github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix flake on TestQuotaLimitService

Browse Source
This commit is contained in:
jlsong01
2021-12-31 21:36:27 +08:00
parent 6f896dec4f
commit 3006aa534b
3 changed files with 33 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
test/integration/framework/controlplane_utils.go
View File

@@ -61,6 +61,10 @@ import (
netutils "k8s.io/utils/net"
)
const (
UnprivilegedUserToken = "unprivileged-user"
)
// Config is a struct of configuration directives for NewControlPlaneComponents.
type Config struct {
// If nil, a default is used, partially filled configs will not get populated.
@@ -80,11 +84,16 @@ func (alwaysAllow) Authorize(ctx context.Context, requestAttributes authorizer.A
return authorizer.DecisionAllow, "always allow", nil
}
// alwaysEmpty simulates "no authentication" for old tests
func alwaysEmpty(req *http.Request) (*authauthenticator.Response, bool, error) {
// unsecuredUser simulates requests to the unsecured endpoint for old tests
func unsecuredUser(req *http.Request) (*authauthenticator.Response, bool, error) {
auth := req.Header.Get("Authorization")
if len(auth) != 0 {
return nil, false, nil
}
return &authauthenticator.Response{
User: &user.DefaultInfo{
Name: "",
Name: "system:unsecured",
Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated},
},
}, true, nil
}
@@ -171,12 +180,17 @@ func startAPIServerOrDie(controlPlaneConfig *controlplane.Config, incomingServer
tokens[privilegedLoopbackToken] = &user.DefaultInfo{
Name: user.APIServerUser,
UID: uuid.New().String(),
Groups: []string{user.SystemPrivilegedGroup},
Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated},
}
tokens[UnprivilegedUserToken] = &user.DefaultInfo{
Name: "unprivileged",
UID: uuid.New().String(),
Groups: []string{user.AllAuthenticated},
}
tokenAuthenticator := authenticatorfactory.NewFromTokens(tokens, controlPlaneConfig.GenericConfig.Authentication.APIAudiences)
if controlPlaneConfig.GenericConfig.Authentication.Authenticator == nil {
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticatorunion.New(tokenAuthenticator, authauthenticator.RequestFunc(alwaysEmpty))
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticatorunion.New(tokenAuthenticator, authauthenticator.RequestFunc(unsecuredUser))
} else {
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticatorunion.New(tokenAuthenticator, controlPlaneConfig.GenericConfig.Authentication.Authenticator)
}