nil },
func() *AuthorizationInfo { return &AuthorizationInfo{} },
}
for _, cfgGen := range cfgGens {
for _, authcGen := range authcGens {
for _, authzGen := range authzGens {
pConfig := cfgGen()
pAuthc := authcGen()
pAuthz := authzGen()
AuthorizeClientBearerToken(pConfig, pAuthc, pAuthz)
if before, after := authcGen(), pAuthc; !reflect.DeepEqual(before, after) {
t.Errorf("AuthorizeClientBearerToken(%v, %#+v, %v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
}
if before, after := authzGen(), pAuthz; !reflect.DeepEqual(before, after) {
t.Errorf("AuthorizeClientBearerToken(%v, %v, %#+v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
}
}
}
}
}
func TestNewWithDelegate(t *testing.T) { func TestNewWithDelegate(t *testing.T) {
delegateConfig := NewConfig(codecs) delegateConfig := NewConfig(codecs)
delegateConfig.ExternalAddress = "192.168.10.4:443" delegateConfig.ExternalAddress = "192.168.10.4:443"