github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

Add support for groups to passwordfile

Browse Source
This commit is contained in:
Jordan Liggitt 2017-01-10 00:04:26 -05:00
parent e827393fa2
commit caca81b1b5
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plugin/pkg/auth/authenticator/password/passwordfile/passwordfile.go
View File

@ -21,6 +21,7 @@ import (
"fmt" "fmt"
"io" "io"
"os" "os"
"strings"
"github.com/golang/glog" "github.com/golang/glog"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
@ -47,6 +48,7 @@ func NewCSV(path string) (*PasswordAuthenticator, error) {
recordNum := 0 recordNum := 0
users := make(map[string]*userPasswordInfo) users := make(map[string]*userPasswordInfo)
reader := csv.NewReader(file) reader := csv.NewReader(file)
reader.FieldsPerRecord = -1
for { for {
record, err := reader.Read() record, err := reader.Read()
if err == io.EOF { if err == io.EOF {
@ -62,6 +64,9 @@ func NewCSV(path string) (*PasswordAuthenticator, error) {
info: &user.DefaultInfo{Name: record[1], UID: record[2]}, info: &user.DefaultInfo{Name: record[1], UID: record[2]},
password: record[0], password: record[0],
} }
if len(record) >= 4 {
obj.info.Groups = strings.Split(record[3], ",")
}
recordNum++ recordNum++
if _, exist := users[obj.info.Name]; exist { if _, exist := users[obj.info.Name]; exist {
glog.Warningf("duplicate username '%s' has been found in password file '%s', record number '%d'", obj.info.Name, path, recordNum) glog.Warningf("duplicate username '%s' has been found in password file '%s', record number '%d'", obj.info.Name, path, recordNum)

39
plugin/pkg/auth/authenticator/password/passwordfile/passwordfile_test.go
View File

@ -29,6 +29,11 @@ func TestPasswordFile(t *testing.T) {
auth, err := newWithContents(t, ` auth, err := newWithContents(t, `
password1,user1,uid1 password1,user1,uid1
password2,user2,uid2 password2,user2,uid2
password3,user3,uid3,"group1,group2"
password4,user4,uid4,"group2"
password5,user5,uid5,group5
password6,user6,uid6,group5,otherdata
password7,user7,uid7,"group1,group2",otherdata
`) `)
if err != nil { if err != nil {
t.Fatalf("unable to read passwordfile: %v", err) t.Fatalf("unable to read passwordfile: %v", err)
@ -64,10 +69,44 @@ password2,user2,uid2
{ {
Username: "user3", Username: "user3",
Password: "password3", Password: "password3",
User: &user.DefaultInfo{Name: "user3", UID: "uid3", Groups: []string{"group1", "group2"}},
Ok: true,
}, },
{ {
Username: "user4", Username: "user4",
Password: "password4", Password: "password4",
User: &user.DefaultInfo{Name: "user4", UID: "uid4", Groups: []string{"group2"}},
Ok: true,
},
{
Username: "user5",
Password: "password5",
User: &user.DefaultInfo{Name: "user5", UID: "uid5", Groups: []string{"group5"}},
Ok: true,
},
{
Username: "user6",
Password: "password6",
User: &user.DefaultInfo{Name: "user6", UID: "uid6", Groups: []string{"group5"}},
Ok: true,
},
{
Username: "user7",
Password: "password7",
User: &user.DefaultInfo{Name: "user7", UID: "uid7", Groups: []string{"group1", "group2"}},
Ok: true,
},
{
Username: "user7",
Password: "passwordbad",
},
{
Username: "userbad",
Password: "password7",
},
{
Username: "user8",
Password: "password8",
}, },
} }
for i, testCase := range testCases { for i, testCase := range testCases {