mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 18:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

vendor updates

Browse Source
This commit is contained in:
Serguei Bezverkhi
2018-03-06 17:33:18 -05:00
parent 4b3ebc171b
commit e9033989a0
5854 changed files with 248382 additions and 119809 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
vendor/k8s.io/kubernetes/pkg/serviceaccount/jwt_test.go generated vendored
View File

@ -80,17 +80,6 @@ X024wzbiw1q07jFCyfQmODzURAx1VNT7QVUMdz/N8vy47/H40AZJ
-----END RSA PRIVATE KEY-----
`
// openssl ecparam -name prime256v1 -genkey -out ecdsa256params.pem
const ecdsaPrivateKeyWithParams = `-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJ9LWDj3ZWe9CksPV7mZjD2dYXG9icfzxadCRwd3vr1toAoGCCqGSM49
AwEHoUQDQgAEaLNEpzbaaNTCkKjBVj7sxpfJ1ifJQGNvcck4nrzcwFRuujwVDDJh
95iIGwKCQeSg+yhdN6Q/p2XaxNIZlYmUhg==
-----END EC PRIVATE KEY-----
`
// openssl ecparam -name prime256v1 -genkey -noout -out ecdsa256.pem
const ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEZmTmUhuanLjPA2CLquXivuwBDHTt5XYwgIr/kA1LtRoAoGCCqGSM49
@ -139,8 +128,8 @@ func TestTokenGenerateAndValidate(t *testing.T) {
}
// Generate the RSA token
rsaGenerator := serviceaccount.JWTTokenGenerator(getPrivateKey(rsaPrivateKey))
rsaToken, err := rsaGenerator.GenerateToken(*serviceAccount, *rsaSecret)
rsaGenerator := serviceaccount.JWTTokenGenerator(serviceaccount.LegacyIssuer, getPrivateKey(rsaPrivateKey))
rsaToken, err := rsaGenerator.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *rsaSecret))
if err != nil {
t.Fatalf("error generating token: %v", err)
}
@ -152,8 +141,8 @@ func TestTokenGenerateAndValidate(t *testing.T) {
}
// Generate the ECDSA token
ecdsaGenerator := serviceaccount.JWTTokenGenerator(getPrivateKey(ecdsaPrivateKey))
ecdsaToken, err := ecdsaGenerator.GenerateToken(*serviceAccount, *ecdsaSecret)
ecdsaGenerator := serviceaccount.JWTTokenGenerator(serviceaccount.LegacyIssuer, getPrivateKey(ecdsaPrivateKey))
ecdsaToken, err := ecdsaGenerator.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *ecdsaSecret))
if err != nil {
t.Fatalf("error generating token: %v", err)
}
@ -164,6 +153,13 @@ func TestTokenGenerateAndValidate(t *testing.T) {
"token": []byte(ecdsaToken),
}
// Generate signer with same keys as RSA signer but different issuer
badIssuerGenerator := serviceaccount.JWTTokenGenerator("foo", getPrivateKey(rsaPrivateKey))
badIssuerToken, err := badIssuerGenerator.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *rsaSecret))
if err != nil {
t.Fatalf("error generating token: %v", err)
}
testCases := map[string]struct {
Client clientset.Interface
Keys []interface{}
@ -206,6 +202,13 @@ func TestTokenGenerateAndValidate(t *testing.T) {
ExpectedUserUID: expectedUserUID,
ExpectedGroups: []string{"system:serviceaccounts", "system:serviceaccounts:test"},
},
"valid key, invalid issuer (rsa)": {
Token: badIssuerToken,
Client: nil,
Keys: []interface{}{getPublicKey(rsaPublicKey)},
ExpectedErr: false,
ExpectedOK: false,
},
"valid key (ecdsa)": {
Token: ecdsaToken,
Client: nil,
@ -264,7 +267,7 @@ func TestTokenGenerateAndValidate(t *testing.T) {
for k, tc := range testCases {
getter := serviceaccountcontroller.NewGetterFromClient(tc.Client)
authenticator := serviceaccount.JWTTokenAuthenticator(tc.Keys, tc.Client != nil, getter)
authenticator := serviceaccount.JWTTokenAuthenticator(serviceaccount.LegacyIssuer, tc.Keys, serviceaccount.NewLegacyValidator(tc.Client != nil, getter))
// An invalid, non-JWT token should always fail
if _, ok, err := authenticator.AuthenticateToken("invalid token"); err != nil || ok {