github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-04 18:52:38 +00:00
Code Issues Projects Releases Wiki Activity

Introduces Impersonate-Uid to client-go.

Browse Source 
* Updates ImpersonationConfig in rest/config.go to include UID
  attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
  attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
  requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
  rest.ImpersonationConfig field rather than manually setting the
  Impersonate-Uid header

Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Margo Crawford
2021-07-30 15:50:51 -07:00
parent fffaadc013
commit d9ddfb26e1
8 changed files with 54 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
test/integration/auth/auth_test.go
View File

@@ -72,12 +72,6 @@ import (
"k8s.io/kubernetes/test/integration/framework"
)
type roundTripperFunc func(*http.Request) (*http.Response, error)
func (f roundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error) {
return f(req)
}
const (
AliceToken string = "abc123" // username: alice. Present in token file.
BobToken string = "xyz987" // username: bob. Present in token file.
@@ -910,13 +904,6 @@ func TestImpersonateWithUID(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Minute)
t.Cleanup(cancel)
setUIDWrapper := func(rt http.RoundTripper) http.RoundTripper {
return roundTripperFunc(func(req *http.Request) (*http.Response, error) {
req.Header.Set("Impersonate-Uid", "1234")
return rt.RoundTrip(req)
})
}
t.Run("impersonation with uid header", func(t *testing.T) {
adminClient := clientset.NewForConfigOrDie(server.ClientConfig)
@@ -933,8 +920,8 @@ func TestImpersonateWithUID(t *testing.T) {
clientConfig := rest.CopyConfig(server.ClientConfig)
clientConfig.Impersonate = rest.ImpersonationConfig{
UserName: "alice",
UID: "1234",
}
clientConfig.Wrap(setUIDWrapper)
client := clientset.NewForConfigOrDie(clientConfig)
createdCsr, err := client.CertificatesV1().CertificateSigningRequests().Create(
@@ -974,7 +961,9 @@ func TestImpersonateWithUID(t *testing.T) {
t.Run("impersonation with only UID fails", func(t *testing.T) {
clientConfig := rest.CopyConfig(server.ClientConfig)
clientConfig.Wrap(setUIDWrapper)
clientConfig.Impersonate = rest.ImpersonationConfig{
UID: "1234",
}
client := clientset.NewForConfigOrDie(clientConfig)
_, err := client.CoreV1().Nodes().List(ctx, metav1.ListOptions{})
@@ -1007,8 +996,8 @@ func TestImpersonateWithUID(t *testing.T) {
clientConfig := rest.AnonymousClientConfig(server.ClientConfig)
clientConfig.Impersonate = rest.ImpersonationConfig{
UserName: "some-user-anonymous-can-impersonate",
UID: "1234",
}
clientConfig.Wrap(setUIDWrapper)
client := clientset.NewForConfigOrDie(clientConfig)
_, err := client.CoreV1().Nodes().List(ctx, metav1.ListOptions{})