Commit 78016fa5 authored by Darren Shepherd's avatar Darren Shepherd

Delete tokenfile auth

parent 33e2ffc2
...@@ -29,7 +29,6 @@ import ( ...@@ -29,7 +29,6 @@ import (
"k8s.io/apiserver/pkg/authentication/request/websocket" "k8s.io/apiserver/pkg/authentication/request/websocket"
"k8s.io/apiserver/pkg/authentication/request/x509" "k8s.io/apiserver/pkg/authentication/request/x509"
tokencache "k8s.io/apiserver/pkg/authentication/token/cache" tokencache "k8s.io/apiserver/pkg/authentication/token/cache"
"k8s.io/apiserver/pkg/authentication/token/tokenfile"
tokenunion "k8s.io/apiserver/pkg/authentication/token/union" tokenunion "k8s.io/apiserver/pkg/authentication/token/union"
utilfeature "k8s.io/apiserver/pkg/util/feature" utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile" "k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile"
...@@ -46,7 +45,6 @@ type AuthenticatorConfig struct { ...@@ -46,7 +45,6 @@ type AuthenticatorConfig struct {
Anonymous bool Anonymous bool
BasicAuthFile string BasicAuthFile string
ClientCAFile string ClientCAFile string
TokenAuthFile string
ServiceAccountKeyFiles []string ServiceAccountKeyFiles []string
ServiceAccountLookup bool ServiceAccountLookup bool
ServiceAccountIssuer string ServiceAccountIssuer string
...@@ -103,14 +101,6 @@ func (config AuthenticatorConfig) New() (authenticator.Request, error) { ...@@ -103,14 +101,6 @@ func (config AuthenticatorConfig) New() (authenticator.Request, error) {
authenticators = append(authenticators, certAuth) authenticators = append(authenticators, certAuth)
} }
// Bearer token methods, local first, then remote
if len(config.TokenAuthFile) > 0 {
tokenAuth, err := newAuthenticatorFromTokenFile(config.TokenAuthFile)
if err != nil {
return nil, err
}
tokenAuthenticators = append(tokenAuthenticators, tokenAuth)
}
if len(config.ServiceAccountKeyFiles) > 0 { if len(config.ServiceAccountKeyFiles) > 0 {
serviceAccountAuth, err := newLegacyServiceAccountAuthenticator(config.ServiceAccountKeyFiles, config.ServiceAccountLookup, config.ServiceAccountTokenGetter) serviceAccountAuth, err := newLegacyServiceAccountAuthenticator(config.ServiceAccountKeyFiles, config.ServiceAccountLookup, config.ServiceAccountTokenGetter)
if err != nil { if err != nil {
...@@ -179,16 +169,6 @@ func newAuthenticatorFromBasicAuthFile(basicAuthFile string) (authenticator.Requ ...@@ -179,16 +169,6 @@ func newAuthenticatorFromBasicAuthFile(basicAuthFile string) (authenticator.Requ
return basicauth.New(basicAuthenticator), nil return basicauth.New(basicAuthenticator), nil
} }
// newAuthenticatorFromTokenFile returns an authenticator.Token or an error
func newAuthenticatorFromTokenFile(tokenAuthFile string) (authenticator.Token, error) {
tokenAuthenticator, err := tokenfile.NewCSV(tokenAuthFile)
if err != nil {
return nil, err
}
return tokenAuthenticator, nil
}
// newLegacyServiceAccountAuthenticator returns an authenticator.Token or an error // newLegacyServiceAccountAuthenticator returns an authenticator.Token or an error
func newLegacyServiceAccountAuthenticator(keyfiles []string, lookup bool, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter) (authenticator.Token, error) { func newLegacyServiceAccountAuthenticator(keyfiles []string, lookup bool, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter) (authenticator.Token, error) {
allPublicKeys := []interface{}{} allPublicKeys := []interface{}{}
......
...@@ -35,7 +35,6 @@ type BuiltInAuthenticationOptions struct { ...@@ -35,7 +35,6 @@ type BuiltInAuthenticationOptions struct {
Anonymous *AnonymousAuthenticationOptions Anonymous *AnonymousAuthenticationOptions
PasswordFile *PasswordFileAuthenticationOptions PasswordFile *PasswordFileAuthenticationOptions
ServiceAccounts *ServiceAccountAuthenticationOptions ServiceAccounts *ServiceAccountAuthenticationOptions
TokenFile *TokenFileAuthenticationOptions
WebHook *WebHookAuthenticationOptions WebHook *WebHookAuthenticationOptions
TokenSuccessCacheTTL time.Duration TokenSuccessCacheTTL time.Duration
...@@ -58,10 +57,6 @@ type ServiceAccountAuthenticationOptions struct { ...@@ -58,10 +57,6 @@ type ServiceAccountAuthenticationOptions struct {
MaxExpiration time.Duration MaxExpiration time.Duration
} }
type TokenFileAuthenticationOptions struct {
TokenFile string
}
type WebHookAuthenticationOptions struct { type WebHookAuthenticationOptions struct {
ConfigFile string ConfigFile string
CacheTTL time.Duration CacheTTL time.Duration
...@@ -79,7 +74,6 @@ func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions { ...@@ -79,7 +74,6 @@ func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions {
WithAnonymous(). WithAnonymous().
WithPasswordFile(). WithPasswordFile().
WithServiceAccounts(). WithServiceAccounts().
WithTokenFile().
WithWebHook() WithWebHook()
} }
...@@ -98,11 +92,6 @@ func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticat ...@@ -98,11 +92,6 @@ func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticat
return s return s
} }
func (s *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions {
s.TokenFile = &TokenFileAuthenticationOptions{}
return s
}
func (s *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions { func (s *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions {
s.WebHook = &WebHookAuthenticationOptions{ s.WebHook = &WebHookAuthenticationOptions{
CacheTTL: 2 * time.Minute, CacheTTL: 2 * time.Minute,
...@@ -161,12 +150,6 @@ func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) { ...@@ -161,12 +150,6 @@ func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
"TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value.") "TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value.")
} }
if s.TokenFile != nil {
fs.StringVar(&s.TokenFile.TokenFile, "token-auth-file", s.TokenFile.TokenFile, ""+
"If set, the file that will be used to secure the secure port of the API server "+
"via token authentication.")
}
if s.WebHook != nil { if s.WebHook != nil {
fs.StringVar(&s.WebHook.ConfigFile, "authentication-token-webhook-config-file", s.WebHook.ConfigFile, ""+ fs.StringVar(&s.WebHook.ConfigFile, "authentication-token-webhook-config-file", s.WebHook.ConfigFile, ""+
"File with webhook configuration for token authentication in kubeconfig format. "+ "File with webhook configuration for token authentication in kubeconfig format. "+
...@@ -198,10 +181,6 @@ func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.Au ...@@ -198,10 +181,6 @@ func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.Au
ret.ServiceAccountAPIAudiences = s.ServiceAccounts.APIAudiences ret.ServiceAccountAPIAudiences = s.ServiceAccounts.APIAudiences
} }
if s.TokenFile != nil {
ret.TokenAuthFile = s.TokenFile.TokenFile
}
if s.WebHook != nil { if s.WebHook != nil {
ret.WebhookTokenAuthnConfigFile = s.WebHook.ConfigFile ret.WebhookTokenAuthnConfigFile = s.WebHook.ConfigFile
ret.WebhookTokenAuthnCacheTTL = s.WebHook.CacheTTL ret.WebhookTokenAuthnCacheTTL = s.WebHook.CacheTTL
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment