mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Add support for groups to passwordfile
This commit is contained in:
parent
e827393fa2
commit
caca81b1b5
@ -21,6 +21,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
"k8s.io/apiserver/pkg/authentication/user"
|
"k8s.io/apiserver/pkg/authentication/user"
|
||||||
@ -47,6 +48,7 @@ func NewCSV(path string) (*PasswordAuthenticator, error) {
|
|||||||
recordNum := 0
|
recordNum := 0
|
||||||
users := make(map[string]*userPasswordInfo)
|
users := make(map[string]*userPasswordInfo)
|
||||||
reader := csv.NewReader(file)
|
reader := csv.NewReader(file)
|
||||||
|
reader.FieldsPerRecord = -1
|
||||||
for {
|
for {
|
||||||
record, err := reader.Read()
|
record, err := reader.Read()
|
||||||
if err == io.EOF {
|
if err == io.EOF {
|
||||||
@ -62,6 +64,9 @@ func NewCSV(path string) (*PasswordAuthenticator, error) {
|
|||||||
info: &user.DefaultInfo{Name: record[1], UID: record[2]},
|
info: &user.DefaultInfo{Name: record[1], UID: record[2]},
|
||||||
password: record[0],
|
password: record[0],
|
||||||
}
|
}
|
||||||
|
if len(record) >= 4 {
|
||||||
|
obj.info.Groups = strings.Split(record[3], ",")
|
||||||
|
}
|
||||||
recordNum++
|
recordNum++
|
||||||
if _, exist := users[obj.info.Name]; exist {
|
if _, exist := users[obj.info.Name]; exist {
|
||||||
glog.Warningf("duplicate username '%s' has been found in password file '%s', record number '%d'", obj.info.Name, path, recordNum)
|
glog.Warningf("duplicate username '%s' has been found in password file '%s', record number '%d'", obj.info.Name, path, recordNum)
|
||||||
|
@ -29,6 +29,11 @@ func TestPasswordFile(t *testing.T) {
|
|||||||
auth, err := newWithContents(t, `
|
auth, err := newWithContents(t, `
|
||||||
password1,user1,uid1
|
password1,user1,uid1
|
||||||
password2,user2,uid2
|
password2,user2,uid2
|
||||||
|
password3,user3,uid3,"group1,group2"
|
||||||
|
password4,user4,uid4,"group2"
|
||||||
|
password5,user5,uid5,group5
|
||||||
|
password6,user6,uid6,group5,otherdata
|
||||||
|
password7,user7,uid7,"group1,group2",otherdata
|
||||||
`)
|
`)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unable to read passwordfile: %v", err)
|
t.Fatalf("unable to read passwordfile: %v", err)
|
||||||
@ -64,10 +69,44 @@ password2,user2,uid2
|
|||||||
{
|
{
|
||||||
Username: "user3",
|
Username: "user3",
|
||||||
Password: "password3",
|
Password: "password3",
|
||||||
|
User: &user.DefaultInfo{Name: "user3", UID: "uid3", Groups: []string{"group1", "group2"}},
|
||||||
|
Ok: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Username: "user4",
|
Username: "user4",
|
||||||
Password: "password4",
|
Password: "password4",
|
||||||
|
User: &user.DefaultInfo{Name: "user4", UID: "uid4", Groups: []string{"group2"}},
|
||||||
|
Ok: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Username: "user5",
|
||||||
|
Password: "password5",
|
||||||
|
User: &user.DefaultInfo{Name: "user5", UID: "uid5", Groups: []string{"group5"}},
|
||||||
|
Ok: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Username: "user6",
|
||||||
|
Password: "password6",
|
||||||
|
User: &user.DefaultInfo{Name: "user6", UID: "uid6", Groups: []string{"group5"}},
|
||||||
|
Ok: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Username: "user7",
|
||||||
|
Password: "password7",
|
||||||
|
User: &user.DefaultInfo{Name: "user7", UID: "uid7", Groups: []string{"group1", "group2"}},
|
||||||
|
Ok: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Username: "user7",
|
||||||
|
Password: "passwordbad",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Username: "userbad",
|
||||||
|
Password: "password7",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Username: "user8",
|
||||||
|
Password: "password8",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for i, testCase := range testCases {
|
for i, testCase := range testCases {
|
||||||
|
Loading…
Reference in New Issue
Block a user