github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-11 06:02:18 +00:00
Code Issues Projects Releases Wiki Activity

Added /_whoami and integration test for auth(z|n)

Browse Source 
Added new endpoint /_whoami for debugging authentication.
Added integration test which checks that a user is authenticated
using token authentication.
Rearranged initialization of authenticator to support preceeding.
This commit is contained in:
Eric Tune
2014-10-27 14:18:02 -07:00
parent 245585f364
commit f7ebc7d0d5
3 changed files with 177 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/master/master.go
View File

@@ -27,6 +27,7 @@ import (
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/v1beta1"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/v1beta2"
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/bearertoken"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authenticator/tokenfile"
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/handlers"
@@ -160,6 +161,16 @@ func (m *Master) init(c *Config) {
}
}
var userContexts = handlers.NewUserRequestContext()
var authenticator authenticator.Request
if len(c.TokenAuthFile) != 0 {
tokenAuthenticator, err := tokenfile.New(c.TokenAuthFile)
if err != nil {
glog.Fatalf("Unable to load the token authentication file '%s': %v", c.TokenAuthFile, err)
}
authenticator = bearertoken.New(tokenAuthenticator)
}
m.storage = map[string]apiserver.RESTStorage{
"pods": pod.NewREST(&pod.RESTConfig{
CloudProvider: c.Cloud,
@@ -197,14 +208,11 @@ func (m *Master) init(c *Config) {
handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true")
}
if len(c.TokenAuthFile) != 0 {
auth, err := tokenfile.New(c.TokenAuthFile)
if err != nil {
glog.Fatalf("Unable to load the token authentication file '%s': %v", c.TokenAuthFile, err)
}
userContexts := handlers.NewUserRequestContext()
handler = handlers.NewRequestAuthenticator(userContexts, bearertoken.New(auth), handlers.Unauthorized, handler)
if authenticator != nil {
handler = handlers.NewRequestAuthenticator(userContexts, authenticator, handlers.Unauthorized, handler)
}
m.mux.HandleFunc("/_whoami", handleWhoAmI(authenticator))
m.Handler = handler
}