From 0f3baaad5051f47cbfc5c05ff24e7646ee18d526 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Fri, 9 Sep 2016 09:07:52 -0400 Subject: [PATCH] Create GroupAdder authenticator wrapper --- pkg/auth/group/group_adder.go | 50 ++++++++++++++++++++++++++++++ pkg/auth/group/group_adder_test.go | 42 +++++++++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 pkg/auth/group/group_adder.go create mode 100644 pkg/auth/group/group_adder_test.go diff --git a/pkg/auth/group/group_adder.go b/pkg/auth/group/group_adder.go new file mode 100644 index 0000000000..7a15941a94 --- /dev/null +++ b/pkg/auth/group/group_adder.go @@ -0,0 +1,50 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package group + +import ( + "net/http" + + "k8s.io/kubernetes/pkg/auth/authenticator" + "k8s.io/kubernetes/pkg/auth/user" +) + +// GroupAdder adds groups to an authenticated user.Info +type GroupAdder struct { + // Authenticator is delegated to make the authentication decision + Authenticator authenticator.Request + // Groups are additional groups to add to the user.Info from a successful authentication + Groups []string +} + +// NewGroupAdder wraps a request authenticator, and adds the specified groups to the returned user when authentication succeeds +func NewGroupAdder(auth authenticator.Request, groups []string) authenticator.Request { + return &GroupAdder{auth, groups} +} + +func (g *GroupAdder) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { + u, ok, err := g.Authenticator.AuthenticateRequest(req) + if err != nil || !ok { + return nil, ok, err + } + return &user.DefaultInfo{ + Name: u.GetName(), + UID: u.GetUID(), + Groups: append(u.GetGroups(), g.Groups...), + Extra: u.GetExtra(), + }, true, nil +} diff --git a/pkg/auth/group/group_adder_test.go b/pkg/auth/group/group_adder_test.go new file mode 100644 index 0000000000..4eec6c0b3b --- /dev/null +++ b/pkg/auth/group/group_adder_test.go @@ -0,0 +1,42 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package group + +import ( + "net/http" + "reflect" + "testing" + + "k8s.io/kubernetes/pkg/auth/authenticator" + "k8s.io/kubernetes/pkg/auth/user" +) + +func TestGroupAdder(t *testing.T) { + adder := authenticator.Request( + NewGroupAdder( + authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) { + return &user.DefaultInfo{Name: "user", Groups: []string{"original"}}, true, nil + }), + []string{"added"}, + ), + ) + + user, _, _ := adder.AuthenticateRequest(nil) + if !reflect.DeepEqual(user.GetGroups(), []string{"original", "added"}) { + t.Errorf("Expected original,added groups, got %#v", user.GetGroups()) + } +}