From e3b61ea9cfbf888b7f989b9e50c86030cebd3057 Mon Sep 17 00:00:00 2001 From: "zuoxiu.jm" <291271447@qq.com> Date: Wed, 24 Oct 2018 14:37:52 +0800 Subject: [PATCH] switch informer in token authn --- .../auth/authenticator/token/bootstrap/BUILD | 6 +-- .../token/bootstrap/bootstrap.go | 16 ++++---- .../token/bootstrap/bootstrap_test.go | 40 +++++++++---------- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/plugin/pkg/auth/authenticator/token/bootstrap/BUILD b/plugin/pkg/auth/authenticator/token/bootstrap/BUILD index 5ef48a9f56b..15f6da57969 100644 --- a/plugin/pkg/auth/authenticator/token/bootstrap/BUILD +++ b/plugin/pkg/auth/authenticator/token/bootstrap/BUILD @@ -11,7 +11,7 @@ go_test( srcs = ["bootstrap_test.go"], embed = [":go_default_library"], deps = [ - "//pkg/apis/core:go_default_library", + "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library", @@ -26,12 +26,12 @@ go_library( srcs = ["bootstrap.go"], importpath = "k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap", deps = [ - "//pkg/apis/core:go_default_library", - "//pkg/client/listers/core/internalversion:go_default_library", + "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library", + "//staging/src/k8s.io/client-go/listers/core/v1:go_default_library", "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library", "//staging/src/k8s.io/cluster-bootstrap/token/util:go_default_library", "//vendor/github.com/golang/glog:go_default_library", diff --git a/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go b/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go index 163d758c452..93b4e1cddd8 100644 --- a/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go +++ b/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go @@ -29,14 +29,14 @@ import ( "github.com/golang/glog" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/user" + corev1listers "k8s.io/client-go/listers/core/v1" bootstrapapi "k8s.io/cluster-bootstrap/token/api" bootstraputil "k8s.io/cluster-bootstrap/token/util" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/client/listers/core/internalversion" ) // TODO: A few methods in this package is copied from other sources. Either @@ -46,13 +46,13 @@ import ( // NewTokenAuthenticator initializes a bootstrap token authenticator. // // Lister is expected to be for the "kube-system" namespace. -func NewTokenAuthenticator(lister internalversion.SecretNamespaceLister) *TokenAuthenticator { +func NewTokenAuthenticator(lister corev1listers.SecretNamespaceLister) *TokenAuthenticator { return &TokenAuthenticator{lister} } // TokenAuthenticator authenticates bootstrap tokens from secrets in the API server. type TokenAuthenticator struct { - lister internalversion.SecretNamespaceLister + lister corev1listers.SecretNamespaceLister } // tokenErrorf prints a error message for a secret that has matched a bearer @@ -60,7 +60,7 @@ type TokenAuthenticator struct { // // tokenErrorf(secret, "has invalid value for key %s", key) // -func tokenErrorf(s *api.Secret, format string, i ...interface{}) { +func tokenErrorf(s *corev1.Secret, format string, i ...interface{}) { format = fmt.Sprintf("Bootstrap secret %s/%s matching bearer token ", s.Namespace, s.Name) + format glog.V(3).Infof(format, i...) } @@ -155,7 +155,7 @@ func (t *TokenAuthenticator) AuthenticateToken(ctx context.Context, token string } // Copied from k8s.io/cluster-bootstrap/token/api -func getSecretString(secret *api.Secret, key string) string { +func getSecretString(secret *corev1.Secret, key string) string { data, ok := secret.Data[key] if !ok { return "" @@ -165,7 +165,7 @@ func getSecretString(secret *api.Secret, key string) string { } // Copied from k8s.io/cluster-bootstrap/token/api -func isSecretExpired(secret *api.Secret) bool { +func isSecretExpired(secret *corev1.Secret) bool { expiration := getSecretString(secret, bootstrapapi.BootstrapTokenExpirationKey) if len(expiration) > 0 { expTime, err2 := time.Parse(time.RFC3339, expiration) @@ -205,7 +205,7 @@ func parseToken(s string) (string, string, error) { // getGroups loads and validates the bootstrapapi.BootstrapTokenExtraGroupsKey // key from the bootstrap token secret, returning a list of group names or an // error if any of the group names are invalid. -func getGroups(secret *api.Secret) ([]string, error) { +func getGroups(secret *corev1.Secret) ([]string, error) { // always include the default group groups := sets.NewString(bootstrapapi.BootstrapDefaultGroup) diff --git a/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap_test.go b/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap_test.go index ae408e8a9de..0613e1587a4 100644 --- a/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap_test.go +++ b/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap_test.go @@ -21,24 +21,24 @@ import ( "reflect" "testing" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/authentication/user" bootstrapapi "k8s.io/cluster-bootstrap/token/api" - api "k8s.io/kubernetes/pkg/apis/core" ) type lister struct { - secrets []*api.Secret + secrets []*corev1.Secret } -func (l *lister) List(selector labels.Selector) (ret []*api.Secret, err error) { +func (l *lister) List(selector labels.Selector) (ret []*corev1.Secret, err error) { return l.secrets, nil } -func (l *lister) Get(name string) (*api.Secret, error) { +func (l *lister) Get(name string) (*corev1.Secret, error) { for _, s := range l.secrets { if s.Name == name { return s, nil @@ -58,7 +58,7 @@ func TestTokenAuthenticator(t *testing.T) { tests := []struct { name string - secrets []*api.Secret + secrets []*corev1.Secret token string wantNotFound bool @@ -66,7 +66,7 @@ func TestTokenAuthenticator(t *testing.T) { }{ { name: "valid token", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -87,7 +87,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "valid token with extra group", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -109,7 +109,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "invalid group", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -128,7 +128,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "invalid secret name", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: "bad-name", @@ -146,7 +146,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "no usage", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -163,7 +163,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "wrong token", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -181,7 +181,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "deleted token", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -200,7 +200,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "expired token", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -219,7 +219,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "not expired token", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, @@ -241,7 +241,7 @@ func TestTokenAuthenticator(t *testing.T) { }, { name: "token id wrong length", - secrets: []*api.Secret{ + secrets: []*corev1.Secret{ { ObjectMeta: metav1.ObjectMeta{ Name: bootstrapapi.BootstrapTokenSecretPrefix + "foo", @@ -292,13 +292,13 @@ func TestTokenAuthenticator(t *testing.T) { func TestGetGroups(t *testing.T) { tests := []struct { name string - secret *api.Secret + secret *corev1.Secret expectResult []string expectError bool }{ { name: "not set", - secret: &api.Secret{ + secret: &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Data: map[string][]byte{}, }, @@ -306,7 +306,7 @@ func TestGetGroups(t *testing.T) { }, { name: "set to empty value", - secret: &api.Secret{ + secret: &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Data: map[string][]byte{ bootstrapapi.BootstrapTokenExtraGroupsKey: []byte(""), @@ -316,7 +316,7 @@ func TestGetGroups(t *testing.T) { }, { name: "invalid prefix", - secret: &api.Secret{ + secret: &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Data: map[string][]byte{ bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("foo"), @@ -326,7 +326,7 @@ func TestGetGroups(t *testing.T) { }, { name: "valid", - secret: &api.Secret{ + secret: &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Name: "test"}, Data: map[string][]byte{ bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("system:bootstrappers:foo,system:bootstrappers:bar,system:bootstrappers:bar"),