Browse code
Use kubernetes user.Info interface
Jordan Liggitt authored on 2015/02/12 01:54:34Showing 42 changed files
- pkg/auth/api/types.go
- pkg/auth/authenticator/interfaces.go
- pkg/auth/authenticator/password/allowanypassword/anyauthpassword.go
- pkg/auth/authenticator/password/basicauthpassword/basicauthpassword.go
- pkg/auth/authenticator/password/oauthpassword/oauthpassword.go
- pkg/auth/authenticator/password/oauthpassword/registry/registry.go
- pkg/auth/authenticator/request/basicauthrequest/basicauth.go
- pkg/auth/authenticator/request/basicauthrequest/basicauth_test.go
- pkg/auth/authenticator/request/bearertoken/bearertoken.go
- pkg/auth/authenticator/request/contextrequest/requestcontext.go
- pkg/auth/authenticator/request/headerrequest/requestheader.go
- pkg/auth/authenticator/request/headerrequest/requestheader_test.go
- pkg/auth/authenticator/request/paramtoken/paramtoken.go
- pkg/auth/authenticator/request/unionrequest/union.go
- pkg/auth/authenticator/request/unionrequest/unionauth_test.go
- pkg/auth/authenticator/request/x509request/x509.go
- pkg/auth/authenticator/request/x509request/x509_test.go
- pkg/auth/authenticator/token/filetoken/token.go
- pkg/auth/group/group_adder.go
- pkg/auth/group/group_adder_test.go
- pkg/auth/oauth/external/handler.go
- pkg/auth/oauth/handlers/authenticator.go
- pkg/auth/oauth/handlers/empties.go
- pkg/auth/oauth/handlers/grant.go
- pkg/auth/oauth/handlers/interfaces.go
- pkg/auth/oauth/registry/grantchecker.go
- pkg/auth/oauth/registry/registry_test.go
- pkg/auth/oauth/registry/tokenauthenticator.go
- pkg/auth/oauth/registry/userconversion.go
- pkg/auth/server/grant/grant.go
- pkg/auth/server/grant/grant_test.go
- pkg/auth/server/login/implicit.go
- pkg/auth/server/login/implicit_test.go
- pkg/auth/server/login/login_test.go
- pkg/auth/server/session/authenticator.go
- pkg/auth/userregistry/identitymapper/identitymapper.go
- pkg/authorization/authorizer/authorizer.go
- pkg/authorization/authorizer/authorizer_test.go
- pkg/authorization/authorizer/bootstrap_policy_test.go
- pkg/cmd/server/origin/auth.go
- pkg/cmd/server/start.go
- test/integration/userclient_test.go
| ... | ... |
@@ -1,13 +1,8 @@ |
| 1 | 1 |
package api |
| 2 | 2 |
|
| 3 |
-// TODO: Add display name to common meta? |
|
| 4 |
-type UserInfo interface {
|
|
| 5 |
- GetName() string |
|
| 6 |
- GetUID() string |
|
| 7 |
- GetGroups() []string |
|
| 8 |
- GetScope() string |
|
| 9 |
- GetExtra() map[string]string |
|
| 10 |
-} |
|
| 3 |
+import ( |
|
| 4 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 5 |
+) |
|
| 11 | 6 |
|
| 12 | 7 |
// UserIdentityInfo contains information about an identity. Identities are distinct from users. An authentication server of |
| 13 | 8 |
// some kind (like oauth for example) describes an identity. Our system controls the users mapped to this identity. |
| ... | ... |
@@ -20,11 +15,11 @@ type UserIdentityInfo interface {
|
| 20 | 20 |
GetExtra() map[string]string |
| 21 | 21 |
} |
| 22 | 22 |
|
| 23 |
-// UserIdentityMapper maps UserIdentities into UserInfo objects to allow different user abstractions within auth code. |
|
| 23 |
+// UserIdentityMapper maps UserIdentities into user.Info objects to allow different user abstractions within auth code. |
|
| 24 | 24 |
type UserIdentityMapper interface {
|
| 25 | 25 |
// UserFor takes an identity, ignores the passed identity.Provider, forces the provider value to some other value and then creates the mapping. |
| 26 |
- // It returns the corresponding UserInfo |
|
| 27 |
- UserFor(identityInfo UserIdentityInfo) (UserInfo, error) |
|
| 26 |
+ // It returns the corresponding user.Info |
|
| 27 |
+ UserFor(identityInfo UserIdentityInfo) (user.Info, error) |
|
| 28 | 28 |
} |
| 29 | 29 |
|
| 30 | 30 |
type Client interface {
|
| ... | ... |
@@ -41,34 +36,6 @@ type Grant struct {
|
| 41 | 41 |
RedirectURI string |
| 42 | 42 |
} |
| 43 | 43 |
|
| 44 |
-type DefaultUserInfo struct {
|
|
| 45 |
- Name string |
|
| 46 |
- UID string |
|
| 47 |
- Groups []string |
|
| 48 |
- Scope string |
|
| 49 |
- Extra map[string]string |
|
| 50 |
-} |
|
| 51 |
- |
|
| 52 |
-func (i *DefaultUserInfo) GetName() string {
|
|
| 53 |
- return i.Name |
|
| 54 |
-} |
|
| 55 |
- |
|
| 56 |
-func (i *DefaultUserInfo) GetUID() string {
|
|
| 57 |
- return i.UID |
|
| 58 |
-} |
|
| 59 |
- |
|
| 60 |
-func (i *DefaultUserInfo) GetGroups() []string {
|
|
| 61 |
- return i.Groups |
|
| 62 |
-} |
|
| 63 |
- |
|
| 64 |
-func (i *DefaultUserInfo) GetScope() string {
|
|
| 65 |
- return i.Scope |
|
| 66 |
-} |
|
| 67 |
- |
|
| 68 |
-func (i *DefaultUserInfo) GetExtra() map[string]string {
|
|
| 69 |
- return i.Extra |
|
| 70 |
-} |
|
| 71 |
- |
|
| 72 | 44 |
type DefaultUserIdentityInfo struct {
|
| 73 | 45 |
UserName string |
| 74 | 46 |
ProviderName string |
| ... | ... |
@@ -3,31 +3,32 @@ package authenticator |
| 3 | 3 |
import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
|
| 6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 6 | 7 |
"github.com/openshift/origin/pkg/auth/api" |
| 7 | 8 |
) |
| 8 | 9 |
|
| 9 | 10 |
type Token interface {
|
| 10 |
- AuthenticateToken(token string) (api.UserInfo, bool, error) |
|
| 11 |
+ AuthenticateToken(token string) (user.Info, bool, error) |
|
| 11 | 12 |
} |
| 12 | 13 |
|
| 13 | 14 |
type Request interface {
|
| 14 |
- AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) |
|
| 15 |
+ AuthenticateRequest(req *http.Request) (user.Info, bool, error) |
|
| 15 | 16 |
} |
| 16 | 17 |
|
| 17 | 18 |
type Password interface {
|
| 18 |
- AuthenticatePassword(user, password string) (api.UserInfo, bool, error) |
|
| 19 |
+ AuthenticatePassword(user, password string) (user.Info, bool, error) |
|
| 19 | 20 |
} |
| 20 | 21 |
|
| 21 | 22 |
type Assertion interface {
|
| 22 |
- AuthenticateAssertion(assertionType, data string) (api.UserInfo, bool, error) |
|
| 23 |
+ AuthenticateAssertion(assertionType, data string) (user.Info, bool, error) |
|
| 23 | 24 |
} |
| 24 | 25 |
|
| 25 | 26 |
type Client interface {
|
| 26 |
- AuthenticateClient(client api.Client) (api.UserInfo, bool, error) |
|
| 27 |
+ AuthenticateClient(client api.Client) (user.Info, bool, error) |
|
| 27 | 28 |
} |
| 28 | 29 |
|
| 29 |
-type RequestFunc func(req *http.Request) (api.UserInfo, bool, error) |
|
| 30 |
+type RequestFunc func(req *http.Request) (user.Info, bool, error) |
|
| 30 | 31 |
|
| 31 |
-func (f RequestFunc) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 32 |
+func (f RequestFunc) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 32 | 33 |
return f(req) |
| 33 | 34 |
} |
| ... | ... |
@@ -5,6 +5,7 @@ import ( |
| 5 | 5 |
|
| 6 | 6 |
"github.com/golang/glog" |
| 7 | 7 |
|
| 8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 9 |
authapi "github.com/openshift/origin/pkg/auth/api" |
| 9 | 10 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 10 | 11 |
) |
| ... | ... |
@@ -20,7 +21,7 @@ func New(identityMapper authapi.UserIdentityMapper) authenticator.Password {
|
| 20 | 20 |
} |
| 21 | 21 |
|
| 22 | 22 |
// AuthenticatePassword approves any login attempt with non-blank username and password |
| 23 |
-func (a alwaysAcceptPasswordAuthenticator) AuthenticatePassword(username, password string) (authapi.UserInfo, bool, error) {
|
|
| 23 |
+func (a alwaysAcceptPasswordAuthenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) {
|
|
| 24 | 24 |
if username == "" || password == "" {
|
| 25 | 25 |
return nil, false, nil |
| 26 | 26 |
} |
| ... | ... |
@@ -9,7 +9,7 @@ import ( |
| 9 | 9 |
|
| 10 | 10 |
"github.com/golang/glog" |
| 11 | 11 |
|
| 12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 13 | 13 |
authapi "github.com/openshift/origin/pkg/auth/api" |
| 14 | 14 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 15 | 15 |
) |
| ... | ... |
@@ -46,7 +46,7 @@ func New(url string, mapper authapi.UserIdentityMapper) authenticator.Password {
|
| 46 | 46 |
return &Authenticator{url, mapper}
|
| 47 | 47 |
} |
| 48 | 48 |
|
| 49 |
-func (a *Authenticator) AuthenticatePassword(username, password string) (api.UserInfo, bool, error) {
|
|
| 49 |
+func (a *Authenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) {
|
|
| 50 | 50 |
req, err := http.NewRequest("GET", a.url, nil)
|
| 51 | 51 |
if err != nil {
|
| 52 | 52 |
return nil, false, err |
| ... | ... |
@@ -3,6 +3,7 @@ package oauthpassword |
| 3 | 3 |
import ( |
| 4 | 4 |
"fmt" |
| 5 | 5 |
|
| 6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 6 | 7 |
"github.com/RangelReale/osincli" |
| 7 | 8 |
"github.com/golang/glog" |
| 8 | 9 |
authapi "github.com/openshift/origin/pkg/auth/api" |
| ... | ... |
@@ -18,7 +19,7 @@ func New(client *osincli.Client, identityMapper authapi.UserIdentityMapper) auth |
| 18 | 18 |
return &Authenticator{identityMapper, client}
|
| 19 | 19 |
} |
| 20 | 20 |
|
| 21 |
-func (a *Authenticator) AuthenticatePassword(username, password string) (authapi.UserInfo, bool, error) {
|
|
| 21 |
+func (a *Authenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) {
|
|
| 22 | 22 |
areq := a.client.NewAccessRequest(osincli.PASSWORD, nil) |
| 23 | 23 |
areq.CustomParameters["username"] = username |
| 24 | 24 |
areq.CustomParameters["password"] = password |
| ... | ... |
@@ -3,8 +3,8 @@ package registry |
| 3 | 3 |
import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
|
| 6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 6 | 7 |
kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client" |
| 7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 8 | 8 |
"github.com/openshift/origin/pkg/client" |
| 9 | 9 |
oclient "github.com/openshift/origin/pkg/oauth/client" |
| 10 | 10 |
) |
| ... | ... |
@@ -26,7 +26,7 @@ func New(token OAuthAccessTokenSource, host string, rt http.RoundTripper) *Authe |
| 26 | 26 |
return &Authenticator{token, host, rt}
|
| 27 | 27 |
} |
| 28 | 28 |
|
| 29 |
-func (a *Authenticator) AuthenticatePassword(username, password string) (api.UserInfo, bool, error) {
|
|
| 29 |
+func (a *Authenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) {
|
|
| 30 | 30 |
token, ok, err := a.token.AuthenticatePassword(username, password) |
| 31 | 31 |
if !ok || err != nil {
|
| 32 | 32 |
return nil, false, err |
| ... | ... |
@@ -38,14 +38,14 @@ func (a *Authenticator) AuthenticatePassword(username, password string) (api.Use |
| 38 | 38 |
if err != nil {
|
| 39 | 39 |
return nil, false, err |
| 40 | 40 |
} |
| 41 |
- user, err := client.Users().Get("~")
|
|
| 41 |
+ u, err := client.Users().Get("~")
|
|
| 42 | 42 |
if err != nil {
|
| 43 | 43 |
return nil, false, err |
| 44 | 44 |
} |
| 45 | 45 |
|
| 46 |
- info := &api.DefaultUserInfo{
|
|
| 47 |
- Name: user.Name, |
|
| 48 |
- UID: string(user.UID), |
|
| 46 |
+ info := &user.DefaultInfo{
|
|
| 47 |
+ Name: u.Name, |
|
| 48 |
+ UID: string(u.UID), |
|
| 49 | 49 |
} |
| 50 | 50 |
|
| 51 | 51 |
return info, true, nil |
| ... | ... |
@@ -6,7 +6,8 @@ import ( |
| 6 | 6 |
"net/http" |
| 7 | 7 |
"strings" |
| 8 | 8 |
|
| 9 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 10 |
+ |
|
| 10 | 11 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 11 | 12 |
) |
| 12 | 13 |
|
| ... | ... |
@@ -18,7 +19,7 @@ func NewBasicAuthAuthentication(passwordAuthenticator authenticator.Password) au |
| 18 | 18 |
return &basicAuthRequestHandler{passwordAuthenticator}
|
| 19 | 19 |
} |
| 20 | 20 |
|
| 21 |
-func (authHandler *basicAuthRequestHandler) AuthenticateRequest(req *http.Request) (authapi.UserInfo, bool, error) {
|
|
| 21 |
+func (authHandler *basicAuthRequestHandler) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 22 | 22 |
username, password, err := getBasicAuthInfo(req) |
| 23 | 23 |
if err != nil {
|
| 24 | 24 |
return nil, false, err |
| ... | ... |
@@ -4,7 +4,7 @@ import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
"testing" |
| 6 | 6 |
|
| 7 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 8 |
) |
| 9 | 9 |
|
| 10 | 10 |
const ( |
| ... | ... |
@@ -14,14 +14,14 @@ const ( |
| 14 | 14 |
) |
| 15 | 15 |
|
| 16 | 16 |
type mockPasswordAuthenticator struct {
|
| 17 |
- returnUser authapi.UserInfo |
|
| 17 |
+ returnUser user.Info |
|
| 18 | 18 |
isAuthenticated bool |
| 19 | 19 |
err error |
| 20 | 20 |
passedUser string |
| 21 | 21 |
passedPassword string |
| 22 | 22 |
} |
| 23 | 23 |
|
| 24 |
-func (mock *mockPasswordAuthenticator) AuthenticatePassword(username, password string) (authapi.UserInfo, bool, error) {
|
|
| 24 |
+func (mock *mockPasswordAuthenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) {
|
|
| 25 | 25 |
mock.passedUser = username |
| 26 | 26 |
mock.passedPassword = password |
| 27 | 27 |
|
| ... | ... |
@@ -4,7 +4,7 @@ import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
"strings" |
| 6 | 6 |
|
| 7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 8 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 9 | 9 |
) |
| 10 | 10 |
|
| ... | ... |
@@ -16,7 +16,7 @@ func New(auth authenticator.Token) *Authenticator {
|
| 16 | 16 |
return &Authenticator{auth}
|
| 17 | 17 |
} |
| 18 | 18 |
|
| 19 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 19 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 20 | 20 |
auth := strings.TrimSpace(req.Header.Get("Authorization"))
|
| 21 | 21 |
if auth == "" {
|
| 22 | 22 |
return nil, false, nil |
| ... | ... |
@@ -4,7 +4,7 @@ import ( |
| 4 | 4 |
"errors" |
| 5 | 5 |
"net/http" |
| 6 | 6 |
|
| 7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 8 |
) |
| 9 | 9 |
|
| 10 | 10 |
type Context interface {
|
| ... | ... |
@@ -19,14 +19,14 @@ func NewAuthenticator(context Context) *Authenticator {
|
| 19 | 19 |
return &Authenticator{context}
|
| 20 | 20 |
} |
| 21 | 21 |
|
| 22 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 22 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 23 | 23 |
obj, ok := a.context.Get(req) |
| 24 | 24 |
if !ok {
|
| 25 | 25 |
return nil, false, nil |
| 26 | 26 |
} |
| 27 |
- user, ok := obj.(api.UserInfo) |
|
| 27 |
+ user, ok := obj.(user.Info) |
|
| 28 | 28 |
if !ok {
|
| 29 |
- return nil, false, errors.New("the context object is not an api.UserInfo")
|
|
| 29 |
+ return nil, false, errors.New("the context object is not a user.Info")
|
|
| 30 | 30 |
} |
| 31 | 31 |
return user, true, nil |
| 32 | 32 |
} |
| ... | ... |
@@ -6,7 +6,7 @@ import ( |
| 6 | 6 |
|
| 7 | 7 |
"github.com/golang/glog" |
| 8 | 8 |
|
| 9 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 10 | 10 |
authapi "github.com/openshift/origin/pkg/auth/api" |
| 11 | 11 |
) |
| 12 | 12 |
|
| ... | ... |
@@ -30,7 +30,7 @@ func NewAuthenticator(config *Config, mapper authapi.UserIdentityMapper) *Authen |
| 30 | 30 |
return &Authenticator{config, mapper}
|
| 31 | 31 |
} |
| 32 | 32 |
|
| 33 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 33 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 34 | 34 |
username := "" |
| 35 | 35 |
for _, header := range a.config.UserNameHeaders {
|
| 36 | 36 |
header = strings.TrimSpace(header) |
| ... | ... |
@@ -4,13 +4,14 @@ import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
"testing" |
| 6 | 6 |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 7 | 8 |
"github.com/openshift/origin/pkg/auth/api" |
| 8 | 9 |
) |
| 9 | 10 |
|
| 10 | 11 |
type TestUserIdentityMapper struct{}
|
| 11 | 12 |
|
| 12 |
-func (m *TestUserIdentityMapper) UserFor(identityInfo api.UserIdentityInfo) (api.UserInfo, error) {
|
|
| 13 |
- return &api.DefaultUserInfo{Name: identityInfo.GetUserName()}, nil
|
|
| 13 |
+func (m *TestUserIdentityMapper) UserFor(identityInfo api.UserIdentityInfo) (user.Info, error) {
|
|
| 14 |
+ return &user.DefaultInfo{Name: identityInfo.GetUserName()}, nil
|
|
| 14 | 15 |
} |
| 15 | 16 |
|
| 16 | 17 |
func TestRequestHeader(t *testing.T) {
|
| ... | ... |
@@ -4,7 +4,7 @@ import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
"strings" |
| 6 | 6 |
|
| 7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 8 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 9 | 9 |
) |
| 10 | 10 |
|
| ... | ... |
@@ -21,7 +21,7 @@ func New(param string, auth authenticator.Token) *Authenticator {
|
| 21 | 21 |
return &Authenticator{param, auth}
|
| 22 | 22 |
} |
| 23 | 23 |
|
| 24 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 24 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 25 | 25 |
token := strings.TrimSpace(req.FormValue(a.param)) |
| 26 | 26 |
if token == "" {
|
| 27 | 27 |
return nil, false, nil |
| ... | ... |
@@ -5,7 +5,7 @@ import ( |
| 5 | 5 |
|
| 6 | 6 |
kerrors "github.com/GoogleCloudPlatform/kubernetes/pkg/util/errors" |
| 7 | 7 |
|
| 8 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
| 8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 9 | 9 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 10 | 10 |
) |
| 11 | 11 |
|
| ... | ... |
@@ -23,7 +23,7 @@ func NewUnionAuthentication(authRequestHandlers ...authenticator.Request) authen |
| 23 | 23 |
|
| 24 | 24 |
// AuthenticateRequest authenticates the request using a chain of authenticator.Request objects. The first |
| 25 | 25 |
// success returns that identity. Errors are only returned if no matches are found. |
| 26 |
-func (authHandler *Authenticator) AuthenticateRequest(req *http.Request) (authapi.UserInfo, bool, error) {
|
|
| 26 |
+func (authHandler *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 27 | 27 |
errors := []error{}
|
| 28 | 28 |
for _, currAuthRequestHandler := range authHandler.Handlers {
|
| 29 | 29 |
info, ok, err := currAuthRequestHandler.AuthenticateRequest(req) |
| ... | ... |
@@ -6,16 +6,16 @@ import ( |
| 6 | 6 |
"strings" |
| 7 | 7 |
"testing" |
| 8 | 8 |
|
| 9 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 10 | 10 |
) |
| 11 | 11 |
|
| 12 | 12 |
type mockAuthRequestHandler struct {
|
| 13 |
- returnUser authapi.UserInfo |
|
| 13 |
+ returnUser user.Info |
|
| 14 | 14 |
isAuthenticated bool |
| 15 | 15 |
err error |
| 16 | 16 |
} |
| 17 | 17 |
|
| 18 |
-func (mock *mockAuthRequestHandler) AuthenticateRequest(req *http.Request) (authapi.UserInfo, bool, error) {
|
|
| 18 |
+func (mock *mockAuthRequestHandler) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 19 | 19 |
return mock.returnUser, mock.isAuthenticated, mock.err |
| 20 | 20 |
} |
| 21 | 21 |
|
| ... | ... |
@@ -4,20 +4,20 @@ import ( |
| 4 | 4 |
"crypto/x509" |
| 5 | 5 |
"net/http" |
| 6 | 6 |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 7 | 8 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/util/errors" |
| 8 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 9 | 9 |
) |
| 10 | 10 |
|
| 11 | 11 |
// UserConversion defines an interface for extracting user info from a client certificate chain |
| 12 | 12 |
type UserConversion interface {
|
| 13 |
- User(chain []*x509.Certificate) (api.UserInfo, bool, error) |
|
| 13 |
+ User(chain []*x509.Certificate) (user.Info, bool, error) |
|
| 14 | 14 |
} |
| 15 | 15 |
|
| 16 | 16 |
// UserConversionFunc is a function that implements the UserConversion interface. |
| 17 |
-type UserConversionFunc func(chain []*x509.Certificate) (api.UserInfo, bool, error) |
|
| 17 |
+type UserConversionFunc func(chain []*x509.Certificate) (user.Info, bool, error) |
|
| 18 | 18 |
|
| 19 | 19 |
// User implements x509.UserConversion |
| 20 |
-func (f UserConversionFunc) User(chain []*x509.Certificate) (api.UserInfo, bool, error) {
|
|
| 20 |
+func (f UserConversionFunc) User(chain []*x509.Certificate) (user.Info, bool, error) {
|
|
| 21 | 21 |
return f(chain) |
| 22 | 22 |
} |
| 23 | 23 |
|
| ... | ... |
@@ -28,13 +28,13 @@ type Authenticator struct {
|
| 28 | 28 |
} |
| 29 | 29 |
|
| 30 | 30 |
// New returns a request.Authenticator that verifies client certificates using the provided |
| 31 |
-// VerifyOptions, and converts valid certificate chains into api.UserInfo using the provided UserConversion |
|
| 31 |
+// VerifyOptions, and converts valid certificate chains into user.Info using the provided UserConversion |
|
| 32 | 32 |
func New(opts x509.VerifyOptions, user UserConversion) *Authenticator {
|
| 33 | 33 |
return &Authenticator{opts, user}
|
| 34 | 34 |
} |
| 35 | 35 |
|
| 36 | 36 |
// AuthenticateRequest authenticates the request using presented client certificates |
| 37 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 37 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 38 | 38 |
if req.TLS == nil {
|
| 39 | 39 |
return nil, false, nil |
| 40 | 40 |
} |
| ... | ... |
@@ -71,25 +71,25 @@ func DefaultVerifyOptions() x509.VerifyOptions {
|
| 71 | 71 |
} |
| 72 | 72 |
|
| 73 | 73 |
// CommonNameUserConversion builds user info from a certificate chain using the subject's CommonName |
| 74 |
-var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) {
|
|
| 74 |
+var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
|
| 75 | 75 |
if len(chain[0].Subject.CommonName) == 0 {
|
| 76 | 76 |
return nil, false, nil |
| 77 | 77 |
} |
| 78 |
- return &api.DefaultUserInfo{Name: chain[0].Subject.CommonName}, true, nil
|
|
| 78 |
+ return &user.DefaultInfo{Name: chain[0].Subject.CommonName}, true, nil
|
|
| 79 | 79 |
}) |
| 80 | 80 |
|
| 81 | 81 |
// DNSNameUserConversion builds user info from a certificate chain using the first DNSName on the certificate |
| 82 |
-var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) {
|
|
| 82 |
+var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
|
| 83 | 83 |
if len(chain[0].DNSNames) == 0 {
|
| 84 | 84 |
return nil, false, nil |
| 85 | 85 |
} |
| 86 |
- return &api.DefaultUserInfo{Name: chain[0].DNSNames[0]}, true, nil
|
|
| 86 |
+ return &user.DefaultInfo{Name: chain[0].DNSNames[0]}, true, nil
|
|
| 87 | 87 |
}) |
| 88 | 88 |
|
| 89 | 89 |
// EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate |
| 90 |
-var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) {
|
|
| 90 |
+var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
|
| 91 | 91 |
if len(chain[0].EmailAddresses) == 0 {
|
| 92 | 92 |
return nil, false, nil |
| 93 | 93 |
} |
| 94 |
- return &api.DefaultUserInfo{Name: chain[0].EmailAddresses[0]}, true, nil
|
|
| 94 |
+ return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil
|
|
| 95 | 95 |
}) |
| ... | ... |
@@ -9,7 +9,7 @@ import ( |
| 9 | 9 |
"testing" |
| 10 | 10 |
"time" |
| 11 | 11 |
|
| 12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 13 | 13 |
) |
| 14 | 14 |
|
| 15 | 15 |
const ( |
| ... | ... |
@@ -452,7 +452,7 @@ func TestX509(t *testing.T) {
|
| 452 | 452 |
"custom conversion error": {
|
| 453 | 453 |
Opts: getDefaultVerifyOptions(t), |
| 454 | 454 |
Certs: getCerts(t, clientCNCert), |
| 455 |
- User: UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) {
|
|
| 455 |
+ User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
|
| 456 | 456 |
return nil, false, errors.New("custom error")
|
| 457 | 457 |
}), |
| 458 | 458 |
|
| ... | ... |
@@ -462,8 +462,8 @@ func TestX509(t *testing.T) {
|
| 462 | 462 |
"custom conversion success": {
|
| 463 | 463 |
Opts: getDefaultVerifyOptions(t), |
| 464 | 464 |
Certs: getCerts(t, clientCNCert), |
| 465 |
- User: UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) {
|
|
| 466 |
- return &api.DefaultUserInfo{Name: "custom"}, true, nil
|
|
| 465 |
+ User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
|
| 466 |
+ return &user.DefaultInfo{Name: "custom"}, true, nil
|
|
| 467 | 467 |
}), |
| 468 | 468 |
|
| 469 | 469 |
ExpectUserName: "custom", |
| ... | ... |
@@ -6,12 +6,12 @@ import ( |
| 6 | 6 |
"io" |
| 7 | 7 |
"os" |
| 8 | 8 |
|
| 9 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 10 | 10 |
) |
| 11 | 11 |
|
| 12 | 12 |
type TokenAuthenticator struct {
|
| 13 | 13 |
path string |
| 14 |
- tokens map[string]*api.DefaultUserInfo |
|
| 14 |
+ tokens map[string]*user.DefaultInfo |
|
| 15 | 15 |
} |
| 16 | 16 |
|
| 17 | 17 |
func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) {
|
| ... | ... |
@@ -21,7 +21,7 @@ func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) {
|
| 21 | 21 |
} |
| 22 | 22 |
defer file.Close() |
| 23 | 23 |
|
| 24 |
- tokens := make(map[string]*api.DefaultUserInfo) |
|
| 24 |
+ tokens := make(map[string]*user.DefaultInfo) |
|
| 25 | 25 |
reader := csv.NewReader(file) |
| 26 | 26 |
for {
|
| 27 | 27 |
record, err := reader.Read() |
| ... | ... |
@@ -31,15 +31,14 @@ func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) {
|
| 31 | 31 |
if err != nil {
|
| 32 | 32 |
return nil, err |
| 33 | 33 |
} |
| 34 |
- if len(record) < 3 {
|
|
| 34 |
+ if len(record) < 2 {
|
|
| 35 | 35 |
continue |
| 36 | 36 |
} |
| 37 |
- obj := &api.DefaultUserInfo{
|
|
| 38 |
- Name: record[1], |
|
| 39 |
- Scope: record[2], |
|
| 37 |
+ obj := &user.DefaultInfo{
|
|
| 38 |
+ Name: record[1], |
|
| 40 | 39 |
} |
| 41 |
- if len(record) > 3 {
|
|
| 42 |
- obj.UID = record[3] |
|
| 40 |
+ if len(record) > 2 {
|
|
| 41 |
+ obj.UID = record[2] |
|
| 43 | 42 |
} |
| 44 | 43 |
tokens[record[0]] = obj |
| 45 | 44 |
} |
| ... | ... |
@@ -50,7 +49,7 @@ func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) {
|
| 50 | 50 |
}, nil |
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 |
-func (a *TokenAuthenticator) AuthenticateToken(value string) (api.UserInfo, bool, error) {
|
|
| 53 |
+func (a *TokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) {
|
|
| 54 | 54 |
user, ok := a.tokens[value] |
| 55 | 55 |
if !ok {
|
| 56 | 56 |
return nil, false, errors.New("Invalid token")
|
| ... | ... |
@@ -3,7 +3,7 @@ package group |
| 3 | 3 |
import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
|
| 6 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 7 | 7 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 8 | 8 |
) |
| 9 | 9 |
|
| ... | ... |
@@ -13,17 +13,15 @@ type GroupAdder struct {
|
| 13 | 13 |
Groups []string |
| 14 | 14 |
} |
| 15 | 15 |
|
| 16 |
-func (g *GroupAdder) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 17 |
- user, ok, err := g.Authenticator.AuthenticateRequest(req) |
|
| 16 |
+func (g *GroupAdder) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 17 |
+ u, ok, err := g.Authenticator.AuthenticateRequest(req) |
|
| 18 | 18 |
if err != nil || !ok {
|
| 19 | 19 |
return nil, ok, err |
| 20 | 20 |
} |
| 21 |
- return &api.DefaultUserInfo{
|
|
| 22 |
- Name: user.GetName(), |
|
| 23 |
- UID: user.GetUID(), |
|
| 24 |
- Groups: append(user.GetGroups(), g.Groups...), |
|
| 25 |
- Scope: user.GetScope(), |
|
| 26 |
- Extra: user.GetExtra(), |
|
| 21 |
+ return &user.DefaultInfo{
|
|
| 22 |
+ Name: u.GetName(), |
|
| 23 |
+ UID: u.GetUID(), |
|
| 24 |
+ Groups: append(u.GetGroups(), g.Groups...), |
|
| 27 | 25 |
}, true, nil |
| 28 | 26 |
} |
| 29 | 27 |
|
| ... | ... |
@@ -5,15 +5,15 @@ import ( |
| 5 | 5 |
"reflect" |
| 6 | 6 |
"testing" |
| 7 | 7 |
|
| 8 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 9 | 9 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 10 | 10 |
) |
| 11 | 11 |
|
| 12 | 12 |
func TestGroupAdder(t *testing.T) {
|
| 13 | 13 |
adder := authenticator.Request( |
| 14 | 14 |
NewGroupAdder( |
| 15 |
- authenticator.RequestFunc(func(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 16 |
- return &api.DefaultUserInfo{Name: "user", Groups: []string{"original"}}, true, nil
|
|
| 15 |
+ authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
|
|
| 16 |
+ return &user.DefaultInfo{Name: "user", Groups: []string{"original"}}, true, nil
|
|
| 17 | 17 |
}), |
| 18 | 18 |
[]string{"added"},
|
| 19 | 19 |
), |
| ... | ... |
@@ -6,10 +6,10 @@ import ( |
| 6 | 6 |
"net/http" |
| 7 | 7 |
"net/url" |
| 8 | 8 |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 9 | 10 |
"github.com/RangelReale/osincli" |
| 10 | 11 |
"github.com/golang/glog" |
| 11 | 12 |
|
| 12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 13 | 13 |
authapi "github.com/openshift/origin/pkg/auth/api" |
| 14 | 14 |
"github.com/openshift/origin/pkg/auth/oauth/handlers" |
| 15 | 15 |
) |
| ... | ... |
@@ -168,7 +168,7 @@ func (defaultState) Check(state string, w http.ResponseWriter, req *http.Request |
| 168 | 168 |
return true, nil |
| 169 | 169 |
} |
| 170 | 170 |
|
| 171 |
-func (defaultState) AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 171 |
+func (defaultState) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 172 | 172 |
values, err := url.ParseQuery(state) |
| 173 | 173 |
if err != nil {
|
| 174 | 174 |
return false, err |
| ... | ... |
@@ -6,6 +6,7 @@ import ( |
| 6 | 6 |
"github.com/RangelReale/osin" |
| 7 | 7 |
"github.com/golang/glog" |
| 8 | 8 |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 9 | 10 |
"github.com/openshift/origin/pkg/auth/api" |
| 10 | 11 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 11 | 12 |
) |
| ... | ... |
@@ -53,7 +54,7 @@ func NewAccessAuthenticator(password authenticator.Password, assertion authentic |
| 53 | 53 |
// HandleAccess implements osinserver.AccessHandler |
| 54 | 54 |
func (h *AccessAuthenticator) HandleAccess(ar *osin.AccessRequest, w http.ResponseWriter) error {
|
| 55 | 55 |
var ( |
| 56 |
- info api.UserInfo |
|
| 56 |
+ info user.Info |
|
| 57 | 57 |
ok bool |
| 58 | 58 |
err error |
| 59 | 59 |
) |
| ... | ... |
@@ -103,16 +104,16 @@ type fixedAuthenticator struct {
|
| 103 | 103 |
} |
| 104 | 104 |
|
| 105 | 105 |
// AuthenticatePassword implements authenticator.Password |
| 106 |
-func (f *fixedAuthenticator) AuthenticatePassword(user, password string) (api.UserInfo, bool, error) {
|
|
| 106 |
+func (f *fixedAuthenticator) AuthenticatePassword(user, password string) (user.Info, bool, error) {
|
|
| 107 | 107 |
return nil, f.allow, nil |
| 108 | 108 |
} |
| 109 | 109 |
|
| 110 | 110 |
// AuthenticateAssertion implements authenticator.Assertion |
| 111 |
-func (f *fixedAuthenticator) AuthenticateAssertion(assertionType, data string) (api.UserInfo, bool, error) {
|
|
| 111 |
+func (f *fixedAuthenticator) AuthenticateAssertion(assertionType, data string) (user.Info, bool, error) {
|
|
| 112 | 112 |
return nil, f.allow, nil |
| 113 | 113 |
} |
| 114 | 114 |
|
| 115 | 115 |
// AuthenticateClient implements authenticator.Client |
| 116 |
-func (f *fixedAuthenticator) AuthenticateClient(client api.Client) (api.UserInfo, bool, error) {
|
|
| 116 |
+func (f *fixedAuthenticator) AuthenticateClient(client api.Client) (user.Info, bool, error) {
|
|
| 117 | 117 |
return nil, f.allow, nil |
| 118 | 118 |
} |
| ... | ... |
@@ -5,6 +5,7 @@ import ( |
| 5 | 5 |
|
| 6 | 6 |
"github.com/golang/glog" |
| 7 | 7 |
|
| 8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 9 |
authapi "github.com/openshift/origin/pkg/auth/api" |
| 9 | 10 |
) |
| 10 | 11 |
|
| ... | ... |
@@ -16,7 +17,7 @@ func (EmptyAuth) AuthenticationNeeded(client authapi.Client, w http.ResponseWrit |
| 16 | 16 |
|
| 17 | 17 |
type EmptySuccess struct{}
|
| 18 | 18 |
|
| 19 |
-func (EmptySuccess) AuthenticationSucceeded(user authapi.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 19 |
+func (EmptySuccess) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 20 | 20 |
glog.V(4).Infof("AuthenticationSucceeded: %v (state=%s)", user, state)
|
| 21 | 21 |
return false, nil |
| 22 | 22 |
} |
| ... | ... |
@@ -8,6 +8,7 @@ import ( |
| 8 | 8 |
"github.com/RangelReale/osin" |
| 9 | 9 |
"github.com/golang/glog" |
| 10 | 10 |
|
| 11 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 11 | 12 |
"github.com/openshift/origin/pkg/auth/api" |
| 12 | 13 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
| 13 | 14 |
"github.com/openshift/origin/pkg/oauth/registry/clientauthorization" |
| ... | ... |
@@ -41,9 +42,9 @@ func (h *GrantCheck) HandleAuthorize(ar *osin.AuthorizeRequest, w http.ResponseW |
| 41 | 41 |
// Reset request to unauthorized until we verify the grant |
| 42 | 42 |
ar.Authorized = false |
| 43 | 43 |
|
| 44 |
- user, ok := ar.UserData.(api.UserInfo) |
|
| 44 |
+ user, ok := ar.UserData.(user.Info) |
|
| 45 | 45 |
if !ok || user == nil {
|
| 46 |
- return h.errorHandler.GrantError(errors.New("the provided user data is not api.UserInfo"), w, ar.HttpRequest)
|
|
| 46 |
+ return h.errorHandler.GrantError(errors.New("the provided user data is not user.Info"), w, ar.HttpRequest)
|
|
| 47 | 47 |
} |
| 48 | 48 |
|
| 49 | 49 |
grant := &api.Grant{
|
| ... | ... |
@@ -75,7 +76,7 @@ func NewEmptyGrant() GrantHandler {
|
| 75 | 75 |
} |
| 76 | 76 |
|
| 77 | 77 |
// GrantNeeded implements the GrantHandler interface |
| 78 |
-func (emptyGrant) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 78 |
+func (emptyGrant) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 79 | 79 |
return false, nil |
| 80 | 80 |
} |
| 81 | 81 |
|
| ... | ... |
@@ -90,7 +91,7 @@ func NewAutoGrant(authregistry clientauthorization.Registry) GrantHandler {
|
| 90 | 90 |
} |
| 91 | 91 |
|
| 92 | 92 |
// GrantNeeded implements the GrantHandler interface |
| 93 |
-func (g *autoGrant) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 93 |
+func (g *autoGrant) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 94 | 94 |
clientAuthID := g.authregistry.ClientAuthorizationName(user.GetName(), grant.Client.GetId()) |
| 95 | 95 |
clientAuth, err := g.authregistry.GetClientAuthorization(clientAuthID) |
| 96 | 96 |
if err == nil {
|
| ... | ... |
@@ -142,7 +143,7 @@ func NewRedirectGrant(url string) GrantHandler {
|
| 142 | 142 |
} |
| 143 | 143 |
|
| 144 | 144 |
// GrantNeeded implements the GrantHandler interface |
| 145 |
-func (g *redirectGrant) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 145 |
+func (g *redirectGrant) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 146 | 146 |
// If the current request has an error=grant_denied parameter, the user denied the grant |
| 147 | 147 |
if err := req.FormValue("error"); err == GrantDeniedError {
|
| 148 | 148 |
return false, nil |
| ... | ... |
@@ -3,6 +3,7 @@ package handlers |
| 3 | 3 |
import ( |
| 4 | 4 |
"net/http" |
| 5 | 5 |
|
| 6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 6 | 7 |
"github.com/openshift/origin/pkg/auth/api" |
| 7 | 8 |
) |
| 8 | 9 |
|
| ... | ... |
@@ -35,19 +36,19 @@ type AuthenticationErrorHandler interface {
|
| 35 | 35 |
type AuthenticationSuccessHandler interface {
|
| 36 | 36 |
// AuthenticationSucceeded reacts to a user authenticating, returns true if the response was written, |
| 37 | 37 |
// and returns false if the response was not written. |
| 38 |
- AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) |
|
| 38 |
+ AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) |
|
| 39 | 39 |
} |
| 40 | 40 |
|
| 41 | 41 |
// GrantChecker is responsible for determining if a user has authorized a client for a requested grant |
| 42 | 42 |
type GrantChecker interface {
|
| 43 | 43 |
// HasAuthorizedClient returns true if the user has authorized the client for the requested grant |
| 44 |
- HasAuthorizedClient(user api.UserInfo, grant *api.Grant) (bool, error) |
|
| 44 |
+ HasAuthorizedClient(user user.Info, grant *api.Grant) (bool, error) |
|
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 | 47 |
// GrantHandler handles errors during the grant process, or the client requests an unauthorized grant |
| 48 | 48 |
type GrantHandler interface {
|
| 49 | 49 |
// GrantNeeded reacts when a client requests an unauthorized grant, and returns true if the response was written |
| 50 |
- GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (handled bool, err error) |
|
| 50 |
+ GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (handled bool, err error) |
|
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 | 53 |
// GrantErrorHandler reacts to grant errors |
| ... | ... |
@@ -62,7 +63,7 @@ type GrantErrorHandler interface {
|
| 62 | 62 |
// the chain is aborted. |
| 63 | 63 |
type AuthenticationSuccessHandlers []AuthenticationSuccessHandler |
| 64 | 64 |
|
| 65 |
-func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 65 |
+func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 66 | 66 |
for _, h := range all {
|
| 67 | 67 |
if handled, err := h.AuthenticationSucceeded(user, state, w, req); handled || err != nil {
|
| 68 | 68 |
return handled, err |
| ... | ... |
@@ -5,6 +5,7 @@ import ( |
| 5 | 5 |
|
| 6 | 6 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors" |
| 7 | 7 |
|
| 8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 9 |
"github.com/openshift/origin/pkg/auth/api" |
| 9 | 10 |
"github.com/openshift/origin/pkg/oauth/registry/clientauthorization" |
| 10 | 11 |
"github.com/openshift/origin/pkg/oauth/scope" |
| ... | ... |
@@ -18,7 +19,7 @@ func NewClientAuthorizationGrantChecker(registry clientauthorization.Registry) * |
| 18 | 18 |
return &ClientAuthorizationGrantChecker{registry}
|
| 19 | 19 |
} |
| 20 | 20 |
|
| 21 |
-func (c *ClientAuthorizationGrantChecker) HasAuthorizedClient(user api.UserInfo, grant *api.Grant) (approved bool, err error) {
|
|
| 21 |
+func (c *ClientAuthorizationGrantChecker) HasAuthorizedClient(user user.Info, grant *api.Grant) (approved bool, err error) {
|
|
| 22 | 22 |
id := c.registry.ClientAuthorizationName(user.GetName(), grant.Client.GetId()) |
| 23 | 23 |
authorization, err := c.registry.GetClientAuthorization(id) |
| 24 | 24 |
if errors.IsNotFound(err) {
|
| ... | ... |
@@ -12,6 +12,7 @@ import ( |
| 12 | 12 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/util" |
| 13 | 13 |
"github.com/RangelReale/osincli" |
| 14 | 14 |
|
| 15 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 15 | 16 |
"github.com/openshift/origin/pkg/auth/api" |
| 16 | 17 |
"github.com/openshift/origin/pkg/auth/oauth/handlers" |
| 17 | 18 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
| ... | ... |
@@ -21,7 +22,7 @@ import ( |
| 21 | 21 |
) |
| 22 | 22 |
|
| 23 | 23 |
type testHandlers struct {
|
| 24 |
- User api.UserInfo |
|
| 24 |
+ User user.Info |
|
| 25 | 25 |
Authenticate bool |
| 26 | 26 |
Err error |
| 27 | 27 |
AuthNeed bool |
| ... | ... |
@@ -48,11 +49,11 @@ func (h *testHandlers) AuthenticationError(err error, w http.ResponseWriter, req |
| 48 | 48 |
return true, nil |
| 49 | 49 |
} |
| 50 | 50 |
|
| 51 |
-func (h *testHandlers) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 51 |
+func (h *testHandlers) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 52 | 52 |
return h.User, h.Authenticate, h.Err |
| 53 | 53 |
} |
| 54 | 54 |
|
| 55 |
-func (h *testHandlers) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 55 |
+func (h *testHandlers) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 56 | 56 |
h.GrantNeed = true |
| 57 | 57 |
return h.GrantNeedHandled, h.GrantNeedErr |
| 58 | 58 |
} |
| ... | ... |
@@ -86,7 +87,7 @@ func TestRegistryAndServer(t *testing.T) {
|
| 86 | 86 |
Client *oapi.OAuthClient |
| 87 | 87 |
ClientAuth *oapi.OAuthClientAuthorization |
| 88 | 88 |
AuthSuccess bool |
| 89 |
- AuthUser api.UserInfo |
|
| 89 |
+ AuthUser user.Info |
|
| 90 | 90 |
Scope string |
| 91 | 91 |
Check func(*testHandlers, *http.Request) |
| 92 | 92 |
}{
|
| ... | ... |
@@ -101,7 +102,7 @@ func TestRegistryAndServer(t *testing.T) {
|
| 101 | 101 |
"needs grant": {
|
| 102 | 102 |
Client: validClient, |
| 103 | 103 |
AuthSuccess: true, |
| 104 |
- AuthUser: &api.DefaultUserInfo{
|
|
| 104 |
+ AuthUser: &user.DefaultInfo{
|
|
| 105 | 105 |
Name: "user", |
| 106 | 106 |
}, |
| 107 | 107 |
Check: func(h *testHandlers, _ *http.Request) {
|
| ... | ... |
@@ -113,7 +114,7 @@ func TestRegistryAndServer(t *testing.T) {
|
| 113 | 113 |
"has non covered grant": {
|
| 114 | 114 |
Client: validClient, |
| 115 | 115 |
AuthSuccess: true, |
| 116 |
- AuthUser: &api.DefaultUserInfo{
|
|
| 116 |
+ AuthUser: &user.DefaultInfo{
|
|
| 117 | 117 |
Name: "user", |
| 118 | 118 |
}, |
| 119 | 119 |
ClientAuth: &oapi.OAuthClientAuthorization{
|
| ... | ... |
@@ -131,7 +132,7 @@ func TestRegistryAndServer(t *testing.T) {
|
| 131 | 131 |
"has covered grant": {
|
| 132 | 132 |
Client: validClient, |
| 133 | 133 |
AuthSuccess: true, |
| 134 |
- AuthUser: &api.DefaultUserInfo{
|
|
| 134 |
+ AuthUser: &user.DefaultInfo{
|
|
| 135 | 135 |
Name: "user", |
| 136 | 136 |
}, |
| 137 | 137 |
ClientAuth: &oapi.OAuthClientAuthorization{
|
| ... | ... |
@@ -149,7 +150,7 @@ func TestRegistryAndServer(t *testing.T) {
|
| 149 | 149 |
"has auth and grant": {
|
| 150 | 150 |
Client: validClient, |
| 151 | 151 |
AuthSuccess: true, |
| 152 |
- AuthUser: &api.DefaultUserInfo{
|
|
| 152 |
+ AuthUser: &user.DefaultInfo{
|
|
| 153 | 153 |
Name: "user", |
| 154 | 154 |
}, |
| 155 | 155 |
ClientAuth: validClientAuth, |
| ... | ... |
@@ -4,9 +4,8 @@ import ( |
| 4 | 4 |
"errors" |
| 5 | 5 |
"time" |
| 6 | 6 |
|
| 7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 8 |
"github.com/openshift/origin/pkg/oauth/registry/accesstoken" |
| 9 |
- "github.com/openshift/origin/pkg/oauth/scope" |
|
| 10 | 9 |
) |
| 11 | 10 |
|
| 12 | 11 |
type TokenAuthenticator struct {
|
| ... | ... |
@@ -21,7 +20,7 @@ func NewTokenAuthenticator(registry accesstoken.Registry) *TokenAuthenticator {
|
| 21 | 21 |
} |
| 22 | 22 |
} |
| 23 | 23 |
|
| 24 |
-func (a *TokenAuthenticator) AuthenticateToken(value string) (api.UserInfo, bool, error) {
|
|
| 24 |
+func (a *TokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) {
|
|
| 25 | 25 |
token, err := a.registry.GetAccessToken(value) |
| 26 | 26 |
if err != nil {
|
| 27 | 27 |
return nil, false, err |
| ... | ... |
@@ -29,9 +28,8 @@ func (a *TokenAuthenticator) AuthenticateToken(value string) (api.UserInfo, bool |
| 29 | 29 |
if token.CreationTimestamp.Time.Add(time.Duration(token.ExpiresIn) * time.Second).Before(time.Now()) {
|
| 30 | 30 |
return nil, false, ErrExpired |
| 31 | 31 |
} |
| 32 |
- return &api.DefaultUserInfo{
|
|
| 33 |
- Name: token.UserName, |
|
| 34 |
- UID: token.UserUID, |
|
| 35 |
- Scope: scope.Join(token.Scopes), |
|
| 32 |
+ return &user.DefaultInfo{
|
|
| 33 |
+ Name: token.UserName, |
|
| 34 |
+ UID: token.UserUID, |
|
| 36 | 35 |
}, true, nil |
| 37 | 36 |
} |
| ... | ... |
@@ -3,23 +3,23 @@ package registry |
| 3 | 3 |
import ( |
| 4 | 4 |
"errors" |
| 5 | 5 |
|
| 6 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 6 |
+ kuser "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 7 | 7 |
|
| 8 | 8 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
| 9 | 9 |
) |
| 10 | 10 |
|
| 11 | 11 |
type UserConversion struct{}
|
| 12 | 12 |
|
| 13 |
-// NewUserConversion creates an object that can convert the UserInfo object to and from |
|
| 13 |
+// NewUserConversion creates an object that can convert the user.Info object to and from |
|
| 14 | 14 |
// an oauth access/authorize token object. |
| 15 | 15 |
func NewUserConversion() *UserConversion {
|
| 16 | 16 |
return &UserConversion{}
|
| 17 | 17 |
} |
| 18 | 18 |
|
| 19 | 19 |
func (s *UserConversion) ConvertToAuthorizeToken(user interface{}, token *oapi.OAuthAuthorizeToken) error {
|
| 20 |
- info, ok := user.(api.UserInfo) |
|
| 20 |
+ info, ok := user.(kuser.Info) |
|
| 21 | 21 |
if !ok {
|
| 22 |
- return errors.New("did not receive UserInfo")
|
|
| 22 |
+ return errors.New("did not receive user.Info")
|
|
| 23 | 23 |
} |
| 24 | 24 |
token.UserName = info.GetName() |
| 25 | 25 |
if token.UserName == "" {
|
| ... | ... |
@@ -30,9 +30,9 @@ func (s *UserConversion) ConvertToAuthorizeToken(user interface{}, token *oapi.O
|
| 30 | 30 |
} |
| 31 | 31 |
|
| 32 | 32 |
func (s *UserConversion) ConvertToAccessToken(user interface{}, token *oapi.OAuthAccessToken) error {
|
| 33 |
- info, ok := user.(api.UserInfo) |
|
| 33 |
+ info, ok := user.(kuser.Info) |
|
| 34 | 34 |
if !ok {
|
| 35 |
- return errors.New("did not receive UserInfo")
|
|
| 35 |
+ return errors.New("did not receive user.Info")
|
|
| 36 | 36 |
} |
| 37 | 37 |
token.UserName = info.GetName() |
| 38 | 38 |
if token.UserName == "" {
|
| ... | ... |
@@ -46,7 +46,7 @@ func (s *UserConversion) ConvertFromAuthorizeToken(token *oapi.OAuthAuthorizeTok |
| 46 | 46 |
if token.UserName == "" {
|
| 47 | 47 |
return nil, errors.New("token has no user name stored")
|
| 48 | 48 |
} |
| 49 |
- return &api.DefaultUserInfo{
|
|
| 49 |
+ return &kuser.DefaultInfo{
|
|
| 50 | 50 |
Name: token.UserName, |
| 51 | 51 |
UID: token.UserUID, |
| 52 | 52 |
}, nil |
| ... | ... |
@@ -56,7 +56,7 @@ func (s *UserConversion) ConvertFromAccessToken(token *oapi.OAuthAccessToken) (i |
| 56 | 56 |
if token.UserName == "" {
|
| 57 | 57 |
return nil, errors.New("token has no user name stored")
|
| 58 | 58 |
} |
| 59 |
- return &api.DefaultUserInfo{
|
|
| 59 |
+ return &kuser.DefaultInfo{
|
|
| 60 | 60 |
Name: token.UserName, |
| 61 | 61 |
UID: token.UserUID, |
| 62 | 62 |
}, nil |
| ... | ... |
@@ -6,8 +6,8 @@ import ( |
| 6 | 6 |
"net/url" |
| 7 | 7 |
"strings" |
| 8 | 8 |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 9 | 10 |
"github.com/golang/glog" |
| 10 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
| 11 | 11 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 12 | 12 |
ohandlers "github.com/openshift/origin/pkg/auth/oauth/handlers" |
| 13 | 13 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
| ... | ... |
@@ -102,7 +102,7 @@ func (l *Grant) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
| 102 | 102 |
} |
| 103 | 103 |
} |
| 104 | 104 |
|
| 105 |
-func (l *Grant) handleForm(user authapi.UserInfo, w http.ResponseWriter, req *http.Request) {
|
|
| 105 |
+func (l *Grant) handleForm(user user.Info, w http.ResponseWriter, req *http.Request) {
|
|
| 106 | 106 |
q := req.URL.Query() |
| 107 | 107 |
then := q.Get("then")
|
| 108 | 108 |
clientID := q.Get("client_id")
|
| ... | ... |
@@ -152,7 +152,7 @@ func (l *Grant) handleForm(user authapi.UserInfo, w http.ResponseWriter, req *ht |
| 152 | 152 |
l.render.Render(form, w, req) |
| 153 | 153 |
} |
| 154 | 154 |
|
| 155 |
-func (l *Grant) handleGrant(user authapi.UserInfo, w http.ResponseWriter, req *http.Request) {
|
|
| 155 |
+func (l *Grant) handleGrant(user user.Info, w http.ResponseWriter, req *http.Request) {
|
|
| 156 | 156 |
if ok, err := l.csrf.Check(req, req.FormValue("csrf")); !ok || err != nil {
|
| 157 | 157 |
glog.Errorf("Unable to check CSRF token: %v", err)
|
| 158 | 158 |
l.failed("Invalid CSRF token", w, req)
|
| ... | ... |
@@ -11,25 +11,25 @@ import ( |
| 11 | 11 |
"testing" |
| 12 | 12 |
|
| 13 | 13 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
| 14 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 14 | 15 |
|
| 15 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 16 | 16 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
| 17 | 17 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
| 18 | 18 |
"github.com/openshift/origin/pkg/oauth/registry/test" |
| 19 | 19 |
) |
| 20 | 20 |
|
| 21 | 21 |
type testAuth struct {
|
| 22 |
- User api.UserInfo |
|
| 22 |
+ User user.Info |
|
| 23 | 23 |
Success bool |
| 24 | 24 |
Err error |
| 25 | 25 |
} |
| 26 | 26 |
|
| 27 |
-func (t *testAuth) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 27 |
+func (t *testAuth) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 28 | 28 |
return t.User, t.Success, t.Err |
| 29 | 29 |
} |
| 30 | 30 |
|
| 31 | 31 |
func goodAuth(username string) *testAuth {
|
| 32 |
- return &testAuth{Success: true, User: &api.DefaultUserInfo{Name: username}}
|
|
| 32 |
+ return &testAuth{Success: true, User: &user.DefaultInfo{Name: username}}
|
|
| 33 | 33 |
} |
| 34 | 34 |
func badAuth(err error) *testAuth {
|
| 35 | 35 |
return &testAuth{Success: false, User: nil, Err: err}
|
| ... | ... |
@@ -6,7 +6,7 @@ import ( |
| 6 | 6 |
|
| 7 | 7 |
"github.com/golang/glog" |
| 8 | 8 |
|
| 9 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 10 | 10 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 11 | 11 |
"github.com/openshift/origin/pkg/auth/oauth/handlers" |
| 12 | 12 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
| ... | ... |
@@ -24,7 +24,7 @@ type ConfirmFormRenderer interface {
|
| 24 | 24 |
type ConfirmForm struct {
|
| 25 | 25 |
Action string |
| 26 | 26 |
Error string |
| 27 |
- User api.UserInfo |
|
| 27 |
+ User user.Info |
|
| 28 | 28 |
Values ConfirmFormValues |
| 29 | 29 |
} |
| 30 | 30 |
|
| ... | ... |
@@ -9,25 +9,26 @@ import ( |
| 9 | 9 |
"strings" |
| 10 | 10 |
"testing" |
| 11 | 11 |
|
| 12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 13 |
+ |
|
| 13 | 14 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
| 14 | 15 |
) |
| 15 | 16 |
|
| 16 | 17 |
type testImplicit struct {
|
| 17 | 18 |
Request *http.Request |
| 18 |
- User api.UserInfo |
|
| 19 |
+ User user.Info |
|
| 19 | 20 |
Success bool |
| 20 | 21 |
Err error |
| 21 | 22 |
Then string |
| 22 | 23 |
Called bool |
| 23 | 24 |
} |
| 24 | 25 |
|
| 25 |
-func (t *testImplicit) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 26 |
+func (t *testImplicit) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 26 | 27 |
t.Request = req |
| 27 | 28 |
return t.User, t.Success, t.Err |
| 28 | 29 |
} |
| 29 | 30 |
|
| 30 |
-func (t *testImplicit) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 31 |
+func (t *testImplicit) AuthenticationSucceeded(user user.Info, then string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 31 | 32 |
t.Called = true |
| 32 | 33 |
t.User = user |
| 33 | 34 |
t.Then = then |
| ... | ... |
@@ -48,7 +49,7 @@ func TestImplicit(t *testing.T) {
|
| 48 | 48 |
}{
|
| 49 | 49 |
"display confirm form": {
|
| 50 | 50 |
CSRF: &csrf.FakeCSRF{"test", nil},
|
| 51 |
- Implicit: &testImplicit{Success: true, User: &api.DefaultUserInfo{Name: "user"}},
|
|
| 51 |
+ Implicit: &testImplicit{Success: true, User: &user.DefaultInfo{Name: "user"}},
|
|
| 52 | 52 |
Path: "/login", |
| 53 | 53 |
ExpectContains: []string{
|
| 54 | 54 |
`action="/login"`, |
| ... | ... |
@@ -57,14 +58,14 @@ func TestImplicit(t *testing.T) {
|
| 57 | 57 |
}, |
| 58 | 58 |
"successful POST redirects": {
|
| 59 | 59 |
CSRF: &csrf.FakeCSRF{"test", nil},
|
| 60 |
- Implicit: &testImplicit{Success: true, User: &api.DefaultUserInfo{Name: "user"}},
|
|
| 60 |
+ Implicit: &testImplicit{Success: true, User: &user.DefaultInfo{Name: "user"}},
|
|
| 61 | 61 |
Path: "/login?then=%2Ffoo", |
| 62 | 62 |
PostValues: url.Values{"csrf": []string{"test"}},
|
| 63 | 63 |
ExpectThen: "/foo", |
| 64 | 64 |
}, |
| 65 | 65 |
"redirect when POST fails CSRF": {
|
| 66 | 66 |
CSRF: &csrf.FakeCSRF{"test", nil},
|
| 67 |
- Implicit: &testImplicit{Success: true, User: &api.DefaultUserInfo{Name: "user"}},
|
|
| 67 |
+ Implicit: &testImplicit{Success: true, User: &user.DefaultInfo{Name: "user"}},
|
|
| 68 | 68 |
Path: "/login", |
| 69 | 69 |
PostValues: url.Values{"csrf": []string{"wrong"}},
|
| 70 | 70 |
ExpectRedirect: "/login?reason=token+expired", |
| ... | ... |
@@ -9,27 +9,28 @@ import ( |
| 9 | 9 |
"strings" |
| 10 | 10 |
"testing" |
| 11 | 11 |
|
| 12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 13 |
+ |
|
| 13 | 14 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
| 14 | 15 |
) |
| 15 | 16 |
|
| 16 | 17 |
type testAuth struct {
|
| 17 | 18 |
Username string |
| 18 | 19 |
Password string |
| 19 |
- User api.UserInfo |
|
| 20 |
+ User user.Info |
|
| 20 | 21 |
Success bool |
| 21 | 22 |
Err error |
| 22 | 23 |
Then string |
| 23 | 24 |
Called bool |
| 24 | 25 |
} |
| 25 | 26 |
|
| 26 |
-func (t *testAuth) AuthenticatePassword(user, password string) (api.UserInfo, bool, error) {
|
|
| 27 |
+func (t *testAuth) AuthenticatePassword(user, password string) (user.Info, bool, error) {
|
|
| 27 | 28 |
t.Username = user |
| 28 | 29 |
t.Password = password |
| 29 | 30 |
return t.User, t.Success, t.Err |
| 30 | 31 |
} |
| 31 | 32 |
|
| 32 |
-func (t *testAuth) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 33 |
+func (t *testAuth) AuthenticationSucceeded(user user.Info, then string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 33 | 34 |
t.Called = true |
| 34 | 35 |
t.User = user |
| 35 | 36 |
t.Then = then |
| ... | ... |
@@ -128,7 +129,7 @@ func TestLogin(t *testing.T) {
|
| 128 | 128 |
}, |
| 129 | 129 |
"login successful": {
|
| 130 | 130 |
CSRF: &csrf.FakeCSRF{Token: "test"},
|
| 131 |
- Auth: &testAuth{Success: true, User: &api.DefaultUserInfo{Name: "user"}},
|
|
| 131 |
+ Auth: &testAuth{Success: true, User: &user.DefaultInfo{Name: "user"}},
|
|
| 132 | 132 |
Path: "/login?then=done", |
| 133 | 133 |
PostValues: url.Values{
|
| 134 | 134 |
"csrf": []string{"test"},
|
| ... | ... |
@@ -4,7 +4,7 @@ import ( |
| 4 | 4 |
"errors" |
| 5 | 5 |
"net/http" |
| 6 | 6 |
|
| 7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 8 |
) |
| 9 | 9 |
|
| 10 | 10 |
const UserNameKey = "user.name" |
| ... | ... |
@@ -22,7 +22,7 @@ func NewAuthenticator(store Store, name string) *Authenticator {
|
| 22 | 22 |
} |
| 23 | 23 |
} |
| 24 | 24 |
|
| 25 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 25 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
|
|
| 26 | 26 |
session, err := a.store.Get(req, a.name) |
| 27 | 27 |
if err != nil {
|
| 28 | 28 |
return nil, false, err |
| ... | ... |
@@ -50,13 +50,13 @@ func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bo |
| 50 | 50 |
} |
| 51 | 51 |
// Tolerate empty string UIDs in the session |
| 52 | 52 |
|
| 53 |
- return &api.DefaultUserInfo{
|
|
| 53 |
+ return &user.DefaultInfo{
|
|
| 54 | 54 |
Name: name, |
| 55 | 55 |
UID: uid, |
| 56 | 56 |
}, true, nil |
| 57 | 57 |
} |
| 58 | 58 |
|
| 59 |
-func (a *Authenticator) AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 59 |
+func (a *Authenticator) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 60 | 60 |
session, err := a.store.Get(req, a.name) |
| 61 | 61 |
if err != nil {
|
| 62 | 62 |
return false, err |
| ... | ... |
@@ -1,6 +1,7 @@ |
| 1 | 1 |
package identitymapper |
| 2 | 2 |
|
| 3 | 3 |
import ( |
| 4 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 4 | 5 |
authapi "github.com/openshift/origin/pkg/auth/api" |
| 5 | 6 |
userapi "github.com/openshift/origin/pkg/user/api" |
| 6 | 7 |
uimap "github.com/openshift/origin/pkg/user/registry/useridentitymapping" |
| ... | ... |
@@ -17,7 +18,7 @@ func NewAlwaysCreateUserIdentityToUserMapper(providerID string, userIdentityRegi |
| 17 | 17 |
} |
| 18 | 18 |
|
| 19 | 19 |
// UserFor returns info about the user for whom identity info have been provided |
| 20 |
-func (p *alwaysCreateUserIdentityToUserMapper) UserFor(identityInfo authapi.UserIdentityInfo) (authapi.UserInfo, error) {
|
|
| 20 |
+func (p *alwaysCreateUserIdentityToUserMapper) UserFor(identityInfo authapi.UserIdentityInfo) (user.Info, error) {
|
|
| 21 | 21 |
userIdentityMapping := &userapi.UserIdentityMapping{
|
| 22 | 22 |
Identity: userapi.Identity{
|
| 23 | 23 |
Provider: p.providerID, // Provider id is imposed |
| ... | ... |
@@ -30,9 +31,8 @@ func (p *alwaysCreateUserIdentityToUserMapper) UserFor(identityInfo authapi.User |
| 30 | 30 |
return nil, err |
| 31 | 31 |
} |
| 32 | 32 |
|
| 33 |
- return &authapi.DefaultUserInfo{
|
|
| 34 |
- Name: authoritativeMapping.User.Name, |
|
| 35 |
- UID: string(authoritativeMapping.User.UID), |
|
| 36 |
- Extra: authoritativeMapping.Identity.Extra, |
|
| 33 |
+ return &user.DefaultInfo{
|
|
| 34 |
+ Name: authoritativeMapping.User.Name, |
|
| 35 |
+ UID: string(authoritativeMapping.User.UID), |
|
| 37 | 36 |
}, nil |
| 38 | 37 |
} |
| ... | ... |
@@ -7,10 +7,10 @@ import ( |
| 7 | 7 |
"strings" |
| 8 | 8 |
|
| 9 | 9 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
| 10 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 10 | 11 |
klabels "github.com/GoogleCloudPlatform/kubernetes/pkg/labels" |
| 11 | 12 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/util" |
| 12 | 13 |
|
| 13 |
- authenticationapi "github.com/openshift/origin/pkg/auth/api" |
|
| 14 | 14 |
authcontext "github.com/openshift/origin/pkg/auth/context" |
| 15 | 15 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
| 16 | 16 |
policyregistry "github.com/openshift/origin/pkg/authorization/registry/policy" |
| ... | ... |
@@ -26,7 +26,7 @@ type AuthorizationAttributeBuilder interface {
|
| 26 | 26 |
} |
| 27 | 27 |
|
| 28 | 28 |
type AuthorizationAttributes interface {
|
| 29 |
- GetUserInfo() authenticationapi.UserInfo |
|
| 29 |
+ GetUserInfo() user.Info |
|
| 30 | 30 |
GetVerb() string |
| 31 | 31 |
GetResource() string |
| 32 | 32 |
GetNamespace() string |
| ... | ... |
@@ -45,7 +45,7 @@ func NewAuthorizer(masterAuthorizationNamespace string, policyRuleBindingRegistr |
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 | 47 |
type openshiftAuthorizationAttributes struct {
|
| 48 |
- user authenticationapi.UserInfo |
|
| 48 |
+ user user.Info |
|
| 49 | 49 |
verb string |
| 50 | 50 |
resource string |
| 51 | 51 |
namespace string |
| ... | ... |
@@ -60,7 +60,7 @@ func NewAuthorizationAttributeBuilder(requestsToUsers *authcontext.RequestContex |
| 60 | 60 |
return &openshiftAuthorizationAttributeBuilder{requestsToUsers}
|
| 61 | 61 |
} |
| 62 | 62 |
|
| 63 |
-func doesApplyToUser(ruleUsers, ruleGroups []string, user authenticationapi.UserInfo) bool {
|
|
| 63 |
+func doesApplyToUser(ruleUsers, ruleGroups []string, user user.Info) bool {
|
|
| 64 | 64 |
if contains(ruleUsers, user.GetName()) {
|
| 65 | 65 |
return true |
| 66 | 66 |
} |
| ... | ... |
@@ -138,7 +138,7 @@ func (a *openshiftAuthorizer) getRole(roleBinding authorizationapi.RoleBinding) |
| 138 | 138 |
return &role, nil |
| 139 | 139 |
} |
| 140 | 140 |
|
| 141 |
-func (a *openshiftAuthorizer) getEffectivePolicyRules(namespace string, user authenticationapi.UserInfo) ([]authorizationapi.PolicyRule, error) {
|
|
| 141 |
+func (a *openshiftAuthorizer) getEffectivePolicyRules(namespace string, user user.Info) ([]authorizationapi.PolicyRule, error) {
|
|
| 142 | 142 |
roleBindings, err := a.getRoleBindings(namespace) |
| 143 | 143 |
if err != nil {
|
| 144 | 144 |
return nil, err |
| ... | ... |
@@ -271,7 +271,7 @@ func (a openshiftAuthorizationAttributes) resourceMatches(resourceNames util.Str |
| 271 | 271 |
return resourceNames.Has(authorizationapi.ResourceAll) || resourceNames.Has(strings.ToLower(a.GetResource())) |
| 272 | 272 |
} |
| 273 | 273 |
|
| 274 |
-func (a openshiftAuthorizationAttributes) GetUserInfo() authenticationapi.UserInfo {
|
|
| 274 |
+func (a openshiftAuthorizationAttributes) GetUserInfo() user.Info {
|
|
| 275 | 275 |
return a.user |
| 276 | 276 |
} |
| 277 | 277 |
|
| ... | ... |
@@ -301,7 +301,7 @@ func (a *openshiftAuthorizationAttributeBuilder) GetAttributes(req *http.Request |
| 301 | 301 |
if !ok {
|
| 302 | 302 |
return nil, errors.New("could not get user")
|
| 303 | 303 |
} |
| 304 |
- userInfo, ok := userInterface.(authenticationapi.UserInfo) |
|
| 304 |
+ userInfo, ok := userInterface.(user.Info) |
|
| 305 | 305 |
if !ok {
|
| 306 | 306 |
return nil, errors.New("wrong type returned for user")
|
| 307 | 307 |
} |
| ... | ... |
@@ -5,8 +5,8 @@ import ( |
| 5 | 5 |
"testing" |
| 6 | 6 |
|
| 7 | 7 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
| 8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 8 | 9 |
|
| 9 |
- authenticationapi "github.com/openshift/origin/pkg/auth/api" |
|
| 10 | 10 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
| 11 | 11 |
testpolicyregistry "github.com/openshift/origin/pkg/authorization/registry/test" |
| 12 | 12 |
) |
| ... | ... |
@@ -32,7 +32,7 @@ type authorizeTest struct {
|
| 32 | 32 |
func TestAdminEditingGlobalDeploymentConfig(t *testing.T) {
|
| 33 | 33 |
test := &authorizeTest{
|
| 34 | 34 |
attributes: &openshiftAuthorizationAttributes{
|
| 35 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 35 |
+ user: &user.DefaultInfo{
|
|
| 36 | 36 |
Name: "ClusterAdmin", |
| 37 | 37 |
}, |
| 38 | 38 |
verb: "update", |
| ... | ... |
@@ -49,7 +49,7 @@ func TestAdminEditingGlobalDeploymentConfig(t *testing.T) {
|
| 49 | 49 |
func TestDisallowedViewingGlobalPods(t *testing.T) {
|
| 50 | 50 |
test := &authorizeTest{
|
| 51 | 51 |
attributes: &openshiftAuthorizationAttributes{
|
| 52 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 52 |
+ user: &user.DefaultInfo{
|
|
| 53 | 53 |
Name: "SomeYahoo", |
| 54 | 54 |
}, |
| 55 | 55 |
verb: "get", |
| ... | ... |
@@ -66,7 +66,7 @@ func TestDisallowedViewingGlobalPods(t *testing.T) {
|
| 66 | 66 |
func TestProjectAdminEditPolicy(t *testing.T) {
|
| 67 | 67 |
test := &authorizeTest{
|
| 68 | 68 |
attributes: &openshiftAuthorizationAttributes{
|
| 69 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 69 |
+ user: &user.DefaultInfo{
|
|
| 70 | 70 |
Name: "Anna", |
| 71 | 71 |
}, |
| 72 | 72 |
verb: "update", |
| ... | ... |
@@ -84,7 +84,7 @@ func TestProjectAdminEditPolicy(t *testing.T) {
|
| 84 | 84 |
func TestGlobalPolicyOutranksLocalPolicy(t *testing.T) {
|
| 85 | 85 |
test := &authorizeTest{
|
| 86 | 86 |
attributes: &openshiftAuthorizationAttributes{
|
| 87 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 87 |
+ user: &user.DefaultInfo{
|
|
| 88 | 88 |
Name: "ClusterAdmin", |
| 89 | 89 |
}, |
| 90 | 90 |
verb: "update", |
| ... | ... |
@@ -102,7 +102,7 @@ func TestGlobalPolicyOutranksLocalPolicy(t *testing.T) {
|
| 102 | 102 |
func TestResourceKindRestrictionsWork(t *testing.T) {
|
| 103 | 103 |
test1 := &authorizeTest{
|
| 104 | 104 |
attributes: &openshiftAuthorizationAttributes{
|
| 105 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 105 |
+ user: &user.DefaultInfo{
|
|
| 106 | 106 |
Name: "Rachel", |
| 107 | 107 |
}, |
| 108 | 108 |
verb: "get", |
| ... | ... |
@@ -118,7 +118,7 @@ func TestResourceKindRestrictionsWork(t *testing.T) {
|
| 118 | 118 |
|
| 119 | 119 |
test2 := &authorizeTest{
|
| 120 | 120 |
attributes: &openshiftAuthorizationAttributes{
|
| 121 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 121 |
+ user: &user.DefaultInfo{
|
|
| 122 | 122 |
Name: "Rachel", |
| 123 | 123 |
}, |
| 124 | 124 |
verb: "get", |
| ... | ... |
@@ -136,7 +136,7 @@ func TestResourceKindRestrictionsWork(t *testing.T) {
|
| 136 | 136 |
func TestResourceKindRestrictionsWithWeirdWork(t *testing.T) {
|
| 137 | 137 |
test1 := &authorizeTest{
|
| 138 | 138 |
attributes: &openshiftAuthorizationAttributes{
|
| 139 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 139 |
+ user: &user.DefaultInfo{
|
|
| 140 | 140 |
Name: "Rachel", |
| 141 | 141 |
}, |
| 142 | 142 |
verb: "get", |
| ... | ... |
@@ -152,7 +152,7 @@ func TestResourceKindRestrictionsWithWeirdWork(t *testing.T) {
|
| 152 | 152 |
|
| 153 | 153 |
test2 := &authorizeTest{
|
| 154 | 154 |
attributes: &openshiftAuthorizationAttributes{
|
| 155 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 155 |
+ user: &user.DefaultInfo{
|
|
| 156 | 156 |
Name: "Rachel", |
| 157 | 157 |
}, |
| 158 | 158 |
verb: "get", |
| ... | ... |
@@ -170,7 +170,7 @@ func TestResourceKindRestrictionsWithWeirdWork(t *testing.T) {
|
| 170 | 170 |
func TestLocalRightsDoNotGrantGlobalRights(t *testing.T) {
|
| 171 | 171 |
test := &authorizeTest{
|
| 172 | 172 |
attributes: &openshiftAuthorizationAttributes{
|
| 173 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 173 |
+ user: &user.DefaultInfo{
|
|
| 174 | 174 |
Name: "Rachel", |
| 175 | 175 |
}, |
| 176 | 176 |
verb: "get", |
| ... | ... |
@@ -188,7 +188,7 @@ func TestLocalRightsDoNotGrantGlobalRights(t *testing.T) {
|
| 188 | 188 |
func TestVerbRestrictionsWork(t *testing.T) {
|
| 189 | 189 |
test1 := &authorizeTest{
|
| 190 | 190 |
attributes: &openshiftAuthorizationAttributes{
|
| 191 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 191 |
+ user: &user.DefaultInfo{
|
|
| 192 | 192 |
Name: "Valerie", |
| 193 | 193 |
}, |
| 194 | 194 |
verb: "get", |
| ... | ... |
@@ -204,7 +204,7 @@ func TestVerbRestrictionsWork(t *testing.T) {
|
| 204 | 204 |
|
| 205 | 205 |
test2 := &authorizeTest{
|
| 206 | 206 |
attributes: &openshiftAuthorizationAttributes{
|
| 207 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 207 |
+ user: &user.DefaultInfo{
|
|
| 208 | 208 |
Name: "Valerie", |
| 209 | 209 |
}, |
| 210 | 210 |
verb: "create", |
| ... | ... |
@@ -4,15 +4,15 @@ import ( |
| 4 | 4 |
"testing" |
| 5 | 5 |
|
| 6 | 6 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
| 7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 7 | 8 |
|
| 8 |
- authenticationapi "github.com/openshift/origin/pkg/auth/api" |
|
| 9 | 9 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
| 10 | 10 |
) |
| 11 | 11 |
|
| 12 | 12 |
func TestViewerGetAllowedKindInMallet(t *testing.T) {
|
| 13 | 13 |
test := &authorizeTest{
|
| 14 | 14 |
attributes: &openshiftAuthorizationAttributes{
|
| 15 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 15 |
+ user: &user.DefaultInfo{
|
|
| 16 | 16 |
Name: "Victor", |
| 17 | 17 |
}, |
| 18 | 18 |
verb: "get", |
| ... | ... |
@@ -29,7 +29,7 @@ func TestViewerGetAllowedKindInMallet(t *testing.T) {
|
| 29 | 29 |
func TestViewerGetAllowedKindInAdze(t *testing.T) {
|
| 30 | 30 |
test := &authorizeTest{
|
| 31 | 31 |
attributes: &openshiftAuthorizationAttributes{
|
| 32 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 32 |
+ user: &user.DefaultInfo{
|
|
| 33 | 33 |
Name: "Victor", |
| 34 | 34 |
}, |
| 35 | 35 |
verb: "get", |
| ... | ... |
@@ -47,7 +47,7 @@ func TestViewerGetAllowedKindInAdze(t *testing.T) {
|
| 47 | 47 |
func TestViewerGetDisallowedKindInMallet(t *testing.T) {
|
| 48 | 48 |
test := &authorizeTest{
|
| 49 | 49 |
attributes: &openshiftAuthorizationAttributes{
|
| 50 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 50 |
+ user: &user.DefaultInfo{
|
|
| 51 | 51 |
Name: "Victor", |
| 52 | 52 |
}, |
| 53 | 53 |
verb: "get", |
| ... | ... |
@@ -64,7 +64,7 @@ func TestViewerGetDisallowedKindInMallet(t *testing.T) {
|
| 64 | 64 |
func TestViewerGetDisallowedKindInAdze(t *testing.T) {
|
| 65 | 65 |
test := &authorizeTest{
|
| 66 | 66 |
attributes: &openshiftAuthorizationAttributes{
|
| 67 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 67 |
+ user: &user.DefaultInfo{
|
|
| 68 | 68 |
Name: "Victor", |
| 69 | 69 |
}, |
| 70 | 70 |
verb: "get", |
| ... | ... |
@@ -82,7 +82,7 @@ func TestViewerGetDisallowedKindInAdze(t *testing.T) {
|
| 82 | 82 |
func TestViewerCreateAllowedKindInMallet(t *testing.T) {
|
| 83 | 83 |
test := &authorizeTest{
|
| 84 | 84 |
attributes: &openshiftAuthorizationAttributes{
|
| 85 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 85 |
+ user: &user.DefaultInfo{
|
|
| 86 | 86 |
Name: "Victor", |
| 87 | 87 |
}, |
| 88 | 88 |
verb: "create", |
| ... | ... |
@@ -99,7 +99,7 @@ func TestViewerCreateAllowedKindInMallet(t *testing.T) {
|
| 99 | 99 |
func TestViewerCreateAllowedKindInAdze(t *testing.T) {
|
| 100 | 100 |
test := &authorizeTest{
|
| 101 | 101 |
attributes: &openshiftAuthorizationAttributes{
|
| 102 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 102 |
+ user: &user.DefaultInfo{
|
|
| 103 | 103 |
Name: "Victor", |
| 104 | 104 |
}, |
| 105 | 105 |
verb: "create", |
| ... | ... |
@@ -117,7 +117,7 @@ func TestViewerCreateAllowedKindInAdze(t *testing.T) {
|
| 117 | 117 |
func TestEditorUpdateAllowedKindInMallet(t *testing.T) {
|
| 118 | 118 |
test := &authorizeTest{
|
| 119 | 119 |
attributes: &openshiftAuthorizationAttributes{
|
| 120 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 120 |
+ user: &user.DefaultInfo{
|
|
| 121 | 121 |
Name: "Edgar", |
| 122 | 122 |
}, |
| 123 | 123 |
verb: "update", |
| ... | ... |
@@ -134,7 +134,7 @@ func TestEditorUpdateAllowedKindInMallet(t *testing.T) {
|
| 134 | 134 |
func TestEditorUpdateAllowedKindInAdze(t *testing.T) {
|
| 135 | 135 |
test := &authorizeTest{
|
| 136 | 136 |
attributes: &openshiftAuthorizationAttributes{
|
| 137 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 137 |
+ user: &user.DefaultInfo{
|
|
| 138 | 138 |
Name: "Edgar", |
| 139 | 139 |
}, |
| 140 | 140 |
verb: "update", |
| ... | ... |
@@ -152,7 +152,7 @@ func TestEditorUpdateAllowedKindInAdze(t *testing.T) {
|
| 152 | 152 |
func TestEditorUpdateDisallowedKindInMallet(t *testing.T) {
|
| 153 | 153 |
test := &authorizeTest{
|
| 154 | 154 |
attributes: &openshiftAuthorizationAttributes{
|
| 155 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 155 |
+ user: &user.DefaultInfo{
|
|
| 156 | 156 |
Name: "Edgar", |
| 157 | 157 |
}, |
| 158 | 158 |
verb: "update", |
| ... | ... |
@@ -169,7 +169,7 @@ func TestEditorUpdateDisallowedKindInMallet(t *testing.T) {
|
| 169 | 169 |
func TestEditorUpdateDisallowedKindInAdze(t *testing.T) {
|
| 170 | 170 |
test := &authorizeTest{
|
| 171 | 171 |
attributes: &openshiftAuthorizationAttributes{
|
| 172 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 172 |
+ user: &user.DefaultInfo{
|
|
| 173 | 173 |
Name: "Edgar", |
| 174 | 174 |
}, |
| 175 | 175 |
verb: "update", |
| ... | ... |
@@ -187,7 +187,7 @@ func TestEditorUpdateDisallowedKindInAdze(t *testing.T) {
|
| 187 | 187 |
func TestEditorGetAllowedKindInMallet(t *testing.T) {
|
| 188 | 188 |
test := &authorizeTest{
|
| 189 | 189 |
attributes: &openshiftAuthorizationAttributes{
|
| 190 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 190 |
+ user: &user.DefaultInfo{
|
|
| 191 | 191 |
Name: "Edgar", |
| 192 | 192 |
}, |
| 193 | 193 |
verb: "get", |
| ... | ... |
@@ -204,7 +204,7 @@ func TestEditorGetAllowedKindInMallet(t *testing.T) {
|
| 204 | 204 |
func TestEditorGetAllowedKindInAdze(t *testing.T) {
|
| 205 | 205 |
test := &authorizeTest{
|
| 206 | 206 |
attributes: &openshiftAuthorizationAttributes{
|
| 207 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 207 |
+ user: &user.DefaultInfo{
|
|
| 208 | 208 |
Name: "Edgar", |
| 209 | 209 |
}, |
| 210 | 210 |
verb: "get", |
| ... | ... |
@@ -222,7 +222,7 @@ func TestEditorGetAllowedKindInAdze(t *testing.T) {
|
| 222 | 222 |
func TestAdminUpdateAllowedKindInMallet(t *testing.T) {
|
| 223 | 223 |
test := &authorizeTest{
|
| 224 | 224 |
attributes: &openshiftAuthorizationAttributes{
|
| 225 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 225 |
+ user: &user.DefaultInfo{
|
|
| 226 | 226 |
Name: "Matthew", |
| 227 | 227 |
}, |
| 228 | 228 |
verb: "update", |
| ... | ... |
@@ -239,7 +239,7 @@ func TestAdminUpdateAllowedKindInMallet(t *testing.T) {
|
| 239 | 239 |
func TestAdminUpdateAllowedKindInAdze(t *testing.T) {
|
| 240 | 240 |
test := &authorizeTest{
|
| 241 | 241 |
attributes: &openshiftAuthorizationAttributes{
|
| 242 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 242 |
+ user: &user.DefaultInfo{
|
|
| 243 | 243 |
Name: "Matthew", |
| 244 | 244 |
}, |
| 245 | 245 |
verb: "update", |
| ... | ... |
@@ -257,7 +257,7 @@ func TestAdminUpdateAllowedKindInAdze(t *testing.T) {
|
| 257 | 257 |
func TestAdminUpdateDisallowedKindInMallet(t *testing.T) {
|
| 258 | 258 |
test := &authorizeTest{
|
| 259 | 259 |
attributes: &openshiftAuthorizationAttributes{
|
| 260 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 260 |
+ user: &user.DefaultInfo{
|
|
| 261 | 261 |
Name: "Matthew", |
| 262 | 262 |
}, |
| 263 | 263 |
verb: "update", |
| ... | ... |
@@ -274,7 +274,7 @@ func TestAdminUpdateDisallowedKindInMallet(t *testing.T) {
|
| 274 | 274 |
func TestAdminUpdateDisallowedKindInAdze(t *testing.T) {
|
| 275 | 275 |
test := &authorizeTest{
|
| 276 | 276 |
attributes: &openshiftAuthorizationAttributes{
|
| 277 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 277 |
+ user: &user.DefaultInfo{
|
|
| 278 | 278 |
Name: "Matthew", |
| 279 | 279 |
}, |
| 280 | 280 |
verb: "update", |
| ... | ... |
@@ -292,7 +292,7 @@ func TestAdminUpdateDisallowedKindInAdze(t *testing.T) {
|
| 292 | 292 |
func TestAdminGetAllowedKindInMallet(t *testing.T) {
|
| 293 | 293 |
test := &authorizeTest{
|
| 294 | 294 |
attributes: &openshiftAuthorizationAttributes{
|
| 295 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 295 |
+ user: &user.DefaultInfo{
|
|
| 296 | 296 |
Name: "Matthew", |
| 297 | 297 |
}, |
| 298 | 298 |
verb: "get", |
| ... | ... |
@@ -309,7 +309,7 @@ func TestAdminGetAllowedKindInMallet(t *testing.T) {
|
| 309 | 309 |
func TestAdminGetAllowedKindInAdze(t *testing.T) {
|
| 310 | 310 |
test := &authorizeTest{
|
| 311 | 311 |
attributes: &openshiftAuthorizationAttributes{
|
| 312 |
- user: &authenticationapi.DefaultUserInfo{
|
|
| 312 |
+ user: &user.DefaultInfo{
|
|
| 313 | 313 |
Name: "Matthew", |
| 314 | 314 |
}, |
| 315 | 315 |
verb: "get", |
| ... | ... |
@@ -11,13 +11,13 @@ import ( |
| 11 | 11 |
|
| 12 | 12 |
"code.google.com/p/go-uuid/uuid" |
| 13 | 13 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
| 14 |
+ kuser "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 14 | 15 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/tools" |
| 15 | 16 |
"github.com/RangelReale/osin" |
| 16 | 17 |
"github.com/RangelReale/osincli" |
| 17 | 18 |
"github.com/emicklei/go-restful" |
| 18 | 19 |
"github.com/golang/glog" |
| 19 | 20 |
|
| 20 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 21 | 21 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 22 | 22 |
"github.com/openshift/origin/pkg/auth/authenticator/challenger/passwordchallenger" |
| 23 | 23 |
"github.com/openshift/origin/pkg/auth/authenticator/password/allowanypassword" |
| ... | ... |
@@ -598,7 +598,7 @@ type callbackPasswordAuthenticator struct {
|
| 598 | 598 |
type redirectSuccessHandler struct{}
|
| 599 | 599 |
|
| 600 | 600 |
// AuthenticationSuccess informs client when authentication was successful |
| 601 |
-func (redirectSuccessHandler) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 601 |
+func (redirectSuccessHandler) AuthenticationSucceeded(user kuser.Info, then string, w http.ResponseWriter, req *http.Request) (bool, error) {
|
|
| 602 | 602 |
if len(then) == 0 {
|
| 603 | 603 |
return false, fmt.Errorf("Auth succeeded, but no redirect existed - user=%#v", user)
|
| 604 | 604 |
} |
| ... | ... |
@@ -18,6 +18,7 @@ import ( |
| 18 | 18 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
| 19 | 19 |
klatest "github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest" |
| 20 | 20 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver" |
| 21 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 21 | 22 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities" |
| 22 | 23 |
kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client" |
| 23 | 24 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/client/clientcmd" |
| ... | ... |
@@ -31,7 +32,6 @@ import ( |
| 31 | 31 |
"github.com/spf13/pflag" |
| 32 | 32 |
|
| 33 | 33 |
"github.com/openshift/origin/pkg/api/latest" |
| 34 |
- "github.com/openshift/origin/pkg/auth/api" |
|
| 35 | 34 |
"github.com/openshift/origin/pkg/auth/authenticator" |
| 36 | 35 |
"github.com/openshift/origin/pkg/auth/authenticator/request/bearertoken" |
| 37 | 36 |
"github.com/openshift/origin/pkg/auth/authenticator/request/paramtoken" |
| ... | ... |
@@ -475,8 +475,8 @@ func start(cfg *config, args []string) error {
|
| 475 | 475 |
FailOnError: true, |
| 476 | 476 |
Handlers: []authenticator.Request{
|
| 477 | 477 |
group.NewGroupAdder(unionrequest.NewUnionAuthentication(authenticators...), []string{authenticatedGroup}),
|
| 478 |
- authenticator.RequestFunc(func(req *http.Request) (api.UserInfo, bool, error) {
|
|
| 479 |
- return &api.DefaultUserInfo{Name: unauthenticatedUsername, Groups: []string{unauthenticatedGroup}}, true, nil
|
|
| 478 |
+ authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
|
|
| 479 |
+ return &user.DefaultInfo{Name: unauthenticatedUsername, Groups: []string{unauthenticatedGroup}}, true, nil
|
|
| 480 | 480 |
}), |
| 481 | 481 |
}, |
| 482 | 482 |
} |
| ... | ... |
@@ -8,17 +8,17 @@ import ( |
| 8 | 8 |
"reflect" |
| 9 | 9 |
"testing" |
| 10 | 10 |
|
| 11 |
+ kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
|
| 12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/api/meta" |
|
| 11 | 13 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver" |
| 14 |
+ kuser "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
| 12 | 15 |
kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client" |
| 13 | 16 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime" |
| 14 | 17 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/tools" |
| 15 |
- |
|
| 16 |
- kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
|
| 17 |
- "github.com/GoogleCloudPlatform/kubernetes/pkg/api/meta" |
|
| 18 | 18 |
"github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/admission/admit" |
| 19 |
+ |
|
| 19 | 20 |
"github.com/openshift/origin/pkg/api/latest" |
| 20 | 21 |
"github.com/openshift/origin/pkg/api/v1beta1" |
| 21 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
| 22 | 22 |
oapauth "github.com/openshift/origin/pkg/auth/authenticator/password/oauthpassword/registry" |
| 23 | 23 |
"github.com/openshift/origin/pkg/auth/context" |
| 24 | 24 |
"github.com/openshift/origin/pkg/client" |
| ... | ... |
@@ -151,13 +151,13 @@ func TestUserLookup(t *testing.T) {
|
| 151 | 151 |
etcdClient := newEtcdClient() |
| 152 | 152 |
interfaces, _ := latest.InterfacesFor(latest.Version) |
| 153 | 153 |
userRegistry := etcd.New(tools.EtcdHelper{etcdClient, interfaces.Codec, tools.RuntimeVersionAdapter{interfaces.MetadataAccessor}}, user.NewDefaultUserInitStrategy())
|
| 154 |
- userInfo := &authapi.DefaultUserInfo{
|
|
| 154 |
+ userInfo := &kuser.DefaultInfo{
|
|
| 155 | 155 |
Name: ":test", |
| 156 | 156 |
} |
| 157 | 157 |
userContext := context.NewRequestContextMap() |
| 158 | 158 |
userContextFunc := userregistry.ContextFunc(func(req *http.Request) (userregistry.Info, bool) {
|
| 159 | 159 |
obj, found := userContext.Get(req) |
| 160 |
- if user, ok := obj.(authapi.UserInfo); found && ok {
|
|
| 160 |
+ if user, ok := obj.(kuser.Info); found && ok {
|
|
| 161 | 161 |
return user, true |
| 162 | 162 |
} |
| 163 | 163 |
return nil, false |