Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
03d03310
Commit
03d03310
authored
Oct 08, 2018
by
Darren Shepherd
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Delete tokenfile auth
parent
1e41fdb1
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
0 additions
and
41 deletions
+0
-41
config.go
pkg/kubeapiserver/authenticator/config.go
+0
-20
authentication.go
pkg/kubeapiserver/options/authentication.go
+0
-21
No files found.
pkg/kubeapiserver/authenticator/config.go
View file @
03d03310
...
@@ -29,7 +29,6 @@ import (
...
@@ -29,7 +29,6 @@ import (
"k8s.io/apiserver/pkg/authentication/request/websocket"
"k8s.io/apiserver/pkg/authentication/request/websocket"
"k8s.io/apiserver/pkg/authentication/request/x509"
"k8s.io/apiserver/pkg/authentication/request/x509"
tokencache
"k8s.io/apiserver/pkg/authentication/token/cache"
tokencache
"k8s.io/apiserver/pkg/authentication/token/cache"
"k8s.io/apiserver/pkg/authentication/token/tokenfile"
tokenunion
"k8s.io/apiserver/pkg/authentication/token/union"
tokenunion
"k8s.io/apiserver/pkg/authentication/token/union"
utilfeature
"k8s.io/apiserver/pkg/util/feature"
utilfeature
"k8s.io/apiserver/pkg/util/feature"
"k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile"
"k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile"
...
@@ -46,7 +45,6 @@ type AuthenticatorConfig struct {
...
@@ -46,7 +45,6 @@ type AuthenticatorConfig struct {
Anonymous
bool
Anonymous
bool
BasicAuthFile
string
BasicAuthFile
string
ClientCAFile
string
ClientCAFile
string
TokenAuthFile
string
ServiceAccountKeyFiles
[]
string
ServiceAccountKeyFiles
[]
string
ServiceAccountLookup
bool
ServiceAccountLookup
bool
ServiceAccountIssuer
string
ServiceAccountIssuer
string
...
@@ -103,14 +101,6 @@ func (config AuthenticatorConfig) New() (authenticator.Request, error) {
...
@@ -103,14 +101,6 @@ func (config AuthenticatorConfig) New() (authenticator.Request, error) {
authenticators
=
append
(
authenticators
,
certAuth
)
authenticators
=
append
(
authenticators
,
certAuth
)
}
}
// Bearer token methods, local first, then remote
if
len
(
config
.
TokenAuthFile
)
>
0
{
tokenAuth
,
err
:=
newAuthenticatorFromTokenFile
(
config
.
TokenAuthFile
)
if
err
!=
nil
{
return
nil
,
err
}
tokenAuthenticators
=
append
(
tokenAuthenticators
,
tokenAuth
)
}
if
len
(
config
.
ServiceAccountKeyFiles
)
>
0
{
if
len
(
config
.
ServiceAccountKeyFiles
)
>
0
{
serviceAccountAuth
,
err
:=
newLegacyServiceAccountAuthenticator
(
config
.
ServiceAccountKeyFiles
,
config
.
ServiceAccountLookup
,
config
.
ServiceAccountTokenGetter
)
serviceAccountAuth
,
err
:=
newLegacyServiceAccountAuthenticator
(
config
.
ServiceAccountKeyFiles
,
config
.
ServiceAccountLookup
,
config
.
ServiceAccountTokenGetter
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -179,16 +169,6 @@ func newAuthenticatorFromBasicAuthFile(basicAuthFile string) (authenticator.Requ
...
@@ -179,16 +169,6 @@ func newAuthenticatorFromBasicAuthFile(basicAuthFile string) (authenticator.Requ
return
basicauth
.
New
(
basicAuthenticator
),
nil
return
basicauth
.
New
(
basicAuthenticator
),
nil
}
}
// newAuthenticatorFromTokenFile returns an authenticator.Token or an error
func
newAuthenticatorFromTokenFile
(
tokenAuthFile
string
)
(
authenticator
.
Token
,
error
)
{
tokenAuthenticator
,
err
:=
tokenfile
.
NewCSV
(
tokenAuthFile
)
if
err
!=
nil
{
return
nil
,
err
}
return
tokenAuthenticator
,
nil
}
// newLegacyServiceAccountAuthenticator returns an authenticator.Token or an error
// newLegacyServiceAccountAuthenticator returns an authenticator.Token or an error
func
newLegacyServiceAccountAuthenticator
(
keyfiles
[]
string
,
lookup
bool
,
serviceAccountGetter
serviceaccount
.
ServiceAccountTokenGetter
)
(
authenticator
.
Token
,
error
)
{
func
newLegacyServiceAccountAuthenticator
(
keyfiles
[]
string
,
lookup
bool
,
serviceAccountGetter
serviceaccount
.
ServiceAccountTokenGetter
)
(
authenticator
.
Token
,
error
)
{
allPublicKeys
:=
[]
interface
{}{}
allPublicKeys
:=
[]
interface
{}{}
...
...
pkg/kubeapiserver/options/authentication.go
View file @
03d03310
...
@@ -35,7 +35,6 @@ type BuiltInAuthenticationOptions struct {
...
@@ -35,7 +35,6 @@ type BuiltInAuthenticationOptions struct {
Anonymous
*
AnonymousAuthenticationOptions
Anonymous
*
AnonymousAuthenticationOptions
PasswordFile
*
PasswordFileAuthenticationOptions
PasswordFile
*
PasswordFileAuthenticationOptions
ServiceAccounts
*
ServiceAccountAuthenticationOptions
ServiceAccounts
*
ServiceAccountAuthenticationOptions
TokenFile
*
TokenFileAuthenticationOptions
WebHook
*
WebHookAuthenticationOptions
WebHook
*
WebHookAuthenticationOptions
TokenSuccessCacheTTL
time
.
Duration
TokenSuccessCacheTTL
time
.
Duration
...
@@ -58,10 +57,6 @@ type ServiceAccountAuthenticationOptions struct {
...
@@ -58,10 +57,6 @@ type ServiceAccountAuthenticationOptions struct {
MaxExpiration
time
.
Duration
MaxExpiration
time
.
Duration
}
}
type
TokenFileAuthenticationOptions
struct
{
TokenFile
string
}
type
WebHookAuthenticationOptions
struct
{
type
WebHookAuthenticationOptions
struct
{
ConfigFile
string
ConfigFile
string
CacheTTL
time
.
Duration
CacheTTL
time
.
Duration
...
@@ -79,7 +74,6 @@ func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions {
...
@@ -79,7 +74,6 @@ func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions {
WithAnonymous
()
.
WithAnonymous
()
.
WithPasswordFile
()
.
WithPasswordFile
()
.
WithServiceAccounts
()
.
WithServiceAccounts
()
.
WithTokenFile
()
.
WithWebHook
()
WithWebHook
()
}
}
...
@@ -98,11 +92,6 @@ func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticat
...
@@ -98,11 +92,6 @@ func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticat
return
s
return
s
}
}
func
(
s
*
BuiltInAuthenticationOptions
)
WithTokenFile
()
*
BuiltInAuthenticationOptions
{
s
.
TokenFile
=
&
TokenFileAuthenticationOptions
{}
return
s
}
func
(
s
*
BuiltInAuthenticationOptions
)
WithWebHook
()
*
BuiltInAuthenticationOptions
{
func
(
s
*
BuiltInAuthenticationOptions
)
WithWebHook
()
*
BuiltInAuthenticationOptions
{
s
.
WebHook
=
&
WebHookAuthenticationOptions
{
s
.
WebHook
=
&
WebHookAuthenticationOptions
{
CacheTTL
:
2
*
time
.
Minute
,
CacheTTL
:
2
*
time
.
Minute
,
...
@@ -161,12 +150,6 @@ func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
...
@@ -161,12 +150,6 @@ func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
"TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value."
)
"TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value."
)
}
}
if
s
.
TokenFile
!=
nil
{
fs
.
StringVar
(
&
s
.
TokenFile
.
TokenFile
,
"token-auth-file"
,
s
.
TokenFile
.
TokenFile
,
""
+
"If set, the file that will be used to secure the secure port of the API server "
+
"via token authentication."
)
}
if
s
.
WebHook
!=
nil
{
if
s
.
WebHook
!=
nil
{
fs
.
StringVar
(
&
s
.
WebHook
.
ConfigFile
,
"authentication-token-webhook-config-file"
,
s
.
WebHook
.
ConfigFile
,
""
+
fs
.
StringVar
(
&
s
.
WebHook
.
ConfigFile
,
"authentication-token-webhook-config-file"
,
s
.
WebHook
.
ConfigFile
,
""
+
"File with webhook configuration for token authentication in kubeconfig format. "
+
"File with webhook configuration for token authentication in kubeconfig format. "
+
...
@@ -198,10 +181,6 @@ func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.Au
...
@@ -198,10 +181,6 @@ func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.Au
ret
.
ServiceAccountAPIAudiences
=
s
.
ServiceAccounts
.
APIAudiences
ret
.
ServiceAccountAPIAudiences
=
s
.
ServiceAccounts
.
APIAudiences
}
}
if
s
.
TokenFile
!=
nil
{
ret
.
TokenAuthFile
=
s
.
TokenFile
.
TokenFile
}
if
s
.
WebHook
!=
nil
{
if
s
.
WebHook
!=
nil
{
ret
.
WebhookTokenAuthnConfigFile
=
s
.
WebHook
.
ConfigFile
ret
.
WebhookTokenAuthnConfigFile
=
s
.
WebHook
.
ConfigFile
ret
.
WebhookTokenAuthnCacheTTL
=
s
.
WebHook
.
CacheTTL
ret
.
WebhookTokenAuthnCacheTTL
=
s
.
WebHook
.
CacheTTL
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment