Make master take authenticator.Request interface instead of tokenfile

plugin/pkg/auth/authenticator/token/tokenfile/tokenfile.go

@@ -0,0 +1,72 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tokenfile
+
+import (
+	"encoding/csv"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user"
+)
+
+type TokenAuthenticator struct {
+	tokens map[string]*user.DefaultInfo
+}
+
+// NewCSV returns a TokenAuthenticator, populated from a CSV file.
+// The CSV file must contain records in the format "token,username,useruid"
+func NewCSV(path string) (*TokenAuthenticator, error) {
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	tokens := make(map[string]*user.DefaultInfo)
+	reader := csv.NewReader(file)
+	for {
+		record, err := reader.Read()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return nil, err
+		}
+		if len(record) < 3 {
+			return nil, fmt.Errorf("token file '%s' must have at least 3 columns (token, user name, user uid), found %d", path, len(record))
+		}
+		obj := &user.DefaultInfo{
+			Name: record[1],
+			UID:  record[2],
+		}
+		tokens[record[0]] = obj
+	}
+
+	return &TokenAuthenticator{
+		tokens: tokens,
+	}, nil
+}
+
+func (a *TokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) {
+	user, ok := a.tokens[value]
+	if !ok {
+		return nil, false, nil
+	}
+	return user, true, nil
+}

plugin/pkg/auth/authenticator/token/tokenfile/tokenfile_test.go

@@ -0,0 +1,113 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tokenfile
+
+import (
+	"io/ioutil"
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user"
+)
+
+func TestTokenFile(t *testing.T) {
+	auth, err := newWithContents(t, `
+token1,user1,uid1
+token2,user2,uid2
+`)
+	if err != nil {
+		t.Fatalf("unable to read tokenfile: %v", err)
+	}
+
+	testCases := []struct {
+		Token string
+		User  *user.DefaultInfo
+		Ok    bool
+		Err   bool
+	}{
+		{
+			Token: "token1",
+			User:  &user.DefaultInfo{Name: "user1", UID: "uid1"},
+			Ok:    true,
+		},
+		{
+			Token: "token2",
+			User:  &user.DefaultInfo{Name: "user2", UID: "uid2"},
+			Ok:    true,
+		},
+		{
+			Token: "token3",
+		},
+		{
+			Token: "token4",
+		},
+	}
+	for i, testCase := range testCases {
+		user, ok, err := auth.AuthenticateToken(testCase.Token)
+		if testCase.User == nil {
+			if user != nil {
+				t.Errorf("%d: unexpected non-nil user %#v", i, user)
+			}
+		} else if !reflect.DeepEqual(testCase.User, user) {
+			t.Errorf("%d: expected user %#v, got %#v", i, testCase.User, user)
+		}
+		if testCase.Ok != ok {
+			t.Errorf("%d: expected auth %v, got %v", i, testCase.Ok, ok)
+		}
+		switch {
+		case err == nil && testCase.Err:
+			t.Errorf("%d: unexpected nil error", i)
+		case err != nil && !testCase.Err:
+			t.Errorf("%d: unexpected error: %v", i, err)
+		}
+	}
+}
+
+func TestBadTokenFile(t *testing.T) {
+	_, err := newWithContents(t, `
+token1,user1,uid1
+token2,user2,uid2
+token3,user3
+token4
+`)
+	if err == nil {
+		t.Fatalf("unexpected non error")
+	}
+}
+
+func TestInsufficientColumnsTokenFile(t *testing.T) {
+	_, err := newWithContents(t, "token4\n")
+	if err == nil {
+		t.Fatalf("unexpected non error")
+	}
+}
+
+func newWithContents(t *testing.T, contents string) (auth *TokenAuthenticator, err error) {
+	f, err := ioutil.TempFile("", "tokenfile_test")
+	if err != nil {
+		t.Fatalf("unexpected error creating tokenfile: %v", err)
+	}
+	f.Close()
+	defer os.Remove(f.Name())
+
+	if err := ioutil.WriteFile(f.Name(), []byte(contents), 0700); err != nil {
+		t.Fatalf("unexpected error writing tokenfile: %v", err)
+	}
+
+	return NewCSV(f.Name())
+}

plugin/pkg/auth/authenticator/token/tokentest/tokentest.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tokentest
+
+import "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user"
+
+type TokenAuthenticator struct {
+	Tokens map[string]*user.DefaultInfo
+}
+
+func New() *TokenAuthenticator {
+	return &TokenAuthenticator{
+		Tokens: make(map[string]*user.DefaultInfo),
+	}
+}
+func (a *TokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) {
+	user, ok := a.Tokens[value]
+	if !ok {
+		return nil, false, nil
+	}
+	return user, true, nil
+}