Skip to content

Commit

Permalink
Merge pull request #747 from modulitos/release-0.6
Browse files Browse the repository at this point in the history 
Update 0.6 branch with new namespaced user info field
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Aug 20, 2024
2 parents 163e035 + 4bd0616 commit 2bacc53
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 50 deletions.
1 change: 1 addition & 0 deletions pkg/server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,6 +380,7 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
userExtra["sessionName"] = authenticationv1beta1.ExtraValue{identity.SessionName}
userExtra["accessKeyId"] = authenticationv1beta1.ExtraValue{identity.AccessKeyID}
userExtra["principalId"] = authenticationv1beta1.ExtraValue{identity.UserID}
userExtra["sigs.k8s.io/aws-iam-authenticator/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID}
}

json.NewEncoder(w).Encode(authenticationv1beta1.TokenReview{
Expand Down
110 changes: 60 additions & 50 deletions pkg/server/server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -500,11 +500,12 @@ func TestAuthenticateVerifierRoleMapping(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{"ABCDEF"},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {"ABCDEF"},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -543,11 +544,12 @@ func TestAuthenticateVerifierRoleMappingCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -590,11 +592,12 @@ func TestAuthenticateVerifierUserMapping(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -633,11 +636,12 @@ func TestAuthenticateVerifierUserMappingCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -676,11 +680,12 @@ func TestAuthenticateVerifierAccountMappingForUser(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -719,11 +724,12 @@ func TestAuthenticateVerifierAccountMappingForUserCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -762,11 +768,12 @@ func TestAuthenticateVerifierAccountMappingForRole(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -805,11 +812,12 @@ func TestAuthenticateVerifierAccountMappingForRoleCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -853,11 +861,12 @@ func TestAuthenticateVerifierNodeMapping(t *testing.T) {
"aws-iam-authenticator:0123456789012:TestNodeRole",
[]string{"system:nodes", "system:bootstrappers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"},
"arn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": {"i-0c6f21bf1f24f9708"},
"accessKeyId": {""},
"principalId": {"TestNodeRole"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"TestNodeRole"},
}))
validateMetrics(t, validateOpts{success: 1})

Expand Down Expand Up @@ -898,11 +907,12 @@ func TestAuthenticateVerifierNodeMappingCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:TestNodeRole",
[]string{"system:nodes", "system:bootstrappers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"},
"arn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": {"i-0c6f21bf1f24f9708"},
"accessKeyId": {""},
"principalId": {"TestNodeRole"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"TestNodeRole"},
}))
validateMetrics(t, validateOpts{success: 1})

Expand Down

0 comments on commit 2bacc53

Please sign in to comment.