... | ... |
@@ -1,13 +1,8 @@ |
1 | 1 |
package api |
2 | 2 |
|
3 |
-// TODO: Add display name to common meta? |
|
4 |
-type UserInfo interface { |
|
5 |
- GetName() string |
|
6 |
- GetUID() string |
|
7 |
- GetGroups() []string |
|
8 |
- GetScope() string |
|
9 |
- GetExtra() map[string]string |
|
10 |
-} |
|
3 |
+import ( |
|
4 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
5 |
+) |
|
11 | 6 |
|
12 | 7 |
// UserIdentityInfo contains information about an identity. Identities are distinct from users. An authentication server of |
13 | 8 |
// some kind (like oauth for example) describes an identity. Our system controls the users mapped to this identity. |
... | ... |
@@ -20,11 +15,11 @@ type UserIdentityInfo interface { |
20 | 20 |
GetExtra() map[string]string |
21 | 21 |
} |
22 | 22 |
|
23 |
-// UserIdentityMapper maps UserIdentities into UserInfo objects to allow different user abstractions within auth code. |
|
23 |
+// UserIdentityMapper maps UserIdentities into user.Info objects to allow different user abstractions within auth code. |
|
24 | 24 |
type UserIdentityMapper interface { |
25 | 25 |
// UserFor takes an identity, ignores the passed identity.Provider, forces the provider value to some other value and then creates the mapping. |
26 |
- // It returns the corresponding UserInfo |
|
27 |
- UserFor(identityInfo UserIdentityInfo) (UserInfo, error) |
|
26 |
+ // It returns the corresponding user.Info |
|
27 |
+ UserFor(identityInfo UserIdentityInfo) (user.Info, error) |
|
28 | 28 |
} |
29 | 29 |
|
30 | 30 |
type Client interface { |
... | ... |
@@ -41,34 +36,6 @@ type Grant struct { |
41 | 41 |
RedirectURI string |
42 | 42 |
} |
43 | 43 |
|
44 |
-type DefaultUserInfo struct { |
|
45 |
- Name string |
|
46 |
- UID string |
|
47 |
- Groups []string |
|
48 |
- Scope string |
|
49 |
- Extra map[string]string |
|
50 |
-} |
|
51 |
- |
|
52 |
-func (i *DefaultUserInfo) GetName() string { |
|
53 |
- return i.Name |
|
54 |
-} |
|
55 |
- |
|
56 |
-func (i *DefaultUserInfo) GetUID() string { |
|
57 |
- return i.UID |
|
58 |
-} |
|
59 |
- |
|
60 |
-func (i *DefaultUserInfo) GetGroups() []string { |
|
61 |
- return i.Groups |
|
62 |
-} |
|
63 |
- |
|
64 |
-func (i *DefaultUserInfo) GetScope() string { |
|
65 |
- return i.Scope |
|
66 |
-} |
|
67 |
- |
|
68 |
-func (i *DefaultUserInfo) GetExtra() map[string]string { |
|
69 |
- return i.Extra |
|
70 |
-} |
|
71 |
- |
|
72 | 44 |
type DefaultUserIdentityInfo struct { |
73 | 45 |
UserName string |
74 | 46 |
ProviderName string |
... | ... |
@@ -3,31 +3,32 @@ package authenticator |
3 | 3 |
import ( |
4 | 4 |
"net/http" |
5 | 5 |
|
6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
6 | 7 |
"github.com/openshift/origin/pkg/auth/api" |
7 | 8 |
) |
8 | 9 |
|
9 | 10 |
type Token interface { |
10 |
- AuthenticateToken(token string) (api.UserInfo, bool, error) |
|
11 |
+ AuthenticateToken(token string) (user.Info, bool, error) |
|
11 | 12 |
} |
12 | 13 |
|
13 | 14 |
type Request interface { |
14 |
- AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) |
|
15 |
+ AuthenticateRequest(req *http.Request) (user.Info, bool, error) |
|
15 | 16 |
} |
16 | 17 |
|
17 | 18 |
type Password interface { |
18 |
- AuthenticatePassword(user, password string) (api.UserInfo, bool, error) |
|
19 |
+ AuthenticatePassword(user, password string) (user.Info, bool, error) |
|
19 | 20 |
} |
20 | 21 |
|
21 | 22 |
type Assertion interface { |
22 |
- AuthenticateAssertion(assertionType, data string) (api.UserInfo, bool, error) |
|
23 |
+ AuthenticateAssertion(assertionType, data string) (user.Info, bool, error) |
|
23 | 24 |
} |
24 | 25 |
|
25 | 26 |
type Client interface { |
26 |
- AuthenticateClient(client api.Client) (api.UserInfo, bool, error) |
|
27 |
+ AuthenticateClient(client api.Client) (user.Info, bool, error) |
|
27 | 28 |
} |
28 | 29 |
|
29 |
-type RequestFunc func(req *http.Request) (api.UserInfo, bool, error) |
|
30 |
+type RequestFunc func(req *http.Request) (user.Info, bool, error) |
|
30 | 31 |
|
31 |
-func (f RequestFunc) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
32 |
+func (f RequestFunc) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
32 | 33 |
return f(req) |
33 | 34 |
} |
... | ... |
@@ -5,6 +5,7 @@ import ( |
5 | 5 |
|
6 | 6 |
"github.com/golang/glog" |
7 | 7 |
|
8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 9 |
authapi "github.com/openshift/origin/pkg/auth/api" |
9 | 10 |
"github.com/openshift/origin/pkg/auth/authenticator" |
10 | 11 |
) |
... | ... |
@@ -20,7 +21,7 @@ func New(identityMapper authapi.UserIdentityMapper) authenticator.Password { |
20 | 20 |
} |
21 | 21 |
|
22 | 22 |
// AuthenticatePassword approves any login attempt with non-blank username and password |
23 |
-func (a alwaysAcceptPasswordAuthenticator) AuthenticatePassword(username, password string) (authapi.UserInfo, bool, error) { |
|
23 |
+func (a alwaysAcceptPasswordAuthenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) { |
|
24 | 24 |
if username == "" || password == "" { |
25 | 25 |
return nil, false, nil |
26 | 26 |
} |
... | ... |
@@ -9,7 +9,7 @@ import ( |
9 | 9 |
|
10 | 10 |
"github.com/golang/glog" |
11 | 11 |
|
12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
13 | 13 |
authapi "github.com/openshift/origin/pkg/auth/api" |
14 | 14 |
"github.com/openshift/origin/pkg/auth/authenticator" |
15 | 15 |
) |
... | ... |
@@ -46,7 +46,7 @@ func New(url string, mapper authapi.UserIdentityMapper) authenticator.Password { |
46 | 46 |
return &Authenticator{url, mapper} |
47 | 47 |
} |
48 | 48 |
|
49 |
-func (a *Authenticator) AuthenticatePassword(username, password string) (api.UserInfo, bool, error) { |
|
49 |
+func (a *Authenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) { |
|
50 | 50 |
req, err := http.NewRequest("GET", a.url, nil) |
51 | 51 |
if err != nil { |
52 | 52 |
return nil, false, err |
... | ... |
@@ -3,6 +3,7 @@ package oauthpassword |
3 | 3 |
import ( |
4 | 4 |
"fmt" |
5 | 5 |
|
6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
6 | 7 |
"github.com/RangelReale/osincli" |
7 | 8 |
"github.com/golang/glog" |
8 | 9 |
authapi "github.com/openshift/origin/pkg/auth/api" |
... | ... |
@@ -18,7 +19,7 @@ func New(client *osincli.Client, identityMapper authapi.UserIdentityMapper) auth |
18 | 18 |
return &Authenticator{identityMapper, client} |
19 | 19 |
} |
20 | 20 |
|
21 |
-func (a *Authenticator) AuthenticatePassword(username, password string) (authapi.UserInfo, bool, error) { |
|
21 |
+func (a *Authenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) { |
|
22 | 22 |
areq := a.client.NewAccessRequest(osincli.PASSWORD, nil) |
23 | 23 |
areq.CustomParameters["username"] = username |
24 | 24 |
areq.CustomParameters["password"] = password |
... | ... |
@@ -3,8 +3,8 @@ package registry |
3 | 3 |
import ( |
4 | 4 |
"net/http" |
5 | 5 |
|
6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
6 | 7 |
kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client" |
7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
8 | 8 |
"github.com/openshift/origin/pkg/client" |
9 | 9 |
oclient "github.com/openshift/origin/pkg/oauth/client" |
10 | 10 |
) |
... | ... |
@@ -26,7 +26,7 @@ func New(token OAuthAccessTokenSource, host string, rt http.RoundTripper) *Authe |
26 | 26 |
return &Authenticator{token, host, rt} |
27 | 27 |
} |
28 | 28 |
|
29 |
-func (a *Authenticator) AuthenticatePassword(username, password string) (api.UserInfo, bool, error) { |
|
29 |
+func (a *Authenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) { |
|
30 | 30 |
token, ok, err := a.token.AuthenticatePassword(username, password) |
31 | 31 |
if !ok || err != nil { |
32 | 32 |
return nil, false, err |
... | ... |
@@ -38,14 +38,14 @@ func (a *Authenticator) AuthenticatePassword(username, password string) (api.Use |
38 | 38 |
if err != nil { |
39 | 39 |
return nil, false, err |
40 | 40 |
} |
41 |
- user, err := client.Users().Get("~") |
|
41 |
+ u, err := client.Users().Get("~") |
|
42 | 42 |
if err != nil { |
43 | 43 |
return nil, false, err |
44 | 44 |
} |
45 | 45 |
|
46 |
- info := &api.DefaultUserInfo{ |
|
47 |
- Name: user.Name, |
|
48 |
- UID: string(user.UID), |
|
46 |
+ info := &user.DefaultInfo{ |
|
47 |
+ Name: u.Name, |
|
48 |
+ UID: string(u.UID), |
|
49 | 49 |
} |
50 | 50 |
|
51 | 51 |
return info, true, nil |
... | ... |
@@ -6,7 +6,8 @@ import ( |
6 | 6 |
"net/http" |
7 | 7 |
"strings" |
8 | 8 |
|
9 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
10 |
+ |
|
10 | 11 |
"github.com/openshift/origin/pkg/auth/authenticator" |
11 | 12 |
) |
12 | 13 |
|
... | ... |
@@ -18,7 +19,7 @@ func NewBasicAuthAuthentication(passwordAuthenticator authenticator.Password) au |
18 | 18 |
return &basicAuthRequestHandler{passwordAuthenticator} |
19 | 19 |
} |
20 | 20 |
|
21 |
-func (authHandler *basicAuthRequestHandler) AuthenticateRequest(req *http.Request) (authapi.UserInfo, bool, error) { |
|
21 |
+func (authHandler *basicAuthRequestHandler) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
22 | 22 |
username, password, err := getBasicAuthInfo(req) |
23 | 23 |
if err != nil { |
24 | 24 |
return nil, false, err |
... | ... |
@@ -4,7 +4,7 @@ import ( |
4 | 4 |
"net/http" |
5 | 5 |
"testing" |
6 | 6 |
|
7 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 8 |
) |
9 | 9 |
|
10 | 10 |
const ( |
... | ... |
@@ -14,14 +14,14 @@ const ( |
14 | 14 |
) |
15 | 15 |
|
16 | 16 |
type mockPasswordAuthenticator struct { |
17 |
- returnUser authapi.UserInfo |
|
17 |
+ returnUser user.Info |
|
18 | 18 |
isAuthenticated bool |
19 | 19 |
err error |
20 | 20 |
passedUser string |
21 | 21 |
passedPassword string |
22 | 22 |
} |
23 | 23 |
|
24 |
-func (mock *mockPasswordAuthenticator) AuthenticatePassword(username, password string) (authapi.UserInfo, bool, error) { |
|
24 |
+func (mock *mockPasswordAuthenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) { |
|
25 | 25 |
mock.passedUser = username |
26 | 26 |
mock.passedPassword = password |
27 | 27 |
|
... | ... |
@@ -4,7 +4,7 @@ import ( |
4 | 4 |
"net/http" |
5 | 5 |
"strings" |
6 | 6 |
|
7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 8 |
"github.com/openshift/origin/pkg/auth/authenticator" |
9 | 9 |
) |
10 | 10 |
|
... | ... |
@@ -16,7 +16,7 @@ func New(auth authenticator.Token) *Authenticator { |
16 | 16 |
return &Authenticator{auth} |
17 | 17 |
} |
18 | 18 |
|
19 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
19 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
20 | 20 |
auth := strings.TrimSpace(req.Header.Get("Authorization")) |
21 | 21 |
if auth == "" { |
22 | 22 |
return nil, false, nil |
... | ... |
@@ -4,7 +4,7 @@ import ( |
4 | 4 |
"errors" |
5 | 5 |
"net/http" |
6 | 6 |
|
7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 8 |
) |
9 | 9 |
|
10 | 10 |
type Context interface { |
... | ... |
@@ -19,14 +19,14 @@ func NewAuthenticator(context Context) *Authenticator { |
19 | 19 |
return &Authenticator{context} |
20 | 20 |
} |
21 | 21 |
|
22 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
22 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
23 | 23 |
obj, ok := a.context.Get(req) |
24 | 24 |
if !ok { |
25 | 25 |
return nil, false, nil |
26 | 26 |
} |
27 |
- user, ok := obj.(api.UserInfo) |
|
27 |
+ user, ok := obj.(user.Info) |
|
28 | 28 |
if !ok { |
29 |
- return nil, false, errors.New("the context object is not an api.UserInfo") |
|
29 |
+ return nil, false, errors.New("the context object is not a user.Info") |
|
30 | 30 |
} |
31 | 31 |
return user, true, nil |
32 | 32 |
} |
... | ... |
@@ -6,7 +6,7 @@ import ( |
6 | 6 |
|
7 | 7 |
"github.com/golang/glog" |
8 | 8 |
|
9 |
- "github.com/openshift/origin/pkg/auth/api" |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
10 | 10 |
authapi "github.com/openshift/origin/pkg/auth/api" |
11 | 11 |
) |
12 | 12 |
|
... | ... |
@@ -30,7 +30,7 @@ func NewAuthenticator(config *Config, mapper authapi.UserIdentityMapper) *Authen |
30 | 30 |
return &Authenticator{config, mapper} |
31 | 31 |
} |
32 | 32 |
|
33 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
33 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
34 | 34 |
username := "" |
35 | 35 |
for _, header := range a.config.UserNameHeaders { |
36 | 36 |
header = strings.TrimSpace(header) |
... | ... |
@@ -4,13 +4,14 @@ import ( |
4 | 4 |
"net/http" |
5 | 5 |
"testing" |
6 | 6 |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
7 | 8 |
"github.com/openshift/origin/pkg/auth/api" |
8 | 9 |
) |
9 | 10 |
|
10 | 11 |
type TestUserIdentityMapper struct{} |
11 | 12 |
|
12 |
-func (m *TestUserIdentityMapper) UserFor(identityInfo api.UserIdentityInfo) (api.UserInfo, error) { |
|
13 |
- return &api.DefaultUserInfo{Name: identityInfo.GetUserName()}, nil |
|
13 |
+func (m *TestUserIdentityMapper) UserFor(identityInfo api.UserIdentityInfo) (user.Info, error) { |
|
14 |
+ return &user.DefaultInfo{Name: identityInfo.GetUserName()}, nil |
|
14 | 15 |
} |
15 | 16 |
|
16 | 17 |
func TestRequestHeader(t *testing.T) { |
... | ... |
@@ -4,7 +4,7 @@ import ( |
4 | 4 |
"net/http" |
5 | 5 |
"strings" |
6 | 6 |
|
7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 8 |
"github.com/openshift/origin/pkg/auth/authenticator" |
9 | 9 |
) |
10 | 10 |
|
... | ... |
@@ -21,7 +21,7 @@ func New(param string, auth authenticator.Token) *Authenticator { |
21 | 21 |
return &Authenticator{param, auth} |
22 | 22 |
} |
23 | 23 |
|
24 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
24 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
25 | 25 |
token := strings.TrimSpace(req.FormValue(a.param)) |
26 | 26 |
if token == "" { |
27 | 27 |
return nil, false, nil |
... | ... |
@@ -5,7 +5,7 @@ import ( |
5 | 5 |
|
6 | 6 |
kerrors "github.com/GoogleCloudPlatform/kubernetes/pkg/util/errors" |
7 | 7 |
|
8 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
9 | 9 |
"github.com/openshift/origin/pkg/auth/authenticator" |
10 | 10 |
) |
11 | 11 |
|
... | ... |
@@ -23,7 +23,7 @@ func NewUnionAuthentication(authRequestHandlers ...authenticator.Request) authen |
23 | 23 |
|
24 | 24 |
// AuthenticateRequest authenticates the request using a chain of authenticator.Request objects. The first |
25 | 25 |
// success returns that identity. Errors are only returned if no matches are found. |
26 |
-func (authHandler *Authenticator) AuthenticateRequest(req *http.Request) (authapi.UserInfo, bool, error) { |
|
26 |
+func (authHandler *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
27 | 27 |
errors := []error{} |
28 | 28 |
for _, currAuthRequestHandler := range authHandler.Handlers { |
29 | 29 |
info, ok, err := currAuthRequestHandler.AuthenticateRequest(req) |
... | ... |
@@ -6,16 +6,16 @@ import ( |
6 | 6 |
"strings" |
7 | 7 |
"testing" |
8 | 8 |
|
9 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
10 | 10 |
) |
11 | 11 |
|
12 | 12 |
type mockAuthRequestHandler struct { |
13 |
- returnUser authapi.UserInfo |
|
13 |
+ returnUser user.Info |
|
14 | 14 |
isAuthenticated bool |
15 | 15 |
err error |
16 | 16 |
} |
17 | 17 |
|
18 |
-func (mock *mockAuthRequestHandler) AuthenticateRequest(req *http.Request) (authapi.UserInfo, bool, error) { |
|
18 |
+func (mock *mockAuthRequestHandler) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
19 | 19 |
return mock.returnUser, mock.isAuthenticated, mock.err |
20 | 20 |
} |
21 | 21 |
|
... | ... |
@@ -4,20 +4,20 @@ import ( |
4 | 4 |
"crypto/x509" |
5 | 5 |
"net/http" |
6 | 6 |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
7 | 8 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/util/errors" |
8 |
- "github.com/openshift/origin/pkg/auth/api" |
|
9 | 9 |
) |
10 | 10 |
|
11 | 11 |
// UserConversion defines an interface for extracting user info from a client certificate chain |
12 | 12 |
type UserConversion interface { |
13 |
- User(chain []*x509.Certificate) (api.UserInfo, bool, error) |
|
13 |
+ User(chain []*x509.Certificate) (user.Info, bool, error) |
|
14 | 14 |
} |
15 | 15 |
|
16 | 16 |
// UserConversionFunc is a function that implements the UserConversion interface. |
17 |
-type UserConversionFunc func(chain []*x509.Certificate) (api.UserInfo, bool, error) |
|
17 |
+type UserConversionFunc func(chain []*x509.Certificate) (user.Info, bool, error) |
|
18 | 18 |
|
19 | 19 |
// User implements x509.UserConversion |
20 |
-func (f UserConversionFunc) User(chain []*x509.Certificate) (api.UserInfo, bool, error) { |
|
20 |
+func (f UserConversionFunc) User(chain []*x509.Certificate) (user.Info, bool, error) { |
|
21 | 21 |
return f(chain) |
22 | 22 |
} |
23 | 23 |
|
... | ... |
@@ -28,13 +28,13 @@ type Authenticator struct { |
28 | 28 |
} |
29 | 29 |
|
30 | 30 |
// New returns a request.Authenticator that verifies client certificates using the provided |
31 |
-// VerifyOptions, and converts valid certificate chains into api.UserInfo using the provided UserConversion |
|
31 |
+// VerifyOptions, and converts valid certificate chains into user.Info using the provided UserConversion |
|
32 | 32 |
func New(opts x509.VerifyOptions, user UserConversion) *Authenticator { |
33 | 33 |
return &Authenticator{opts, user} |
34 | 34 |
} |
35 | 35 |
|
36 | 36 |
// AuthenticateRequest authenticates the request using presented client certificates |
37 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
37 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
38 | 38 |
if req.TLS == nil { |
39 | 39 |
return nil, false, nil |
40 | 40 |
} |
... | ... |
@@ -71,25 +71,25 @@ func DefaultVerifyOptions() x509.VerifyOptions { |
71 | 71 |
} |
72 | 72 |
|
73 | 73 |
// CommonNameUserConversion builds user info from a certificate chain using the subject's CommonName |
74 |
-var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) { |
|
74 |
+var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { |
|
75 | 75 |
if len(chain[0].Subject.CommonName) == 0 { |
76 | 76 |
return nil, false, nil |
77 | 77 |
} |
78 |
- return &api.DefaultUserInfo{Name: chain[0].Subject.CommonName}, true, nil |
|
78 |
+ return &user.DefaultInfo{Name: chain[0].Subject.CommonName}, true, nil |
|
79 | 79 |
}) |
80 | 80 |
|
81 | 81 |
// DNSNameUserConversion builds user info from a certificate chain using the first DNSName on the certificate |
82 |
-var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) { |
|
82 |
+var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { |
|
83 | 83 |
if len(chain[0].DNSNames) == 0 { |
84 | 84 |
return nil, false, nil |
85 | 85 |
} |
86 |
- return &api.DefaultUserInfo{Name: chain[0].DNSNames[0]}, true, nil |
|
86 |
+ return &user.DefaultInfo{Name: chain[0].DNSNames[0]}, true, nil |
|
87 | 87 |
}) |
88 | 88 |
|
89 | 89 |
// EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate |
90 |
-var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) { |
|
90 |
+var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { |
|
91 | 91 |
if len(chain[0].EmailAddresses) == 0 { |
92 | 92 |
return nil, false, nil |
93 | 93 |
} |
94 |
- return &api.DefaultUserInfo{Name: chain[0].EmailAddresses[0]}, true, nil |
|
94 |
+ return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil |
|
95 | 95 |
}) |
... | ... |
@@ -9,7 +9,7 @@ import ( |
9 | 9 |
"testing" |
10 | 10 |
"time" |
11 | 11 |
|
12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
13 | 13 |
) |
14 | 14 |
|
15 | 15 |
const ( |
... | ... |
@@ -452,7 +452,7 @@ func TestX509(t *testing.T) { |
452 | 452 |
"custom conversion error": { |
453 | 453 |
Opts: getDefaultVerifyOptions(t), |
454 | 454 |
Certs: getCerts(t, clientCNCert), |
455 |
- User: UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) { |
|
455 |
+ User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { |
|
456 | 456 |
return nil, false, errors.New("custom error") |
457 | 457 |
}), |
458 | 458 |
|
... | ... |
@@ -462,8 +462,8 @@ func TestX509(t *testing.T) { |
462 | 462 |
"custom conversion success": { |
463 | 463 |
Opts: getDefaultVerifyOptions(t), |
464 | 464 |
Certs: getCerts(t, clientCNCert), |
465 |
- User: UserConversionFunc(func(chain []*x509.Certificate) (api.UserInfo, bool, error) { |
|
466 |
- return &api.DefaultUserInfo{Name: "custom"}, true, nil |
|
465 |
+ User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { |
|
466 |
+ return &user.DefaultInfo{Name: "custom"}, true, nil |
|
467 | 467 |
}), |
468 | 468 |
|
469 | 469 |
ExpectUserName: "custom", |
... | ... |
@@ -6,12 +6,12 @@ import ( |
6 | 6 |
"io" |
7 | 7 |
"os" |
8 | 8 |
|
9 |
- "github.com/openshift/origin/pkg/auth/api" |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
10 | 10 |
) |
11 | 11 |
|
12 | 12 |
type TokenAuthenticator struct { |
13 | 13 |
path string |
14 |
- tokens map[string]*api.DefaultUserInfo |
|
14 |
+ tokens map[string]*user.DefaultInfo |
|
15 | 15 |
} |
16 | 16 |
|
17 | 17 |
func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) { |
... | ... |
@@ -21,7 +21,7 @@ func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) { |
21 | 21 |
} |
22 | 22 |
defer file.Close() |
23 | 23 |
|
24 |
- tokens := make(map[string]*api.DefaultUserInfo) |
|
24 |
+ tokens := make(map[string]*user.DefaultInfo) |
|
25 | 25 |
reader := csv.NewReader(file) |
26 | 26 |
for { |
27 | 27 |
record, err := reader.Read() |
... | ... |
@@ -31,15 +31,14 @@ func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) { |
31 | 31 |
if err != nil { |
32 | 32 |
return nil, err |
33 | 33 |
} |
34 |
- if len(record) < 3 { |
|
34 |
+ if len(record) < 2 { |
|
35 | 35 |
continue |
36 | 36 |
} |
37 |
- obj := &api.DefaultUserInfo{ |
|
38 |
- Name: record[1], |
|
39 |
- Scope: record[2], |
|
37 |
+ obj := &user.DefaultInfo{ |
|
38 |
+ Name: record[1], |
|
40 | 39 |
} |
41 |
- if len(record) > 3 { |
|
42 |
- obj.UID = record[3] |
|
40 |
+ if len(record) > 2 { |
|
41 |
+ obj.UID = record[2] |
|
43 | 42 |
} |
44 | 43 |
tokens[record[0]] = obj |
45 | 44 |
} |
... | ... |
@@ -50,7 +49,7 @@ func NewTokenAuthenticator(path string) (*TokenAuthenticator, error) { |
50 | 50 |
}, nil |
51 | 51 |
} |
52 | 52 |
|
53 |
-func (a *TokenAuthenticator) AuthenticateToken(value string) (api.UserInfo, bool, error) { |
|
53 |
+func (a *TokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) { |
|
54 | 54 |
user, ok := a.tokens[value] |
55 | 55 |
if !ok { |
56 | 56 |
return nil, false, errors.New("Invalid token") |
... | ... |
@@ -3,7 +3,7 @@ package group |
3 | 3 |
import ( |
4 | 4 |
"net/http" |
5 | 5 |
|
6 |
- "github.com/openshift/origin/pkg/auth/api" |
|
6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
7 | 7 |
"github.com/openshift/origin/pkg/auth/authenticator" |
8 | 8 |
) |
9 | 9 |
|
... | ... |
@@ -13,17 +13,15 @@ type GroupAdder struct { |
13 | 13 |
Groups []string |
14 | 14 |
} |
15 | 15 |
|
16 |
-func (g *GroupAdder) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
17 |
- user, ok, err := g.Authenticator.AuthenticateRequest(req) |
|
16 |
+func (g *GroupAdder) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
17 |
+ u, ok, err := g.Authenticator.AuthenticateRequest(req) |
|
18 | 18 |
if err != nil || !ok { |
19 | 19 |
return nil, ok, err |
20 | 20 |
} |
21 |
- return &api.DefaultUserInfo{ |
|
22 |
- Name: user.GetName(), |
|
23 |
- UID: user.GetUID(), |
|
24 |
- Groups: append(user.GetGroups(), g.Groups...), |
|
25 |
- Scope: user.GetScope(), |
|
26 |
- Extra: user.GetExtra(), |
|
21 |
+ return &user.DefaultInfo{ |
|
22 |
+ Name: u.GetName(), |
|
23 |
+ UID: u.GetUID(), |
|
24 |
+ Groups: append(u.GetGroups(), g.Groups...), |
|
27 | 25 |
}, true, nil |
28 | 26 |
} |
29 | 27 |
|
... | ... |
@@ -5,15 +5,15 @@ import ( |
5 | 5 |
"reflect" |
6 | 6 |
"testing" |
7 | 7 |
|
8 |
- "github.com/openshift/origin/pkg/auth/api" |
|
8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
9 | 9 |
"github.com/openshift/origin/pkg/auth/authenticator" |
10 | 10 |
) |
11 | 11 |
|
12 | 12 |
func TestGroupAdder(t *testing.T) { |
13 | 13 |
adder := authenticator.Request( |
14 | 14 |
NewGroupAdder( |
15 |
- authenticator.RequestFunc(func(req *http.Request) (api.UserInfo, bool, error) { |
|
16 |
- return &api.DefaultUserInfo{Name: "user", Groups: []string{"original"}}, true, nil |
|
15 |
+ authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) { |
|
16 |
+ return &user.DefaultInfo{Name: "user", Groups: []string{"original"}}, true, nil |
|
17 | 17 |
}), |
18 | 18 |
[]string{"added"}, |
19 | 19 |
), |
... | ... |
@@ -6,10 +6,10 @@ import ( |
6 | 6 |
"net/http" |
7 | 7 |
"net/url" |
8 | 8 |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
9 | 10 |
"github.com/RangelReale/osincli" |
10 | 11 |
"github.com/golang/glog" |
11 | 12 |
|
12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
13 | 13 |
authapi "github.com/openshift/origin/pkg/auth/api" |
14 | 14 |
"github.com/openshift/origin/pkg/auth/oauth/handlers" |
15 | 15 |
) |
... | ... |
@@ -168,7 +168,7 @@ func (defaultState) Check(state string, w http.ResponseWriter, req *http.Request |
168 | 168 |
return true, nil |
169 | 169 |
} |
170 | 170 |
|
171 |
-func (defaultState) AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
171 |
+func (defaultState) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
172 | 172 |
values, err := url.ParseQuery(state) |
173 | 173 |
if err != nil { |
174 | 174 |
return false, err |
... | ... |
@@ -6,6 +6,7 @@ import ( |
6 | 6 |
"github.com/RangelReale/osin" |
7 | 7 |
"github.com/golang/glog" |
8 | 8 |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
9 | 10 |
"github.com/openshift/origin/pkg/auth/api" |
10 | 11 |
"github.com/openshift/origin/pkg/auth/authenticator" |
11 | 12 |
) |
... | ... |
@@ -53,7 +54,7 @@ func NewAccessAuthenticator(password authenticator.Password, assertion authentic |
53 | 53 |
// HandleAccess implements osinserver.AccessHandler |
54 | 54 |
func (h *AccessAuthenticator) HandleAccess(ar *osin.AccessRequest, w http.ResponseWriter) error { |
55 | 55 |
var ( |
56 |
- info api.UserInfo |
|
56 |
+ info user.Info |
|
57 | 57 |
ok bool |
58 | 58 |
err error |
59 | 59 |
) |
... | ... |
@@ -103,16 +104,16 @@ type fixedAuthenticator struct { |
103 | 103 |
} |
104 | 104 |
|
105 | 105 |
// AuthenticatePassword implements authenticator.Password |
106 |
-func (f *fixedAuthenticator) AuthenticatePassword(user, password string) (api.UserInfo, bool, error) { |
|
106 |
+func (f *fixedAuthenticator) AuthenticatePassword(user, password string) (user.Info, bool, error) { |
|
107 | 107 |
return nil, f.allow, nil |
108 | 108 |
} |
109 | 109 |
|
110 | 110 |
// AuthenticateAssertion implements authenticator.Assertion |
111 |
-func (f *fixedAuthenticator) AuthenticateAssertion(assertionType, data string) (api.UserInfo, bool, error) { |
|
111 |
+func (f *fixedAuthenticator) AuthenticateAssertion(assertionType, data string) (user.Info, bool, error) { |
|
112 | 112 |
return nil, f.allow, nil |
113 | 113 |
} |
114 | 114 |
|
115 | 115 |
// AuthenticateClient implements authenticator.Client |
116 |
-func (f *fixedAuthenticator) AuthenticateClient(client api.Client) (api.UserInfo, bool, error) { |
|
116 |
+func (f *fixedAuthenticator) AuthenticateClient(client api.Client) (user.Info, bool, error) { |
|
117 | 117 |
return nil, f.allow, nil |
118 | 118 |
} |
... | ... |
@@ -5,6 +5,7 @@ import ( |
5 | 5 |
|
6 | 6 |
"github.com/golang/glog" |
7 | 7 |
|
8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 9 |
authapi "github.com/openshift/origin/pkg/auth/api" |
9 | 10 |
) |
10 | 11 |
|
... | ... |
@@ -16,7 +17,7 @@ func (EmptyAuth) AuthenticationNeeded(client authapi.Client, w http.ResponseWrit |
16 | 16 |
|
17 | 17 |
type EmptySuccess struct{} |
18 | 18 |
|
19 |
-func (EmptySuccess) AuthenticationSucceeded(user authapi.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
19 |
+func (EmptySuccess) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
20 | 20 |
glog.V(4).Infof("AuthenticationSucceeded: %v (state=%s)", user, state) |
21 | 21 |
return false, nil |
22 | 22 |
} |
... | ... |
@@ -8,6 +8,7 @@ import ( |
8 | 8 |
"github.com/RangelReale/osin" |
9 | 9 |
"github.com/golang/glog" |
10 | 10 |
|
11 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
11 | 12 |
"github.com/openshift/origin/pkg/auth/api" |
12 | 13 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
13 | 14 |
"github.com/openshift/origin/pkg/oauth/registry/clientauthorization" |
... | ... |
@@ -41,9 +42,9 @@ func (h *GrantCheck) HandleAuthorize(ar *osin.AuthorizeRequest, w http.ResponseW |
41 | 41 |
// Reset request to unauthorized until we verify the grant |
42 | 42 |
ar.Authorized = false |
43 | 43 |
|
44 |
- user, ok := ar.UserData.(api.UserInfo) |
|
44 |
+ user, ok := ar.UserData.(user.Info) |
|
45 | 45 |
if !ok || user == nil { |
46 |
- return h.errorHandler.GrantError(errors.New("the provided user data is not api.UserInfo"), w, ar.HttpRequest) |
|
46 |
+ return h.errorHandler.GrantError(errors.New("the provided user data is not user.Info"), w, ar.HttpRequest) |
|
47 | 47 |
} |
48 | 48 |
|
49 | 49 |
grant := &api.Grant{ |
... | ... |
@@ -75,7 +76,7 @@ func NewEmptyGrant() GrantHandler { |
75 | 75 |
} |
76 | 76 |
|
77 | 77 |
// GrantNeeded implements the GrantHandler interface |
78 |
-func (emptyGrant) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
78 |
+func (emptyGrant) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
79 | 79 |
return false, nil |
80 | 80 |
} |
81 | 81 |
|
... | ... |
@@ -90,7 +91,7 @@ func NewAutoGrant(authregistry clientauthorization.Registry) GrantHandler { |
90 | 90 |
} |
91 | 91 |
|
92 | 92 |
// GrantNeeded implements the GrantHandler interface |
93 |
-func (g *autoGrant) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
93 |
+func (g *autoGrant) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
94 | 94 |
clientAuthID := g.authregistry.ClientAuthorizationName(user.GetName(), grant.Client.GetId()) |
95 | 95 |
clientAuth, err := g.authregistry.GetClientAuthorization(clientAuthID) |
96 | 96 |
if err == nil { |
... | ... |
@@ -142,7 +143,7 @@ func NewRedirectGrant(url string) GrantHandler { |
142 | 142 |
} |
143 | 143 |
|
144 | 144 |
// GrantNeeded implements the GrantHandler interface |
145 |
-func (g *redirectGrant) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
145 |
+func (g *redirectGrant) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
146 | 146 |
// If the current request has an error=grant_denied parameter, the user denied the grant |
147 | 147 |
if err := req.FormValue("error"); err == GrantDeniedError { |
148 | 148 |
return false, nil |
... | ... |
@@ -3,6 +3,7 @@ package handlers |
3 | 3 |
import ( |
4 | 4 |
"net/http" |
5 | 5 |
|
6 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
6 | 7 |
"github.com/openshift/origin/pkg/auth/api" |
7 | 8 |
) |
8 | 9 |
|
... | ... |
@@ -35,19 +36,19 @@ type AuthenticationErrorHandler interface { |
35 | 35 |
type AuthenticationSuccessHandler interface { |
36 | 36 |
// AuthenticationSucceeded reacts to a user authenticating, returns true if the response was written, |
37 | 37 |
// and returns false if the response was not written. |
38 |
- AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) |
|
38 |
+ AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) |
|
39 | 39 |
} |
40 | 40 |
|
41 | 41 |
// GrantChecker is responsible for determining if a user has authorized a client for a requested grant |
42 | 42 |
type GrantChecker interface { |
43 | 43 |
// HasAuthorizedClient returns true if the user has authorized the client for the requested grant |
44 |
- HasAuthorizedClient(user api.UserInfo, grant *api.Grant) (bool, error) |
|
44 |
+ HasAuthorizedClient(user user.Info, grant *api.Grant) (bool, error) |
|
45 | 45 |
} |
46 | 46 |
|
47 | 47 |
// GrantHandler handles errors during the grant process, or the client requests an unauthorized grant |
48 | 48 |
type GrantHandler interface { |
49 | 49 |
// GrantNeeded reacts when a client requests an unauthorized grant, and returns true if the response was written |
50 |
- GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (handled bool, err error) |
|
50 |
+ GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (handled bool, err error) |
|
51 | 51 |
} |
52 | 52 |
|
53 | 53 |
// GrantErrorHandler reacts to grant errors |
... | ... |
@@ -62,7 +63,7 @@ type GrantErrorHandler interface { |
62 | 62 |
// the chain is aborted. |
63 | 63 |
type AuthenticationSuccessHandlers []AuthenticationSuccessHandler |
64 | 64 |
|
65 |
-func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
65 |
+func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
66 | 66 |
for _, h := range all { |
67 | 67 |
if handled, err := h.AuthenticationSucceeded(user, state, w, req); handled || err != nil { |
68 | 68 |
return handled, err |
... | ... |
@@ -5,6 +5,7 @@ import ( |
5 | 5 |
|
6 | 6 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors" |
7 | 7 |
|
8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 9 |
"github.com/openshift/origin/pkg/auth/api" |
9 | 10 |
"github.com/openshift/origin/pkg/oauth/registry/clientauthorization" |
10 | 11 |
"github.com/openshift/origin/pkg/oauth/scope" |
... | ... |
@@ -18,7 +19,7 @@ func NewClientAuthorizationGrantChecker(registry clientauthorization.Registry) * |
18 | 18 |
return &ClientAuthorizationGrantChecker{registry} |
19 | 19 |
} |
20 | 20 |
|
21 |
-func (c *ClientAuthorizationGrantChecker) HasAuthorizedClient(user api.UserInfo, grant *api.Grant) (approved bool, err error) { |
|
21 |
+func (c *ClientAuthorizationGrantChecker) HasAuthorizedClient(user user.Info, grant *api.Grant) (approved bool, err error) { |
|
22 | 22 |
id := c.registry.ClientAuthorizationName(user.GetName(), grant.Client.GetId()) |
23 | 23 |
authorization, err := c.registry.GetClientAuthorization(id) |
24 | 24 |
if errors.IsNotFound(err) { |
... | ... |
@@ -12,6 +12,7 @@ import ( |
12 | 12 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/util" |
13 | 13 |
"github.com/RangelReale/osincli" |
14 | 14 |
|
15 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
15 | 16 |
"github.com/openshift/origin/pkg/auth/api" |
16 | 17 |
"github.com/openshift/origin/pkg/auth/oauth/handlers" |
17 | 18 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
... | ... |
@@ -21,7 +22,7 @@ import ( |
21 | 21 |
) |
22 | 22 |
|
23 | 23 |
type testHandlers struct { |
24 |
- User api.UserInfo |
|
24 |
+ User user.Info |
|
25 | 25 |
Authenticate bool |
26 | 26 |
Err error |
27 | 27 |
AuthNeed bool |
... | ... |
@@ -48,11 +49,11 @@ func (h *testHandlers) AuthenticationError(err error, w http.ResponseWriter, req |
48 | 48 |
return true, nil |
49 | 49 |
} |
50 | 50 |
|
51 |
-func (h *testHandlers) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
51 |
+func (h *testHandlers) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
52 | 52 |
return h.User, h.Authenticate, h.Err |
53 | 53 |
} |
54 | 54 |
|
55 |
-func (h *testHandlers) GrantNeeded(user api.UserInfo, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
55 |
+func (h *testHandlers) GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
56 | 56 |
h.GrantNeed = true |
57 | 57 |
return h.GrantNeedHandled, h.GrantNeedErr |
58 | 58 |
} |
... | ... |
@@ -86,7 +87,7 @@ func TestRegistryAndServer(t *testing.T) { |
86 | 86 |
Client *oapi.OAuthClient |
87 | 87 |
ClientAuth *oapi.OAuthClientAuthorization |
88 | 88 |
AuthSuccess bool |
89 |
- AuthUser api.UserInfo |
|
89 |
+ AuthUser user.Info |
|
90 | 90 |
Scope string |
91 | 91 |
Check func(*testHandlers, *http.Request) |
92 | 92 |
}{ |
... | ... |
@@ -101,7 +102,7 @@ func TestRegistryAndServer(t *testing.T) { |
101 | 101 |
"needs grant": { |
102 | 102 |
Client: validClient, |
103 | 103 |
AuthSuccess: true, |
104 |
- AuthUser: &api.DefaultUserInfo{ |
|
104 |
+ AuthUser: &user.DefaultInfo{ |
|
105 | 105 |
Name: "user", |
106 | 106 |
}, |
107 | 107 |
Check: func(h *testHandlers, _ *http.Request) { |
... | ... |
@@ -113,7 +114,7 @@ func TestRegistryAndServer(t *testing.T) { |
113 | 113 |
"has non covered grant": { |
114 | 114 |
Client: validClient, |
115 | 115 |
AuthSuccess: true, |
116 |
- AuthUser: &api.DefaultUserInfo{ |
|
116 |
+ AuthUser: &user.DefaultInfo{ |
|
117 | 117 |
Name: "user", |
118 | 118 |
}, |
119 | 119 |
ClientAuth: &oapi.OAuthClientAuthorization{ |
... | ... |
@@ -131,7 +132,7 @@ func TestRegistryAndServer(t *testing.T) { |
131 | 131 |
"has covered grant": { |
132 | 132 |
Client: validClient, |
133 | 133 |
AuthSuccess: true, |
134 |
- AuthUser: &api.DefaultUserInfo{ |
|
134 |
+ AuthUser: &user.DefaultInfo{ |
|
135 | 135 |
Name: "user", |
136 | 136 |
}, |
137 | 137 |
ClientAuth: &oapi.OAuthClientAuthorization{ |
... | ... |
@@ -149,7 +150,7 @@ func TestRegistryAndServer(t *testing.T) { |
149 | 149 |
"has auth and grant": { |
150 | 150 |
Client: validClient, |
151 | 151 |
AuthSuccess: true, |
152 |
- AuthUser: &api.DefaultUserInfo{ |
|
152 |
+ AuthUser: &user.DefaultInfo{ |
|
153 | 153 |
Name: "user", |
154 | 154 |
}, |
155 | 155 |
ClientAuth: validClientAuth, |
... | ... |
@@ -4,9 +4,8 @@ import ( |
4 | 4 |
"errors" |
5 | 5 |
"time" |
6 | 6 |
|
7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 8 |
"github.com/openshift/origin/pkg/oauth/registry/accesstoken" |
9 |
- "github.com/openshift/origin/pkg/oauth/scope" |
|
10 | 9 |
) |
11 | 10 |
|
12 | 11 |
type TokenAuthenticator struct { |
... | ... |
@@ -21,7 +20,7 @@ func NewTokenAuthenticator(registry accesstoken.Registry) *TokenAuthenticator { |
21 | 21 |
} |
22 | 22 |
} |
23 | 23 |
|
24 |
-func (a *TokenAuthenticator) AuthenticateToken(value string) (api.UserInfo, bool, error) { |
|
24 |
+func (a *TokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) { |
|
25 | 25 |
token, err := a.registry.GetAccessToken(value) |
26 | 26 |
if err != nil { |
27 | 27 |
return nil, false, err |
... | ... |
@@ -29,9 +28,8 @@ func (a *TokenAuthenticator) AuthenticateToken(value string) (api.UserInfo, bool |
29 | 29 |
if token.CreationTimestamp.Time.Add(time.Duration(token.ExpiresIn) * time.Second).Before(time.Now()) { |
30 | 30 |
return nil, false, ErrExpired |
31 | 31 |
} |
32 |
- return &api.DefaultUserInfo{ |
|
33 |
- Name: token.UserName, |
|
34 |
- UID: token.UserUID, |
|
35 |
- Scope: scope.Join(token.Scopes), |
|
32 |
+ return &user.DefaultInfo{ |
|
33 |
+ Name: token.UserName, |
|
34 |
+ UID: token.UserUID, |
|
36 | 35 |
}, true, nil |
37 | 36 |
} |
... | ... |
@@ -3,23 +3,23 @@ package registry |
3 | 3 |
import ( |
4 | 4 |
"errors" |
5 | 5 |
|
6 |
- "github.com/openshift/origin/pkg/auth/api" |
|
6 |
+ kuser "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
7 | 7 |
|
8 | 8 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
9 | 9 |
) |
10 | 10 |
|
11 | 11 |
type UserConversion struct{} |
12 | 12 |
|
13 |
-// NewUserConversion creates an object that can convert the UserInfo object to and from |
|
13 |
+// NewUserConversion creates an object that can convert the user.Info object to and from |
|
14 | 14 |
// an oauth access/authorize token object. |
15 | 15 |
func NewUserConversion() *UserConversion { |
16 | 16 |
return &UserConversion{} |
17 | 17 |
} |
18 | 18 |
|
19 | 19 |
func (s *UserConversion) ConvertToAuthorizeToken(user interface{}, token *oapi.OAuthAuthorizeToken) error { |
20 |
- info, ok := user.(api.UserInfo) |
|
20 |
+ info, ok := user.(kuser.Info) |
|
21 | 21 |
if !ok { |
22 |
- return errors.New("did not receive UserInfo") |
|
22 |
+ return errors.New("did not receive user.Info") |
|
23 | 23 |
} |
24 | 24 |
token.UserName = info.GetName() |
25 | 25 |
if token.UserName == "" { |
... | ... |
@@ -30,9 +30,9 @@ func (s *UserConversion) ConvertToAuthorizeToken(user interface{}, token *oapi.O |
30 | 30 |
} |
31 | 31 |
|
32 | 32 |
func (s *UserConversion) ConvertToAccessToken(user interface{}, token *oapi.OAuthAccessToken) error { |
33 |
- info, ok := user.(api.UserInfo) |
|
33 |
+ info, ok := user.(kuser.Info) |
|
34 | 34 |
if !ok { |
35 |
- return errors.New("did not receive UserInfo") |
|
35 |
+ return errors.New("did not receive user.Info") |
|
36 | 36 |
} |
37 | 37 |
token.UserName = info.GetName() |
38 | 38 |
if token.UserName == "" { |
... | ... |
@@ -46,7 +46,7 @@ func (s *UserConversion) ConvertFromAuthorizeToken(token *oapi.OAuthAuthorizeTok |
46 | 46 |
if token.UserName == "" { |
47 | 47 |
return nil, errors.New("token has no user name stored") |
48 | 48 |
} |
49 |
- return &api.DefaultUserInfo{ |
|
49 |
+ return &kuser.DefaultInfo{ |
|
50 | 50 |
Name: token.UserName, |
51 | 51 |
UID: token.UserUID, |
52 | 52 |
}, nil |
... | ... |
@@ -56,7 +56,7 @@ func (s *UserConversion) ConvertFromAccessToken(token *oapi.OAuthAccessToken) (i |
56 | 56 |
if token.UserName == "" { |
57 | 57 |
return nil, errors.New("token has no user name stored") |
58 | 58 |
} |
59 |
- return &api.DefaultUserInfo{ |
|
59 |
+ return &kuser.DefaultInfo{ |
|
60 | 60 |
Name: token.UserName, |
61 | 61 |
UID: token.UserUID, |
62 | 62 |
}, nil |
... | ... |
@@ -6,8 +6,8 @@ import ( |
6 | 6 |
"net/url" |
7 | 7 |
"strings" |
8 | 8 |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
9 | 10 |
"github.com/golang/glog" |
10 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
11 | 11 |
"github.com/openshift/origin/pkg/auth/authenticator" |
12 | 12 |
ohandlers "github.com/openshift/origin/pkg/auth/oauth/handlers" |
13 | 13 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
... | ... |
@@ -102,7 +102,7 @@ func (l *Grant) ServeHTTP(w http.ResponseWriter, req *http.Request) { |
102 | 102 |
} |
103 | 103 |
} |
104 | 104 |
|
105 |
-func (l *Grant) handleForm(user authapi.UserInfo, w http.ResponseWriter, req *http.Request) { |
|
105 |
+func (l *Grant) handleForm(user user.Info, w http.ResponseWriter, req *http.Request) { |
|
106 | 106 |
q := req.URL.Query() |
107 | 107 |
then := q.Get("then") |
108 | 108 |
clientID := q.Get("client_id") |
... | ... |
@@ -152,7 +152,7 @@ func (l *Grant) handleForm(user authapi.UserInfo, w http.ResponseWriter, req *ht |
152 | 152 |
l.render.Render(form, w, req) |
153 | 153 |
} |
154 | 154 |
|
155 |
-func (l *Grant) handleGrant(user authapi.UserInfo, w http.ResponseWriter, req *http.Request) { |
|
155 |
+func (l *Grant) handleGrant(user user.Info, w http.ResponseWriter, req *http.Request) { |
|
156 | 156 |
if ok, err := l.csrf.Check(req, req.FormValue("csrf")); !ok || err != nil { |
157 | 157 |
glog.Errorf("Unable to check CSRF token: %v", err) |
158 | 158 |
l.failed("Invalid CSRF token", w, req) |
... | ... |
@@ -11,25 +11,25 @@ import ( |
11 | 11 |
"testing" |
12 | 12 |
|
13 | 13 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
14 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
14 | 15 |
|
15 |
- "github.com/openshift/origin/pkg/auth/api" |
|
16 | 16 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
17 | 17 |
oapi "github.com/openshift/origin/pkg/oauth/api" |
18 | 18 |
"github.com/openshift/origin/pkg/oauth/registry/test" |
19 | 19 |
) |
20 | 20 |
|
21 | 21 |
type testAuth struct { |
22 |
- User api.UserInfo |
|
22 |
+ User user.Info |
|
23 | 23 |
Success bool |
24 | 24 |
Err error |
25 | 25 |
} |
26 | 26 |
|
27 |
-func (t *testAuth) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
27 |
+func (t *testAuth) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
28 | 28 |
return t.User, t.Success, t.Err |
29 | 29 |
} |
30 | 30 |
|
31 | 31 |
func goodAuth(username string) *testAuth { |
32 |
- return &testAuth{Success: true, User: &api.DefaultUserInfo{Name: username}} |
|
32 |
+ return &testAuth{Success: true, User: &user.DefaultInfo{Name: username}} |
|
33 | 33 |
} |
34 | 34 |
func badAuth(err error) *testAuth { |
35 | 35 |
return &testAuth{Success: false, User: nil, Err: err} |
... | ... |
@@ -6,7 +6,7 @@ import ( |
6 | 6 |
|
7 | 7 |
"github.com/golang/glog" |
8 | 8 |
|
9 |
- "github.com/openshift/origin/pkg/auth/api" |
|
9 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
10 | 10 |
"github.com/openshift/origin/pkg/auth/authenticator" |
11 | 11 |
"github.com/openshift/origin/pkg/auth/oauth/handlers" |
12 | 12 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
... | ... |
@@ -24,7 +24,7 @@ type ConfirmFormRenderer interface { |
24 | 24 |
type ConfirmForm struct { |
25 | 25 |
Action string |
26 | 26 |
Error string |
27 |
- User api.UserInfo |
|
27 |
+ User user.Info |
|
28 | 28 |
Values ConfirmFormValues |
29 | 29 |
} |
30 | 30 |
|
... | ... |
@@ -9,25 +9,26 @@ import ( |
9 | 9 |
"strings" |
10 | 10 |
"testing" |
11 | 11 |
|
12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
13 |
+ |
|
13 | 14 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
14 | 15 |
) |
15 | 16 |
|
16 | 17 |
type testImplicit struct { |
17 | 18 |
Request *http.Request |
18 |
- User api.UserInfo |
|
19 |
+ User user.Info |
|
19 | 20 |
Success bool |
20 | 21 |
Err error |
21 | 22 |
Then string |
22 | 23 |
Called bool |
23 | 24 |
} |
24 | 25 |
|
25 |
-func (t *testImplicit) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
26 |
+func (t *testImplicit) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
26 | 27 |
t.Request = req |
27 | 28 |
return t.User, t.Success, t.Err |
28 | 29 |
} |
29 | 30 |
|
30 |
-func (t *testImplicit) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
31 |
+func (t *testImplicit) AuthenticationSucceeded(user user.Info, then string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
31 | 32 |
t.Called = true |
32 | 33 |
t.User = user |
33 | 34 |
t.Then = then |
... | ... |
@@ -48,7 +49,7 @@ func TestImplicit(t *testing.T) { |
48 | 48 |
}{ |
49 | 49 |
"display confirm form": { |
50 | 50 |
CSRF: &csrf.FakeCSRF{"test", nil}, |
51 |
- Implicit: &testImplicit{Success: true, User: &api.DefaultUserInfo{Name: "user"}}, |
|
51 |
+ Implicit: &testImplicit{Success: true, User: &user.DefaultInfo{Name: "user"}}, |
|
52 | 52 |
Path: "/login", |
53 | 53 |
ExpectContains: []string{ |
54 | 54 |
`action="/login"`, |
... | ... |
@@ -57,14 +58,14 @@ func TestImplicit(t *testing.T) { |
57 | 57 |
}, |
58 | 58 |
"successful POST redirects": { |
59 | 59 |
CSRF: &csrf.FakeCSRF{"test", nil}, |
60 |
- Implicit: &testImplicit{Success: true, User: &api.DefaultUserInfo{Name: "user"}}, |
|
60 |
+ Implicit: &testImplicit{Success: true, User: &user.DefaultInfo{Name: "user"}}, |
|
61 | 61 |
Path: "/login?then=%2Ffoo", |
62 | 62 |
PostValues: url.Values{"csrf": []string{"test"}}, |
63 | 63 |
ExpectThen: "/foo", |
64 | 64 |
}, |
65 | 65 |
"redirect when POST fails CSRF": { |
66 | 66 |
CSRF: &csrf.FakeCSRF{"test", nil}, |
67 |
- Implicit: &testImplicit{Success: true, User: &api.DefaultUserInfo{Name: "user"}}, |
|
67 |
+ Implicit: &testImplicit{Success: true, User: &user.DefaultInfo{Name: "user"}}, |
|
68 | 68 |
Path: "/login", |
69 | 69 |
PostValues: url.Values{"csrf": []string{"wrong"}}, |
70 | 70 |
ExpectRedirect: "/login?reason=token+expired", |
... | ... |
@@ -9,27 +9,28 @@ import ( |
9 | 9 |
"strings" |
10 | 10 |
"testing" |
11 | 11 |
|
12 |
- "github.com/openshift/origin/pkg/auth/api" |
|
12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
13 |
+ |
|
13 | 14 |
"github.com/openshift/origin/pkg/auth/server/csrf" |
14 | 15 |
) |
15 | 16 |
|
16 | 17 |
type testAuth struct { |
17 | 18 |
Username string |
18 | 19 |
Password string |
19 |
- User api.UserInfo |
|
20 |
+ User user.Info |
|
20 | 21 |
Success bool |
21 | 22 |
Err error |
22 | 23 |
Then string |
23 | 24 |
Called bool |
24 | 25 |
} |
25 | 26 |
|
26 |
-func (t *testAuth) AuthenticatePassword(user, password string) (api.UserInfo, bool, error) { |
|
27 |
+func (t *testAuth) AuthenticatePassword(user, password string) (user.Info, bool, error) { |
|
27 | 28 |
t.Username = user |
28 | 29 |
t.Password = password |
29 | 30 |
return t.User, t.Success, t.Err |
30 | 31 |
} |
31 | 32 |
|
32 |
-func (t *testAuth) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
33 |
+func (t *testAuth) AuthenticationSucceeded(user user.Info, then string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
33 | 34 |
t.Called = true |
34 | 35 |
t.User = user |
35 | 36 |
t.Then = then |
... | ... |
@@ -128,7 +129,7 @@ func TestLogin(t *testing.T) { |
128 | 128 |
}, |
129 | 129 |
"login successful": { |
130 | 130 |
CSRF: &csrf.FakeCSRF{Token: "test"}, |
131 |
- Auth: &testAuth{Success: true, User: &api.DefaultUserInfo{Name: "user"}}, |
|
131 |
+ Auth: &testAuth{Success: true, User: &user.DefaultInfo{Name: "user"}}, |
|
132 | 132 |
Path: "/login?then=done", |
133 | 133 |
PostValues: url.Values{ |
134 | 134 |
"csrf": []string{"test"}, |
... | ... |
@@ -4,7 +4,7 @@ import ( |
4 | 4 |
"errors" |
5 | 5 |
"net/http" |
6 | 6 |
|
7 |
- "github.com/openshift/origin/pkg/auth/api" |
|
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 8 |
) |
9 | 9 |
|
10 | 10 |
const UserNameKey = "user.name" |
... | ... |
@@ -22,7 +22,7 @@ func NewAuthenticator(store Store, name string) *Authenticator { |
22 | 22 |
} |
23 | 23 |
} |
24 | 24 |
|
25 |
-func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bool, error) { |
|
25 |
+func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
|
26 | 26 |
session, err := a.store.Get(req, a.name) |
27 | 27 |
if err != nil { |
28 | 28 |
return nil, false, err |
... | ... |
@@ -50,13 +50,13 @@ func (a *Authenticator) AuthenticateRequest(req *http.Request) (api.UserInfo, bo |
50 | 50 |
} |
51 | 51 |
// Tolerate empty string UIDs in the session |
52 | 52 |
|
53 |
- return &api.DefaultUserInfo{ |
|
53 |
+ return &user.DefaultInfo{ |
|
54 | 54 |
Name: name, |
55 | 55 |
UID: uid, |
56 | 56 |
}, true, nil |
57 | 57 |
} |
58 | 58 |
|
59 |
-func (a *Authenticator) AuthenticationSucceeded(user api.UserInfo, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
59 |
+func (a *Authenticator) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
60 | 60 |
session, err := a.store.Get(req, a.name) |
61 | 61 |
if err != nil { |
62 | 62 |
return false, err |
... | ... |
@@ -1,6 +1,7 @@ |
1 | 1 |
package identitymapper |
2 | 2 |
|
3 | 3 |
import ( |
4 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
4 | 5 |
authapi "github.com/openshift/origin/pkg/auth/api" |
5 | 6 |
userapi "github.com/openshift/origin/pkg/user/api" |
6 | 7 |
uimap "github.com/openshift/origin/pkg/user/registry/useridentitymapping" |
... | ... |
@@ -17,7 +18,7 @@ func NewAlwaysCreateUserIdentityToUserMapper(providerID string, userIdentityRegi |
17 | 17 |
} |
18 | 18 |
|
19 | 19 |
// UserFor returns info about the user for whom identity info have been provided |
20 |
-func (p *alwaysCreateUserIdentityToUserMapper) UserFor(identityInfo authapi.UserIdentityInfo) (authapi.UserInfo, error) { |
|
20 |
+func (p *alwaysCreateUserIdentityToUserMapper) UserFor(identityInfo authapi.UserIdentityInfo) (user.Info, error) { |
|
21 | 21 |
userIdentityMapping := &userapi.UserIdentityMapping{ |
22 | 22 |
Identity: userapi.Identity{ |
23 | 23 |
Provider: p.providerID, // Provider id is imposed |
... | ... |
@@ -30,9 +31,8 @@ func (p *alwaysCreateUserIdentityToUserMapper) UserFor(identityInfo authapi.User |
30 | 30 |
return nil, err |
31 | 31 |
} |
32 | 32 |
|
33 |
- return &authapi.DefaultUserInfo{ |
|
34 |
- Name: authoritativeMapping.User.Name, |
|
35 |
- UID: string(authoritativeMapping.User.UID), |
|
36 |
- Extra: authoritativeMapping.Identity.Extra, |
|
33 |
+ return &user.DefaultInfo{ |
|
34 |
+ Name: authoritativeMapping.User.Name, |
|
35 |
+ UID: string(authoritativeMapping.User.UID), |
|
37 | 36 |
}, nil |
38 | 37 |
} |
... | ... |
@@ -7,10 +7,10 @@ import ( |
7 | 7 |
"strings" |
8 | 8 |
|
9 | 9 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
10 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
10 | 11 |
klabels "github.com/GoogleCloudPlatform/kubernetes/pkg/labels" |
11 | 12 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/util" |
12 | 13 |
|
13 |
- authenticationapi "github.com/openshift/origin/pkg/auth/api" |
|
14 | 14 |
authcontext "github.com/openshift/origin/pkg/auth/context" |
15 | 15 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
16 | 16 |
policyregistry "github.com/openshift/origin/pkg/authorization/registry/policy" |
... | ... |
@@ -26,7 +26,7 @@ type AuthorizationAttributeBuilder interface { |
26 | 26 |
} |
27 | 27 |
|
28 | 28 |
type AuthorizationAttributes interface { |
29 |
- GetUserInfo() authenticationapi.UserInfo |
|
29 |
+ GetUserInfo() user.Info |
|
30 | 30 |
GetVerb() string |
31 | 31 |
GetResource() string |
32 | 32 |
GetNamespace() string |
... | ... |
@@ -45,7 +45,7 @@ func NewAuthorizer(masterAuthorizationNamespace string, policyRuleBindingRegistr |
45 | 45 |
} |
46 | 46 |
|
47 | 47 |
type openshiftAuthorizationAttributes struct { |
48 |
- user authenticationapi.UserInfo |
|
48 |
+ user user.Info |
|
49 | 49 |
verb string |
50 | 50 |
resource string |
51 | 51 |
namespace string |
... | ... |
@@ -60,7 +60,7 @@ func NewAuthorizationAttributeBuilder(requestsToUsers *authcontext.RequestContex |
60 | 60 |
return &openshiftAuthorizationAttributeBuilder{requestsToUsers} |
61 | 61 |
} |
62 | 62 |
|
63 |
-func doesApplyToUser(ruleUsers, ruleGroups []string, user authenticationapi.UserInfo) bool { |
|
63 |
+func doesApplyToUser(ruleUsers, ruleGroups []string, user user.Info) bool { |
|
64 | 64 |
if contains(ruleUsers, user.GetName()) { |
65 | 65 |
return true |
66 | 66 |
} |
... | ... |
@@ -138,7 +138,7 @@ func (a *openshiftAuthorizer) getRole(roleBinding authorizationapi.RoleBinding) |
138 | 138 |
return &role, nil |
139 | 139 |
} |
140 | 140 |
|
141 |
-func (a *openshiftAuthorizer) getEffectivePolicyRules(namespace string, user authenticationapi.UserInfo) ([]authorizationapi.PolicyRule, error) { |
|
141 |
+func (a *openshiftAuthorizer) getEffectivePolicyRules(namespace string, user user.Info) ([]authorizationapi.PolicyRule, error) { |
|
142 | 142 |
roleBindings, err := a.getRoleBindings(namespace) |
143 | 143 |
if err != nil { |
144 | 144 |
return nil, err |
... | ... |
@@ -271,7 +271,7 @@ func (a openshiftAuthorizationAttributes) resourceMatches(resourceNames util.Str |
271 | 271 |
return resourceNames.Has(authorizationapi.ResourceAll) || resourceNames.Has(strings.ToLower(a.GetResource())) |
272 | 272 |
} |
273 | 273 |
|
274 |
-func (a openshiftAuthorizationAttributes) GetUserInfo() authenticationapi.UserInfo { |
|
274 |
+func (a openshiftAuthorizationAttributes) GetUserInfo() user.Info { |
|
275 | 275 |
return a.user |
276 | 276 |
} |
277 | 277 |
|
... | ... |
@@ -301,7 +301,7 @@ func (a *openshiftAuthorizationAttributeBuilder) GetAttributes(req *http.Request |
301 | 301 |
if !ok { |
302 | 302 |
return nil, errors.New("could not get user") |
303 | 303 |
} |
304 |
- userInfo, ok := userInterface.(authenticationapi.UserInfo) |
|
304 |
+ userInfo, ok := userInterface.(user.Info) |
|
305 | 305 |
if !ok { |
306 | 306 |
return nil, errors.New("wrong type returned for user") |
307 | 307 |
} |
... | ... |
@@ -5,8 +5,8 @@ import ( |
5 | 5 |
"testing" |
6 | 6 |
|
7 | 7 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
8 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
8 | 9 |
|
9 |
- authenticationapi "github.com/openshift/origin/pkg/auth/api" |
|
10 | 10 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
11 | 11 |
testpolicyregistry "github.com/openshift/origin/pkg/authorization/registry/test" |
12 | 12 |
) |
... | ... |
@@ -32,7 +32,7 @@ type authorizeTest struct { |
32 | 32 |
func TestAdminEditingGlobalDeploymentConfig(t *testing.T) { |
33 | 33 |
test := &authorizeTest{ |
34 | 34 |
attributes: &openshiftAuthorizationAttributes{ |
35 |
- user: &authenticationapi.DefaultUserInfo{ |
|
35 |
+ user: &user.DefaultInfo{ |
|
36 | 36 |
Name: "ClusterAdmin", |
37 | 37 |
}, |
38 | 38 |
verb: "update", |
... | ... |
@@ -49,7 +49,7 @@ func TestAdminEditingGlobalDeploymentConfig(t *testing.T) { |
49 | 49 |
func TestDisallowedViewingGlobalPods(t *testing.T) { |
50 | 50 |
test := &authorizeTest{ |
51 | 51 |
attributes: &openshiftAuthorizationAttributes{ |
52 |
- user: &authenticationapi.DefaultUserInfo{ |
|
52 |
+ user: &user.DefaultInfo{ |
|
53 | 53 |
Name: "SomeYahoo", |
54 | 54 |
}, |
55 | 55 |
verb: "get", |
... | ... |
@@ -66,7 +66,7 @@ func TestDisallowedViewingGlobalPods(t *testing.T) { |
66 | 66 |
func TestProjectAdminEditPolicy(t *testing.T) { |
67 | 67 |
test := &authorizeTest{ |
68 | 68 |
attributes: &openshiftAuthorizationAttributes{ |
69 |
- user: &authenticationapi.DefaultUserInfo{ |
|
69 |
+ user: &user.DefaultInfo{ |
|
70 | 70 |
Name: "Anna", |
71 | 71 |
}, |
72 | 72 |
verb: "update", |
... | ... |
@@ -84,7 +84,7 @@ func TestProjectAdminEditPolicy(t *testing.T) { |
84 | 84 |
func TestGlobalPolicyOutranksLocalPolicy(t *testing.T) { |
85 | 85 |
test := &authorizeTest{ |
86 | 86 |
attributes: &openshiftAuthorizationAttributes{ |
87 |
- user: &authenticationapi.DefaultUserInfo{ |
|
87 |
+ user: &user.DefaultInfo{ |
|
88 | 88 |
Name: "ClusterAdmin", |
89 | 89 |
}, |
90 | 90 |
verb: "update", |
... | ... |
@@ -102,7 +102,7 @@ func TestGlobalPolicyOutranksLocalPolicy(t *testing.T) { |
102 | 102 |
func TestResourceKindRestrictionsWork(t *testing.T) { |
103 | 103 |
test1 := &authorizeTest{ |
104 | 104 |
attributes: &openshiftAuthorizationAttributes{ |
105 |
- user: &authenticationapi.DefaultUserInfo{ |
|
105 |
+ user: &user.DefaultInfo{ |
|
106 | 106 |
Name: "Rachel", |
107 | 107 |
}, |
108 | 108 |
verb: "get", |
... | ... |
@@ -118,7 +118,7 @@ func TestResourceKindRestrictionsWork(t *testing.T) { |
118 | 118 |
|
119 | 119 |
test2 := &authorizeTest{ |
120 | 120 |
attributes: &openshiftAuthorizationAttributes{ |
121 |
- user: &authenticationapi.DefaultUserInfo{ |
|
121 |
+ user: &user.DefaultInfo{ |
|
122 | 122 |
Name: "Rachel", |
123 | 123 |
}, |
124 | 124 |
verb: "get", |
... | ... |
@@ -136,7 +136,7 @@ func TestResourceKindRestrictionsWork(t *testing.T) { |
136 | 136 |
func TestResourceKindRestrictionsWithWeirdWork(t *testing.T) { |
137 | 137 |
test1 := &authorizeTest{ |
138 | 138 |
attributes: &openshiftAuthorizationAttributes{ |
139 |
- user: &authenticationapi.DefaultUserInfo{ |
|
139 |
+ user: &user.DefaultInfo{ |
|
140 | 140 |
Name: "Rachel", |
141 | 141 |
}, |
142 | 142 |
verb: "get", |
... | ... |
@@ -152,7 +152,7 @@ func TestResourceKindRestrictionsWithWeirdWork(t *testing.T) { |
152 | 152 |
|
153 | 153 |
test2 := &authorizeTest{ |
154 | 154 |
attributes: &openshiftAuthorizationAttributes{ |
155 |
- user: &authenticationapi.DefaultUserInfo{ |
|
155 |
+ user: &user.DefaultInfo{ |
|
156 | 156 |
Name: "Rachel", |
157 | 157 |
}, |
158 | 158 |
verb: "get", |
... | ... |
@@ -170,7 +170,7 @@ func TestResourceKindRestrictionsWithWeirdWork(t *testing.T) { |
170 | 170 |
func TestLocalRightsDoNotGrantGlobalRights(t *testing.T) { |
171 | 171 |
test := &authorizeTest{ |
172 | 172 |
attributes: &openshiftAuthorizationAttributes{ |
173 |
- user: &authenticationapi.DefaultUserInfo{ |
|
173 |
+ user: &user.DefaultInfo{ |
|
174 | 174 |
Name: "Rachel", |
175 | 175 |
}, |
176 | 176 |
verb: "get", |
... | ... |
@@ -188,7 +188,7 @@ func TestLocalRightsDoNotGrantGlobalRights(t *testing.T) { |
188 | 188 |
func TestVerbRestrictionsWork(t *testing.T) { |
189 | 189 |
test1 := &authorizeTest{ |
190 | 190 |
attributes: &openshiftAuthorizationAttributes{ |
191 |
- user: &authenticationapi.DefaultUserInfo{ |
|
191 |
+ user: &user.DefaultInfo{ |
|
192 | 192 |
Name: "Valerie", |
193 | 193 |
}, |
194 | 194 |
verb: "get", |
... | ... |
@@ -204,7 +204,7 @@ func TestVerbRestrictionsWork(t *testing.T) { |
204 | 204 |
|
205 | 205 |
test2 := &authorizeTest{ |
206 | 206 |
attributes: &openshiftAuthorizationAttributes{ |
207 |
- user: &authenticationapi.DefaultUserInfo{ |
|
207 |
+ user: &user.DefaultInfo{ |
|
208 | 208 |
Name: "Valerie", |
209 | 209 |
}, |
210 | 210 |
verb: "create", |
... | ... |
@@ -4,15 +4,15 @@ import ( |
4 | 4 |
"testing" |
5 | 5 |
|
6 | 6 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
7 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
7 | 8 |
|
8 |
- authenticationapi "github.com/openshift/origin/pkg/auth/api" |
|
9 | 9 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
10 | 10 |
) |
11 | 11 |
|
12 | 12 |
func TestViewerGetAllowedKindInMallet(t *testing.T) { |
13 | 13 |
test := &authorizeTest{ |
14 | 14 |
attributes: &openshiftAuthorizationAttributes{ |
15 |
- user: &authenticationapi.DefaultUserInfo{ |
|
15 |
+ user: &user.DefaultInfo{ |
|
16 | 16 |
Name: "Victor", |
17 | 17 |
}, |
18 | 18 |
verb: "get", |
... | ... |
@@ -29,7 +29,7 @@ func TestViewerGetAllowedKindInMallet(t *testing.T) { |
29 | 29 |
func TestViewerGetAllowedKindInAdze(t *testing.T) { |
30 | 30 |
test := &authorizeTest{ |
31 | 31 |
attributes: &openshiftAuthorizationAttributes{ |
32 |
- user: &authenticationapi.DefaultUserInfo{ |
|
32 |
+ user: &user.DefaultInfo{ |
|
33 | 33 |
Name: "Victor", |
34 | 34 |
}, |
35 | 35 |
verb: "get", |
... | ... |
@@ -47,7 +47,7 @@ func TestViewerGetAllowedKindInAdze(t *testing.T) { |
47 | 47 |
func TestViewerGetDisallowedKindInMallet(t *testing.T) { |
48 | 48 |
test := &authorizeTest{ |
49 | 49 |
attributes: &openshiftAuthorizationAttributes{ |
50 |
- user: &authenticationapi.DefaultUserInfo{ |
|
50 |
+ user: &user.DefaultInfo{ |
|
51 | 51 |
Name: "Victor", |
52 | 52 |
}, |
53 | 53 |
verb: "get", |
... | ... |
@@ -64,7 +64,7 @@ func TestViewerGetDisallowedKindInMallet(t *testing.T) { |
64 | 64 |
func TestViewerGetDisallowedKindInAdze(t *testing.T) { |
65 | 65 |
test := &authorizeTest{ |
66 | 66 |
attributes: &openshiftAuthorizationAttributes{ |
67 |
- user: &authenticationapi.DefaultUserInfo{ |
|
67 |
+ user: &user.DefaultInfo{ |
|
68 | 68 |
Name: "Victor", |
69 | 69 |
}, |
70 | 70 |
verb: "get", |
... | ... |
@@ -82,7 +82,7 @@ func TestViewerGetDisallowedKindInAdze(t *testing.T) { |
82 | 82 |
func TestViewerCreateAllowedKindInMallet(t *testing.T) { |
83 | 83 |
test := &authorizeTest{ |
84 | 84 |
attributes: &openshiftAuthorizationAttributes{ |
85 |
- user: &authenticationapi.DefaultUserInfo{ |
|
85 |
+ user: &user.DefaultInfo{ |
|
86 | 86 |
Name: "Victor", |
87 | 87 |
}, |
88 | 88 |
verb: "create", |
... | ... |
@@ -99,7 +99,7 @@ func TestViewerCreateAllowedKindInMallet(t *testing.T) { |
99 | 99 |
func TestViewerCreateAllowedKindInAdze(t *testing.T) { |
100 | 100 |
test := &authorizeTest{ |
101 | 101 |
attributes: &openshiftAuthorizationAttributes{ |
102 |
- user: &authenticationapi.DefaultUserInfo{ |
|
102 |
+ user: &user.DefaultInfo{ |
|
103 | 103 |
Name: "Victor", |
104 | 104 |
}, |
105 | 105 |
verb: "create", |
... | ... |
@@ -117,7 +117,7 @@ func TestViewerCreateAllowedKindInAdze(t *testing.T) { |
117 | 117 |
func TestEditorUpdateAllowedKindInMallet(t *testing.T) { |
118 | 118 |
test := &authorizeTest{ |
119 | 119 |
attributes: &openshiftAuthorizationAttributes{ |
120 |
- user: &authenticationapi.DefaultUserInfo{ |
|
120 |
+ user: &user.DefaultInfo{ |
|
121 | 121 |
Name: "Edgar", |
122 | 122 |
}, |
123 | 123 |
verb: "update", |
... | ... |
@@ -134,7 +134,7 @@ func TestEditorUpdateAllowedKindInMallet(t *testing.T) { |
134 | 134 |
func TestEditorUpdateAllowedKindInAdze(t *testing.T) { |
135 | 135 |
test := &authorizeTest{ |
136 | 136 |
attributes: &openshiftAuthorizationAttributes{ |
137 |
- user: &authenticationapi.DefaultUserInfo{ |
|
137 |
+ user: &user.DefaultInfo{ |
|
138 | 138 |
Name: "Edgar", |
139 | 139 |
}, |
140 | 140 |
verb: "update", |
... | ... |
@@ -152,7 +152,7 @@ func TestEditorUpdateAllowedKindInAdze(t *testing.T) { |
152 | 152 |
func TestEditorUpdateDisallowedKindInMallet(t *testing.T) { |
153 | 153 |
test := &authorizeTest{ |
154 | 154 |
attributes: &openshiftAuthorizationAttributes{ |
155 |
- user: &authenticationapi.DefaultUserInfo{ |
|
155 |
+ user: &user.DefaultInfo{ |
|
156 | 156 |
Name: "Edgar", |
157 | 157 |
}, |
158 | 158 |
verb: "update", |
... | ... |
@@ -169,7 +169,7 @@ func TestEditorUpdateDisallowedKindInMallet(t *testing.T) { |
169 | 169 |
func TestEditorUpdateDisallowedKindInAdze(t *testing.T) { |
170 | 170 |
test := &authorizeTest{ |
171 | 171 |
attributes: &openshiftAuthorizationAttributes{ |
172 |
- user: &authenticationapi.DefaultUserInfo{ |
|
172 |
+ user: &user.DefaultInfo{ |
|
173 | 173 |
Name: "Edgar", |
174 | 174 |
}, |
175 | 175 |
verb: "update", |
... | ... |
@@ -187,7 +187,7 @@ func TestEditorUpdateDisallowedKindInAdze(t *testing.T) { |
187 | 187 |
func TestEditorGetAllowedKindInMallet(t *testing.T) { |
188 | 188 |
test := &authorizeTest{ |
189 | 189 |
attributes: &openshiftAuthorizationAttributes{ |
190 |
- user: &authenticationapi.DefaultUserInfo{ |
|
190 |
+ user: &user.DefaultInfo{ |
|
191 | 191 |
Name: "Edgar", |
192 | 192 |
}, |
193 | 193 |
verb: "get", |
... | ... |
@@ -204,7 +204,7 @@ func TestEditorGetAllowedKindInMallet(t *testing.T) { |
204 | 204 |
func TestEditorGetAllowedKindInAdze(t *testing.T) { |
205 | 205 |
test := &authorizeTest{ |
206 | 206 |
attributes: &openshiftAuthorizationAttributes{ |
207 |
- user: &authenticationapi.DefaultUserInfo{ |
|
207 |
+ user: &user.DefaultInfo{ |
|
208 | 208 |
Name: "Edgar", |
209 | 209 |
}, |
210 | 210 |
verb: "get", |
... | ... |
@@ -222,7 +222,7 @@ func TestEditorGetAllowedKindInAdze(t *testing.T) { |
222 | 222 |
func TestAdminUpdateAllowedKindInMallet(t *testing.T) { |
223 | 223 |
test := &authorizeTest{ |
224 | 224 |
attributes: &openshiftAuthorizationAttributes{ |
225 |
- user: &authenticationapi.DefaultUserInfo{ |
|
225 |
+ user: &user.DefaultInfo{ |
|
226 | 226 |
Name: "Matthew", |
227 | 227 |
}, |
228 | 228 |
verb: "update", |
... | ... |
@@ -239,7 +239,7 @@ func TestAdminUpdateAllowedKindInMallet(t *testing.T) { |
239 | 239 |
func TestAdminUpdateAllowedKindInAdze(t *testing.T) { |
240 | 240 |
test := &authorizeTest{ |
241 | 241 |
attributes: &openshiftAuthorizationAttributes{ |
242 |
- user: &authenticationapi.DefaultUserInfo{ |
|
242 |
+ user: &user.DefaultInfo{ |
|
243 | 243 |
Name: "Matthew", |
244 | 244 |
}, |
245 | 245 |
verb: "update", |
... | ... |
@@ -257,7 +257,7 @@ func TestAdminUpdateAllowedKindInAdze(t *testing.T) { |
257 | 257 |
func TestAdminUpdateDisallowedKindInMallet(t *testing.T) { |
258 | 258 |
test := &authorizeTest{ |
259 | 259 |
attributes: &openshiftAuthorizationAttributes{ |
260 |
- user: &authenticationapi.DefaultUserInfo{ |
|
260 |
+ user: &user.DefaultInfo{ |
|
261 | 261 |
Name: "Matthew", |
262 | 262 |
}, |
263 | 263 |
verb: "update", |
... | ... |
@@ -274,7 +274,7 @@ func TestAdminUpdateDisallowedKindInMallet(t *testing.T) { |
274 | 274 |
func TestAdminUpdateDisallowedKindInAdze(t *testing.T) { |
275 | 275 |
test := &authorizeTest{ |
276 | 276 |
attributes: &openshiftAuthorizationAttributes{ |
277 |
- user: &authenticationapi.DefaultUserInfo{ |
|
277 |
+ user: &user.DefaultInfo{ |
|
278 | 278 |
Name: "Matthew", |
279 | 279 |
}, |
280 | 280 |
verb: "update", |
... | ... |
@@ -292,7 +292,7 @@ func TestAdminUpdateDisallowedKindInAdze(t *testing.T) { |
292 | 292 |
func TestAdminGetAllowedKindInMallet(t *testing.T) { |
293 | 293 |
test := &authorizeTest{ |
294 | 294 |
attributes: &openshiftAuthorizationAttributes{ |
295 |
- user: &authenticationapi.DefaultUserInfo{ |
|
295 |
+ user: &user.DefaultInfo{ |
|
296 | 296 |
Name: "Matthew", |
297 | 297 |
}, |
298 | 298 |
verb: "get", |
... | ... |
@@ -309,7 +309,7 @@ func TestAdminGetAllowedKindInMallet(t *testing.T) { |
309 | 309 |
func TestAdminGetAllowedKindInAdze(t *testing.T) { |
310 | 310 |
test := &authorizeTest{ |
311 | 311 |
attributes: &openshiftAuthorizationAttributes{ |
312 |
- user: &authenticationapi.DefaultUserInfo{ |
|
312 |
+ user: &user.DefaultInfo{ |
|
313 | 313 |
Name: "Matthew", |
314 | 314 |
}, |
315 | 315 |
verb: "get", |
... | ... |
@@ -11,13 +11,13 @@ import ( |
11 | 11 |
|
12 | 12 |
"code.google.com/p/go-uuid/uuid" |
13 | 13 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
14 |
+ kuser "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
14 | 15 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/tools" |
15 | 16 |
"github.com/RangelReale/osin" |
16 | 17 |
"github.com/RangelReale/osincli" |
17 | 18 |
"github.com/emicklei/go-restful" |
18 | 19 |
"github.com/golang/glog" |
19 | 20 |
|
20 |
- "github.com/openshift/origin/pkg/auth/api" |
|
21 | 21 |
"github.com/openshift/origin/pkg/auth/authenticator" |
22 | 22 |
"github.com/openshift/origin/pkg/auth/authenticator/challenger/passwordchallenger" |
23 | 23 |
"github.com/openshift/origin/pkg/auth/authenticator/password/allowanypassword" |
... | ... |
@@ -598,7 +598,7 @@ type callbackPasswordAuthenticator struct { |
598 | 598 |
type redirectSuccessHandler struct{} |
599 | 599 |
|
600 | 600 |
// AuthenticationSuccess informs client when authentication was successful |
601 |
-func (redirectSuccessHandler) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
601 |
+func (redirectSuccessHandler) AuthenticationSucceeded(user kuser.Info, then string, w http.ResponseWriter, req *http.Request) (bool, error) { |
|
602 | 602 |
if len(then) == 0 { |
603 | 603 |
return false, fmt.Errorf("Auth succeeded, but no redirect existed - user=%#v", user) |
604 | 604 |
} |
... | ... |
@@ -18,6 +18,7 @@ import ( |
18 | 18 |
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
19 | 19 |
klatest "github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest" |
20 | 20 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver" |
21 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
21 | 22 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities" |
22 | 23 |
kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client" |
23 | 24 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/client/clientcmd" |
... | ... |
@@ -31,7 +32,6 @@ import ( |
31 | 31 |
"github.com/spf13/pflag" |
32 | 32 |
|
33 | 33 |
"github.com/openshift/origin/pkg/api/latest" |
34 |
- "github.com/openshift/origin/pkg/auth/api" |
|
35 | 34 |
"github.com/openshift/origin/pkg/auth/authenticator" |
36 | 35 |
"github.com/openshift/origin/pkg/auth/authenticator/request/bearertoken" |
37 | 36 |
"github.com/openshift/origin/pkg/auth/authenticator/request/paramtoken" |
... | ... |
@@ -475,8 +475,8 @@ func start(cfg *config, args []string) error { |
475 | 475 |
FailOnError: true, |
476 | 476 |
Handlers: []authenticator.Request{ |
477 | 477 |
group.NewGroupAdder(unionrequest.NewUnionAuthentication(authenticators...), []string{authenticatedGroup}), |
478 |
- authenticator.RequestFunc(func(req *http.Request) (api.UserInfo, bool, error) { |
|
479 |
- return &api.DefaultUserInfo{Name: unauthenticatedUsername, Groups: []string{unauthenticatedGroup}}, true, nil |
|
478 |
+ authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) { |
|
479 |
+ return &user.DefaultInfo{Name: unauthenticatedUsername, Groups: []string{unauthenticatedGroup}}, true, nil |
|
480 | 480 |
}), |
481 | 481 |
}, |
482 | 482 |
} |
... | ... |
@@ -8,17 +8,17 @@ import ( |
8 | 8 |
"reflect" |
9 | 9 |
"testing" |
10 | 10 |
|
11 |
+ kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
|
12 |
+ "github.com/GoogleCloudPlatform/kubernetes/pkg/api/meta" |
|
11 | 13 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver" |
14 |
+ kuser "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" |
|
12 | 15 |
kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client" |
13 | 16 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime" |
14 | 17 |
"github.com/GoogleCloudPlatform/kubernetes/pkg/tools" |
15 |
- |
|
16 |
- kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
|
17 |
- "github.com/GoogleCloudPlatform/kubernetes/pkg/api/meta" |
|
18 | 18 |
"github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/admission/admit" |
19 |
+ |
|
19 | 20 |
"github.com/openshift/origin/pkg/api/latest" |
20 | 21 |
"github.com/openshift/origin/pkg/api/v1beta1" |
21 |
- authapi "github.com/openshift/origin/pkg/auth/api" |
|
22 | 22 |
oapauth "github.com/openshift/origin/pkg/auth/authenticator/password/oauthpassword/registry" |
23 | 23 |
"github.com/openshift/origin/pkg/auth/context" |
24 | 24 |
"github.com/openshift/origin/pkg/client" |
... | ... |
@@ -151,13 +151,13 @@ func TestUserLookup(t *testing.T) { |
151 | 151 |
etcdClient := newEtcdClient() |
152 | 152 |
interfaces, _ := latest.InterfacesFor(latest.Version) |
153 | 153 |
userRegistry := etcd.New(tools.EtcdHelper{etcdClient, interfaces.Codec, tools.RuntimeVersionAdapter{interfaces.MetadataAccessor}}, user.NewDefaultUserInitStrategy()) |
154 |
- userInfo := &authapi.DefaultUserInfo{ |
|
154 |
+ userInfo := &kuser.DefaultInfo{ |
|
155 | 155 |
Name: ":test", |
156 | 156 |
} |
157 | 157 |
userContext := context.NewRequestContextMap() |
158 | 158 |
userContextFunc := userregistry.ContextFunc(func(req *http.Request) (userregistry.Info, bool) { |
159 | 159 |
obj, found := userContext.Get(req) |
160 |
- if user, ok := obj.(authapi.UserInfo); found && ok { |
|
160 |
+ if user, ok := obj.(kuser.Info); found && ok { |
|
161 | 161 |
return user, true |
162 | 162 |
} |
163 | 163 |
return nil, false |