authncache: remove namespace concept

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2021-02-09 18:16:22 -05:00
parent 741b8fe88d
commit 2eb01bd307
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
7 changed files with 57 additions and 81 deletions

View File

@ -30,7 +30,6 @@ type Cache struct {
type Key struct { type Key struct {
APIGroup string APIGroup string
Kind string Kind string
Namespace string
Name string Name string
} }
@ -74,7 +73,6 @@ func (c *Cache) Keys() []Key {
sort.Slice(result, func(i, j int) bool { sort.Slice(result, func(i, j int) bool {
return result[i].APIGroup < result[j].APIGroup || return result[i].APIGroup < result[j].APIGroup ||
result[i].Kind < result[j].Kind || result[i].Kind < result[j].Kind ||
result[i].Namespace < result[j].Namespace ||
result[i].Name < result[j].Name result[i].Name < result[j].Name
}) })
return result return result
@ -83,7 +81,6 @@ func (c *Cache) Keys() []Key {
func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *loginapi.TokenCredentialRequest) (user.Info, error) { func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *loginapi.TokenCredentialRequest) (user.Info, error) {
// Map the incoming request to a cache key. // Map the incoming request to a cache key.
key := Key{ key := Key{
Namespace: req.Namespace,
Name: req.Spec.Authenticator.Name, Name: req.Spec.Authenticator.Name,
Kind: req.Spec.Authenticator.Kind, Kind: req.Spec.Authenticator.Kind,
} }
@ -95,7 +92,7 @@ func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *log
if val == nil { if val == nil {
plog.Debug( plog.Debug(
"authenticator does not exist", "authenticator does not exist",
"authenticator", klog.KRef(key.Namespace, key.Name), "authenticator", klog.KRef("", key.Name),
"kind", key.Kind, "kind", key.Kind,
"apiGroup", key.APIGroup, "apiGroup", key.APIGroup,
) )

View File

@ -31,13 +31,13 @@ func TestCache(t *testing.T) {
cache := New() cache := New()
require.NotNil(t, cache) require.NotNil(t, cache)
key1 := Key{Namespace: "foo", Name: "authenticator-one"} key1 := Key{Name: "authenticator-one"}
mockToken1 := mocktokenauthenticator.NewMockToken(ctrl) mockToken1 := mocktokenauthenticator.NewMockToken(ctrl)
cache.Store(key1, mockToken1) cache.Store(key1, mockToken1)
require.Equal(t, mockToken1, cache.Get(key1)) require.Equal(t, mockToken1, cache.Get(key1))
require.Equal(t, 1, len(cache.Keys())) require.Equal(t, 1, len(cache.Keys()))
key2 := Key{Namespace: "foo", Name: "authenticator-two"} key2 := Key{Name: "authenticator-two"}
mockToken2 := mocktokenauthenticator.NewMockToken(ctrl) mockToken2 := mocktokenauthenticator.NewMockToken(ctrl)
cache.Store(key2, mockToken2) cache.Store(key2, mockToken2)
require.Equal(t, mockToken2, cache.Get(key2)) require.Equal(t, mockToken2, cache.Get(key2))
@ -50,11 +50,10 @@ func TestCache(t *testing.T) {
// Fill the cache back up with a fixed set of keys, but inserted in shuffled order. // Fill the cache back up with a fixed set of keys, but inserted in shuffled order.
keysInExpectedOrder := []Key{ keysInExpectedOrder := []Key{
{APIGroup: "a", Kind: "a", Namespace: "a", Name: "a"}, {APIGroup: "a", Kind: "a", Name: "a"},
{APIGroup: "b", Kind: "a", Namespace: "a", Name: "a"}, {APIGroup: "b", Kind: "a", Name: "a"},
{APIGroup: "b", Kind: "b", Namespace: "a", Name: "a"}, {APIGroup: "b", Kind: "b", Name: "a"},
{APIGroup: "b", Kind: "b", Namespace: "b", Name: "a"}, {APIGroup: "b", Kind: "b", Name: "b"},
{APIGroup: "b", Kind: "b", Namespace: "b", Name: "b"},
} }
for tries := 0; tries < 10; tries++ { for tries := 0; tries < 10; tries++ {
cache := New() cache := New()
@ -87,7 +86,6 @@ func TestAuthenticateTokenCredentialRequest(t *testing.T) {
validRequestKey := Key{ validRequestKey := Key{
APIGroup: *validRequest.Spec.Authenticator.APIGroup, APIGroup: *validRequest.Spec.Authenticator.APIGroup,
Kind: validRequest.Spec.Authenticator.Kind, Kind: validRequest.Spec.Authenticator.Kind,
Namespace: validRequest.Namespace,
Name: validRequest.Spec.Authenticator.Name, Name: validRequest.Spec.Authenticator.Name,
} }

View File

@ -72,7 +72,6 @@ func (c *controller) Sync(_ controllerlib.Context) error {
authenticatorSet := map[authncache.Key]bool{} authenticatorSet := map[authncache.Key]bool{}
for _, webhook := range webhooks { for _, webhook := range webhooks {
key := authncache.Key{ key := authncache.Key{
Namespace: webhook.Namespace,
Name: webhook.Name, Name: webhook.Name,
Kind: "WebhookAuthenticator", Kind: "WebhookAuthenticator",
APIGroup: auth1alpha1.SchemeGroupVersion.Group, APIGroup: auth1alpha1.SchemeGroupVersion.Group,
@ -81,7 +80,6 @@ func (c *controller) Sync(_ controllerlib.Context) error {
} }
for _, jwtAuthenticator := range jwtAuthenticators { for _, jwtAuthenticator := range jwtAuthenticators {
key := authncache.Key{ key := authncache.Key{
Namespace: jwtAuthenticator.Namespace,
Name: jwtAuthenticator.Name, Name: jwtAuthenticator.Name,
Kind: "JWTAuthenticator", Kind: "JWTAuthenticator",
APIGroup: auth1alpha1.SchemeGroupVersion.Group, APIGroup: auth1alpha1.SchemeGroupVersion.Group,
@ -97,7 +95,7 @@ func (c *controller) Sync(_ controllerlib.Context) error {
if _, exists := authenticatorSet[key]; !exists { if _, exists := authenticatorSet[key]; !exists {
c.log.WithValues( c.log.WithValues(
"authenticator", "authenticator",
klog.KRef(key.Namespace, key.Name), klog.KRef("", key.Name),
"kind", "kind",
key.Kind, key.Kind,
).Info("deleting authenticator from cache") ).Info("deleting authenticator from cache")

View File

@ -28,31 +28,26 @@ func TestController(t *testing.T) {
testWebhookKey1 := authncache.Key{ testWebhookKey1 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev", APIGroup: "authentication.concierge.pinniped.dev",
Kind: "WebhookAuthenticator", Kind: "WebhookAuthenticator",
Namespace: "test-namespace",
Name: "test-webhook-name-one", Name: "test-webhook-name-one",
} }
testWebhookKey2 := authncache.Key{ testWebhookKey2 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev", APIGroup: "authentication.concierge.pinniped.dev",
Kind: "WebhookAuthenticator", Kind: "WebhookAuthenticator",
Namespace: "test-namespace",
Name: "test-webhook-name-two", Name: "test-webhook-name-two",
} }
testJWTAuthenticatorKey1 := authncache.Key{ testJWTAuthenticatorKey1 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev", APIGroup: "authentication.concierge.pinniped.dev",
Kind: "JWTAuthenticator", Kind: "JWTAuthenticator",
Namespace: "test-namespace",
Name: "test-jwt-authenticator-name-one", Name: "test-jwt-authenticator-name-one",
} }
testJWTAuthenticatorKey2 := authncache.Key{ testJWTAuthenticatorKey2 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev", APIGroup: "authentication.concierge.pinniped.dev",
Kind: "JWTAuthenticator", Kind: "JWTAuthenticator",
Namespace: "test-namespace",
Name: "test-jwt-authenticator-name-two", Name: "test-jwt-authenticator-name-two",
} }
testKeyUnknownType := authncache.Key{ testKeyUnknownType := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev", APIGroup: "authentication.concierge.pinniped.dev",
Kind: "SomeOtherAuthenticator", Kind: "SomeOtherAuthenticator",
Namespace: "test-namespace",
Name: "test-name-one", Name: "test-name-one",
} }
@ -73,13 +68,11 @@ func TestController(t *testing.T) {
objects: []runtime.Object{ objects: []runtime.Object{
&authv1alpha.WebhookAuthenticator{ &authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey1.Namespace,
Name: testWebhookKey1.Name, Name: testWebhookKey1.Name,
}, },
}, },
&authv1alpha.JWTAuthenticator{ &authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey1.Namespace,
Name: testJWTAuthenticatorKey1.Name, Name: testJWTAuthenticatorKey1.Name,
}, },
}, },
@ -91,25 +84,21 @@ func TestController(t *testing.T) {
objects: []runtime.Object{ objects: []runtime.Object{
&authv1alpha.WebhookAuthenticator{ &authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey1.Namespace,
Name: testWebhookKey1.Name, Name: testWebhookKey1.Name,
}, },
}, },
&authv1alpha.WebhookAuthenticator{ &authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey2.Namespace,
Name: testWebhookKey2.Name, Name: testWebhookKey2.Name,
}, },
}, },
&authv1alpha.JWTAuthenticator{ &authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey1.Namespace,
Name: testJWTAuthenticatorKey1.Name, Name: testJWTAuthenticatorKey1.Name,
}, },
}, },
&authv1alpha.JWTAuthenticator{ &authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey2.Namespace,
Name: testJWTAuthenticatorKey2.Name, Name: testJWTAuthenticatorKey2.Name,
}, },
}, },
@ -128,20 +117,18 @@ func TestController(t *testing.T) {
objects: []runtime.Object{ objects: []runtime.Object{
&authv1alpha.WebhookAuthenticator{ &authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey1.Namespace,
Name: testWebhookKey1.Name, Name: testWebhookKey1.Name,
}, },
}, },
&authv1alpha.JWTAuthenticator{ &authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey1.Namespace,
Name: testJWTAuthenticatorKey1.Name, Name: testJWTAuthenticatorKey1.Name,
}, },
}, },
}, },
wantLogs: []string{ wantLogs: []string{
`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two","namespace":"test-namespace"} "kind"="JWTAuthenticator"`, `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two"} "kind"="JWTAuthenticator"`,
`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two","namespace":"test-namespace"} "kind"="WebhookAuthenticator"`, `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two"} "kind"="WebhookAuthenticator"`,
}, },
wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1, testKeyUnknownType}, wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1, testKeyUnknownType},
}, },
@ -173,7 +160,6 @@ func TestController(t *testing.T) {
syncCtx := controllerlib.Context{ syncCtx := controllerlib.Context{
Context: ctx, Context: ctx,
Key: controllerlib.Key{ Key: controllerlib.Key{
Namespace: "test-namespace",
Name: "test-webhook-name-one", Name: "test-webhook-name-one",
}, },
} }

View File

@ -100,7 +100,6 @@ func (c *controller) Sync(ctx controllerlib.Context) error {
cacheKey := authncache.Key{ cacheKey := authncache.Key{
APIGroup: auth1alpha1.GroupName, APIGroup: auth1alpha1.GroupName,
Kind: "JWTAuthenticator", Kind: "JWTAuthenticator",
Namespace: ctx.Key.Namespace,
Name: ctx.Key.Name, Name: ctx.Key.Name,
} }

View File

@ -358,7 +358,6 @@ func TestController(t *testing.T) {
expectedCacheKey := authncache.Key{ expectedCacheKey := authncache.Key{
APIGroup: auth1alpha1.GroupName, APIGroup: auth1alpha1.GroupName,
Kind: "JWTAuthenticator", Kind: "JWTAuthenticator",
Namespace: syncCtx.Key.Namespace,
Name: syncCtx.Key.Name, Name: syncCtx.Key.Name,
} }
cachedAuthenticator := cache.Get(expectedCacheKey) cachedAuthenticator := cache.Get(expectedCacheKey)

View File

@ -71,7 +71,6 @@ func (c *controller) Sync(ctx controllerlib.Context) error {
c.cache.Store(authncache.Key{ c.cache.Store(authncache.Key{
APIGroup: auth1alpha1.GroupName, APIGroup: auth1alpha1.GroupName,
Kind: "WebhookAuthenticator", Kind: "WebhookAuthenticator",
Namespace: ctx.Key.Namespace,
Name: ctx.Key.Name, Name: ctx.Key.Name,
}, webhookAuthenticator) }, webhookAuthenticator)
c.log.WithValues("webhook", klog.KObj(obj), "endpoint", obj.Spec.Endpoint).Info("added new webhook authenticator") c.log.WithValues("webhook", klog.KObj(obj), "endpoint", obj.Spec.Endpoint).Info("added new webhook authenticator")