github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove support for basic authentication

Browse Source 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan
2020-03-11 14:31:31 -04:00
parent c034a145be
commit df292749c9
24 changed files with 5 additions and 655 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/kubeapiserver/options/authentication_test.go
View File

@@ -120,9 +120,6 @@ func TestToAuthenticationConfig(t *testing.T) {
IssuerURL: "testIssuerURL",
ClientID: "testClientID",
},
PasswordFile: &PasswordFileAuthenticationOptions{
BasicAuthFile: "/testBasicAuthFile",
},
RequestHeader: &apiserveroptions.RequestHeaderAuthenticationOptions{
UsernameHeaders: []string{"x-remote-user"},
GroupHeaders: []string{"x-remote-group"},
@@ -144,7 +141,6 @@ func TestToAuthenticationConfig(t *testing.T) {
expectConfig := kubeauthenticator.Config{
APIAudiences: authenticator.Audiences{"http://foo.bar.com"},
Anonymous: false,
BasicAuthFile: "/testBasicAuthFile",
BootstrapToken: false,
ClientCAContentProvider: nil, // this is nil because you can't compare functions
TokenAuthFile: "/testTokenFile",