github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

nodeidentifier: require nodes to have wellformed usernames

pull/6/head
Mike Danese 2017-06-01 14:39:17 -07:00 committed by Jordan Liggitt
parent 5404948e7b
commit 73e47f652b
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/auth/nodeidentifier/default.go
View File

@ -23,8 +23,9 @@ import (
)
// NewDefaultNodeIdentifier returns a default NodeIdentifier implementation,
// which returns isNode=true if the user groups contain the system:nodes group,
// and populates nodeName if isNode is true, and the user name is in the format system:node:<nodeName>
// which returns isNode=true if the user groups contain the system:nodes group
// and the user name matches the format system:node:<nodeName>, and populates
// nodeName if isNode is true
func NewDefaultNodeIdentifier() NodeIdentifier {
return defaultNodeIdentifier{}
}
@ -35,14 +36,22 @@ type defaultNodeIdentifier struct{}
// nodeUserNamePrefix is the prefix for usernames in the form `system:node:<nodeName>`
const nodeUserNamePrefix = "system:node:"
// NodeIdentity returns isNode=true if the user groups contain the system:nodes group,
// and populates nodeName if isNode is true, and the user name is in the format system:node:<nodeName>
// NodeIdentity returns isNode=true if the user groups contain the system:nodes
// group and the user name matches the format system:node:<nodeName>, and
// populates nodeName if isNode is true
func (defaultNodeIdentifier) NodeIdentity(u user.Info) (string, bool) {
// Make sure we're a node, and can parse the node name
if u == nil {
return "", false
}
userName := u.GetName()
if !strings.HasPrefix(userName, nodeUserNamePrefix) {
return "", false
}
nodeName := strings.TrimPrefix(userName, nodeUserNamePrefix)
isNode := false
for _, g := range u.GetGroups() {
if g == user.NodesGroup {
@ -54,11 +63,5 @@ func (defaultNodeIdentifier) NodeIdentity(u user.Info) (string, bool) {
return "", false
}
userName := u.GetName()
nodeName := ""
if strings.HasPrefix(userName, nodeUserNamePrefix) {
nodeName = strings.TrimPrefix(userName, nodeUserNamePrefix)
}
return nodeName, isNode
}

2
pkg/auth/nodeidentifier/default_test.go
View File

@ -45,7 +45,7 @@ func TestDefaultNodeIdentifier_NodeIdentity(t *testing.T) {
name: "node group without username",
user: &user.DefaultInfo{Name: "foo", Groups: []string{"system:nodes"}},
expectNodeName: "",
expectIsNode: true,
expectIsNode: false,
},
{
name: "node group and username",