github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #55456 from hzxuzhonghu/token 

Automatic merge from submit-queue (batch tested with PRs 55682, 55444, 55456, 55717, 55131). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

verify token auth file

**What this PR does / why we need it**:
verify token auth file and to prevent empty token.

https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping/#token-authentication-file
https://kubernetes.io/docs/admin/authentication/#static-token-file

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #55434

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
pull/6/head
Kubernetes Submit Queue 2017-11-15 23:06:14 -08:00 committed by GitHub
parent d73157ba97 62c170fc1d
commit 2abc4742d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/apiserver/pkg/authentication/token/tokenfile/tokenfile.go
View File

@ -62,11 +62,17 @@ func NewCSV(path string) (*TokenAuthenticator, error) {
if len(record) < 3 {
return nil, fmt.Errorf("token file '%s' must have at least 3 columns (token, user name, user uid), found %d", path, len(record))
}
recordNum++
if record[0] == "" {
glog.Warningf("empty token has been found in token file '%s', record number '%d'", path, recordNum)
continue
}
obj := &user.DefaultInfo{
Name: record[1],
UID: record[2],
}
recordNum++
if _, exist := tokens[record[0]]; exist {
glog.Warningf("duplicate token has been found in token file '%s', record number '%d'", path, recordNum)
}

10
staging/src/k8s.io/apiserver/pkg/authentication/token/tokenfile/tokenfile_test.go
View File

@ -125,6 +125,16 @@ func TestInsufficientColumnsTokenFile(t *testing.T) {
}
}
func TestEmptyTokenTokenFile(t *testing.T) {
auth, err := newWithContents(t, ",user5,uid5\n")
if err != nil {
t.Fatalf("unexpected error %v", err)
}
if len(auth.tokens) != 0 {
t.Fatalf("empty token should not be recorded")
}
}
func newWithContents(t *testing.T, contents string) (auth *TokenAuthenticator, err error) {
f, err := ioutil.TempFile("", "tokenfile_test")
if err != nil {