Merge pull request #2005 from erictune/master_integ_test

Move handler setup: cmd/apiserver -> pkg/master

cmd/apiserver/apiserver.go

@@ -24,14 +24,10 @@ import (
 	"net/http"
 	"os"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken"
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/tokenfile"
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/handlers"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider"
@@ -188,7 +184,7 @@ func main() {
 
 	n := net.IPNet(portalNet)
 	mux := http.NewServeMux()
-	master.New(&master.Config{
+	m := master.New(&master.Config{
 		Client:             client,
 		Cloud:              cloud,
 		EtcdHelper:         helper,
@@ -209,33 +205,16 @@ func main() {
 		EnableLogsSupport:     *enableLogsSupport,
 		EnableUISupport:       true,
 		APIPrefix:             *apiPrefix,
+		CorsAllowedOriginList: corsAllowedOriginList,
+		TokenAuthFile:         *tokenAuthFile,
 	})
 
-	handler := http.Handler(mux)
-
-	if len(corsAllowedOriginList) > 0 {
-		allowedOriginRegexps, err := util.CompileRegexps(corsAllowedOriginList)
-		if err != nil {
-			glog.Fatalf("Invalid CORS allowed origin, --cors_allowed_origins flag was set to %v - %v", strings.Join(corsAllowedOriginList, ","), err)
-		}
-		handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true")
-	}
-
-	if len(*tokenAuthFile) != 0 {
-		auth, err := tokenfile.New(*tokenAuthFile)
-		if err != nil {
-			glog.Fatalf("Unable to load the token authentication file '%s': %v", *tokenAuthFile, err)
-		}
-		userContexts := handlers.NewUserRequestContext()
-		handler = handlers.NewRequestAuthenticator(userContexts, bearertoken.New(auth), handlers.Unauthorized, handler)
-	}
-
 	if *readOnlyPort != 0 {
 		// Allow 1 read-only request per second, allow up to 20 in a burst before enforcing.
 		rl := util.NewTokenBucketRateLimiter(1.0, 20)
 		readOnlyServer := &http.Server{
 			Addr:           net.JoinHostPort(address.String(), strconv.Itoa(int(*readOnlyPort))),
-			Handler:        apiserver.RecoverPanics(apiserver.ReadOnly(apiserver.RateLimit(rl, handler))),
+			Handler:        apiserver.RecoverPanics(apiserver.ReadOnly(apiserver.RateLimit(rl, m.Handler))),
 			ReadTimeout:    5 * time.Minute,
 			WriteTimeout:   5 * time.Minute,
 			MaxHeaderBytes: 1 << 20,
@@ -248,7 +227,7 @@ func main() {
 
 	s := &http.Server{
 		Addr:           net.JoinHostPort(address.String(), strconv.Itoa(int(*port))),
-		Handler:        apiserver.RecoverPanics(handler),
+		Handler:        apiserver.RecoverPanics(m.Handler),
 		ReadTimeout:    5 * time.Minute,
 		WriteTimeout:   5 * time.Minute,
 		MaxHeaderBytes: 1 << 20,

pkg/master/master.go

@@ -18,6 +18,8 @@ package master
 
 import (
 	"net"
+	"net/http"
+	"strings"
 	"time"
 
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
@@ -25,6 +27,9 @@ import (
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/v1beta1"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/v1beta2"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/tokenfile"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/handlers"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider"
 	cloudcontroller "github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider/controller"
@@ -41,6 +46,8 @@ import (
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/tools"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/ui"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
+
+	"github.com/golang/glog"
 )
 
 // Config is a structure used to configure a Master.
@@ -60,10 +67,13 @@ type Config struct {
 	EnableLogsSupport     bool
 	EnableUISupport       bool
 	APIPrefix             string
+	CorsAllowedOriginList util.StringList
+	TokenAuthFile         string
 }
 
 // Master contains state for a Kubernetes cluster master/api server.
 type Master struct {
+	// "Inputs", Copied from Config
 	podRegistry           pod.Registry
 	controllerRegistry    controller.Registry
 	serviceRegistry       service.Registry
@@ -78,6 +88,10 @@ type Master struct {
 	enableLogsSupport     bool
 	enableUISupport       bool
 	apiPrefix             string
+	corsAllowedOriginList util.StringList
+	tokenAuthFile         string
+	// "Outputs"
+	Handler http.Handler
 }
 
 // NewEtcdHelper returns an EtcdHelper for the provided arguments or an error if the version
@@ -114,6 +128,8 @@ func New(c *Config) *Master {
 		enableLogsSupport:     c.EnableLogsSupport,
 		enableUISupport:       c.EnableUISupport,
 		apiPrefix:             c.APIPrefix,
+		corsAllowedOriginList: c.CorsAllowedOriginList,
+		tokenAuthFile:         c.TokenAuthFile,
 	}
 	m.init(c)
 	return m
@@ -170,6 +186,26 @@ func (m *Master) init(c *Config) {
 	if c.EnableUISupport {
 		ui.InstallSupport(m.mux)
 	}
+
+	handler := http.Handler(m.mux.(*http.ServeMux))
+
+	if len(c.CorsAllowedOriginList) > 0 {
+		allowedOriginRegexps, err := util.CompileRegexps(c.CorsAllowedOriginList)
+		if err != nil {
+			glog.Fatalf("Invalid CORS allowed origin, --cors_allowed_origins flag was set to %v - %v", strings.Join(c.CorsAllowedOriginList, ","), err)
+		}
+		handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true")
+	}
+
+	if len(c.TokenAuthFile) != 0 {
+		auth, err := tokenfile.New(c.TokenAuthFile)
+		if err != nil {
+			glog.Fatalf("Unable to load the token authentication file '%s': %v", c.TokenAuthFile, err)
+		}
+		userContexts := handlers.NewUserRequestContext()
+		handler = handlers.NewRequestAuthenticator(userContexts, bearertoken.New(auth), handlers.Unauthorized, handler)
+	}
+	m.Handler = handler
 }
 
 // API_v1beta1 returns the resources and codec for API version v1beta1.