From caca81b1b5de4d2e94366091449aacc70693baa8 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Tue, 10 Jan 2017 00:04:26 -0500 Subject: [PATCH] Add support for groups to passwordfile --- .../password/passwordfile/passwordfile.go | 5 +++ .../passwordfile/passwordfile_test.go | 39 +++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile.go b/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile.go index 1d8616b7a4..4fb18d1554 100644 --- a/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile.go +++ b/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile.go @@ -21,6 +21,7 @@ import ( "fmt" "io" "os" + "strings" "github.com/golang/glog" "k8s.io/apiserver/pkg/authentication/user" @@ -47,6 +48,7 @@ func NewCSV(path string) (*PasswordAuthenticator, error) { recordNum := 0 users := make(map[string]*userPasswordInfo) reader := csv.NewReader(file) + reader.FieldsPerRecord = -1 for { record, err := reader.Read() if err == io.EOF { @@ -62,6 +64,9 @@ func NewCSV(path string) (*PasswordAuthenticator, error) { info: &user.DefaultInfo{Name: record[1], UID: record[2]}, password: record[0], } + if len(record) >= 4 { + obj.info.Groups = strings.Split(record[3], ",") + } recordNum++ if _, exist := users[obj.info.Name]; exist { glog.Warningf("duplicate username '%s' has been found in password file '%s', record number '%d'", obj.info.Name, path, recordNum) diff --git a/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile_test.go b/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile_test.go index d5c596d8a6..9a3a6350e3 100644 --- a/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile_test.go +++ b/plugin/pkg/auth/authenticator/password/passwordfile/passwordfile_test.go @@ -29,6 +29,11 @@ func TestPasswordFile(t *testing.T) { auth, err := newWithContents(t, ` password1,user1,uid1 password2,user2,uid2 +password3,user3,uid3,"group1,group2" +password4,user4,uid4,"group2" +password5,user5,uid5,group5 +password6,user6,uid6,group5,otherdata +password7,user7,uid7,"group1,group2",otherdata `) if err != nil { t.Fatalf("unable to read passwordfile: %v", err) @@ -64,10 +69,44 @@ password2,user2,uid2 { Username: "user3", Password: "password3", + User: &user.DefaultInfo{Name: "user3", UID: "uid3", Groups: []string{"group1", "group2"}}, + Ok: true, }, { Username: "user4", Password: "password4", + User: &user.DefaultInfo{Name: "user4", UID: "uid4", Groups: []string{"group2"}}, + Ok: true, + }, + { + Username: "user5", + Password: "password5", + User: &user.DefaultInfo{Name: "user5", UID: "uid5", Groups: []string{"group5"}}, + Ok: true, + }, + { + Username: "user6", + Password: "password6", + User: &user.DefaultInfo{Name: "user6", UID: "uid6", Groups: []string{"group5"}}, + Ok: true, + }, + { + Username: "user7", + Password: "password7", + User: &user.DefaultInfo{Name: "user7", UID: "uid7", Groups: []string{"group1", "group2"}}, + Ok: true, + }, + { + Username: "user7", + Password: "passwordbad", + }, + { + Username: "userbad", + Password: "password7", + }, + { + Username: "user8", + Password: "password8", }, } for i, testCase := range testCases {