github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 05:57:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #60911 from zjj2wry/authn_config_init

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 61396, 61321, 61443, 60911, 61461). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Simplify authenticator configuration initialization

**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-03-22 03:37:20 -07:00 committed by GitHub
commit f18fdc2ea0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/kubeapiserver/authenticator/config.go
View File

@ -82,7 +82,6 @@ func (config AuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDe
var authenticators []authenticator.Request var authenticators []authenticator.Request
var tokenAuthenticators []authenticator.Token var tokenAuthenticators []authenticator.Token
securityDefinitions := spec.SecurityDefinitions{} securityDefinitions := spec.SecurityDefinitions{}
hasBasicAuth := false
// front-proxy, BasicAuth methods, local first, then remote // front-proxy, BasicAuth methods, local first, then remote
// Add the front proxy authenticator if requested // Add the front proxy authenticator if requested
@ -100,13 +99,20 @@ func (config AuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDe
authenticators = append(authenticators, requestHeaderAuthenticator) authenticators = append(authenticators, requestHeaderAuthenticator)
} }
// basic auth
if len(config.BasicAuthFile) > 0 { if len(config.BasicAuthFile) > 0 {
basicAuth, err := newAuthenticatorFromBasicAuthFile(config.BasicAuthFile) basicAuth, err := newAuthenticatorFromBasicAuthFile(config.BasicAuthFile)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
authenticators = append(authenticators, basicAuth) authenticators = append(authenticators, basicAuth)
hasBasicAuth = true
securityDefinitions["HTTPBasic"] = &spec.SecurityScheme{
SecuritySchemeProps: spec.SecuritySchemeProps{
Type: "basic",
Description: "HTTP Basic authentication",
},
}
} }
// X509 methods // X509 methods
@ -167,15 +173,6 @@ func (config AuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDe
tokenAuthenticators = append(tokenAuthenticators, webhookTokenAuth) tokenAuthenticators = append(tokenAuthenticators, webhookTokenAuth)
} }
if hasBasicAuth {
securityDefinitions["HTTPBasic"] = &spec.SecurityScheme{
SecuritySchemeProps: spec.SecuritySchemeProps{
Type: "basic",
Description: "HTTP Basic authentication",
},
}
}
if len(tokenAuthenticators) > 0 { if len(tokenAuthenticators) > 0 {
// Union the token authenticators // Union the token authenticators
tokenAuth := tokenunion.New(tokenAuthenticators...) tokenAuth := tokenunion.New(tokenAuthenticators...)
@ -200,8 +197,7 @@ func (config AuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDe
} }
} }
switch len(authenticators) { if len(authenticators) == 0 {
case 0:
return nil, &securityDefinitions, nil return nil, &securityDefinitions, nil
} }