authncache: remove namespace concept

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2021-02-09 18:16:22 -05:00
parent 741b8fe88d
commit 2eb01bd307
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
7 changed files with 57 additions and 81 deletions

View File

@ -30,7 +30,6 @@ type Cache struct {
type Key struct {
APIGroup string
Kind string
Namespace string
Name string
}
@ -74,7 +73,6 @@ func (c *Cache) Keys() []Key {
sort.Slice(result, func(i, j int) bool {
return result[i].APIGroup < result[j].APIGroup ||
result[i].Kind < result[j].Kind ||
result[i].Namespace < result[j].Namespace ||
result[i].Name < result[j].Name
})
return result
@ -83,7 +81,6 @@ func (c *Cache) Keys() []Key {
func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *loginapi.TokenCredentialRequest) (user.Info, error) {
// Map the incoming request to a cache key.
key := Key{
Namespace: req.Namespace,
Name: req.Spec.Authenticator.Name,
Kind: req.Spec.Authenticator.Kind,
}
@ -95,7 +92,7 @@ func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *log
if val == nil {
plog.Debug(
"authenticator does not exist",
"authenticator", klog.KRef(key.Namespace, key.Name),
"authenticator", klog.KRef("", key.Name),
"kind", key.Kind,
"apiGroup", key.APIGroup,
)

View File

@ -31,13 +31,13 @@ func TestCache(t *testing.T) {
cache := New()
require.NotNil(t, cache)
key1 := Key{Namespace: "foo", Name: "authenticator-one"}
key1 := Key{Name: "authenticator-one"}
mockToken1 := mocktokenauthenticator.NewMockToken(ctrl)
cache.Store(key1, mockToken1)
require.Equal(t, mockToken1, cache.Get(key1))
require.Equal(t, 1, len(cache.Keys()))
key2 := Key{Namespace: "foo", Name: "authenticator-two"}
key2 := Key{Name: "authenticator-two"}
mockToken2 := mocktokenauthenticator.NewMockToken(ctrl)
cache.Store(key2, mockToken2)
require.Equal(t, mockToken2, cache.Get(key2))
@ -50,11 +50,10 @@ func TestCache(t *testing.T) {
// Fill the cache back up with a fixed set of keys, but inserted in shuffled order.
keysInExpectedOrder := []Key{
{APIGroup: "a", Kind: "a", Namespace: "a", Name: "a"},
{APIGroup: "b", Kind: "a", Namespace: "a", Name: "a"},
{APIGroup: "b", Kind: "b", Namespace: "a", Name: "a"},
{APIGroup: "b", Kind: "b", Namespace: "b", Name: "a"},
{APIGroup: "b", Kind: "b", Namespace: "b", Name: "b"},
{APIGroup: "a", Kind: "a", Name: "a"},
{APIGroup: "b", Kind: "a", Name: "a"},
{APIGroup: "b", Kind: "b", Name: "a"},
{APIGroup: "b", Kind: "b", Name: "b"},
}
for tries := 0; tries < 10; tries++ {
cache := New()
@ -87,7 +86,6 @@ func TestAuthenticateTokenCredentialRequest(t *testing.T) {
validRequestKey := Key{
APIGroup: *validRequest.Spec.Authenticator.APIGroup,
Kind: validRequest.Spec.Authenticator.Kind,
Namespace: validRequest.Namespace,
Name: validRequest.Spec.Authenticator.Name,
}

View File

@ -72,7 +72,6 @@ func (c *controller) Sync(_ controllerlib.Context) error {
authenticatorSet := map[authncache.Key]bool{}
for _, webhook := range webhooks {
key := authncache.Key{
Namespace: webhook.Namespace,
Name: webhook.Name,
Kind: "WebhookAuthenticator",
APIGroup: auth1alpha1.SchemeGroupVersion.Group,
@ -81,7 +80,6 @@ func (c *controller) Sync(_ controllerlib.Context) error {
}
for _, jwtAuthenticator := range jwtAuthenticators {
key := authncache.Key{
Namespace: jwtAuthenticator.Namespace,
Name: jwtAuthenticator.Name,
Kind: "JWTAuthenticator",
APIGroup: auth1alpha1.SchemeGroupVersion.Group,
@ -97,7 +95,7 @@ func (c *controller) Sync(_ controllerlib.Context) error {
if _, exists := authenticatorSet[key]; !exists {
c.log.WithValues(
"authenticator",
klog.KRef(key.Namespace, key.Name),
klog.KRef("", key.Name),
"kind",
key.Kind,
).Info("deleting authenticator from cache")

View File

@ -28,31 +28,26 @@ func TestController(t *testing.T) {
testWebhookKey1 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev",
Kind: "WebhookAuthenticator",
Namespace: "test-namespace",
Name: "test-webhook-name-one",
}
testWebhookKey2 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev",
Kind: "WebhookAuthenticator",
Namespace: "test-namespace",
Name: "test-webhook-name-two",
}
testJWTAuthenticatorKey1 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev",
Kind: "JWTAuthenticator",
Namespace: "test-namespace",
Name: "test-jwt-authenticator-name-one",
}
testJWTAuthenticatorKey2 := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev",
Kind: "JWTAuthenticator",
Namespace: "test-namespace",
Name: "test-jwt-authenticator-name-two",
}
testKeyUnknownType := authncache.Key{
APIGroup: "authentication.concierge.pinniped.dev",
Kind: "SomeOtherAuthenticator",
Namespace: "test-namespace",
Name: "test-name-one",
}
@ -73,13 +68,11 @@ func TestController(t *testing.T) {
objects: []runtime.Object{
&authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey1.Namespace,
Name: testWebhookKey1.Name,
},
},
&authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey1.Namespace,
Name: testJWTAuthenticatorKey1.Name,
},
},
@ -91,25 +84,21 @@ func TestController(t *testing.T) {
objects: []runtime.Object{
&authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey1.Namespace,
Name: testWebhookKey1.Name,
},
},
&authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey2.Namespace,
Name: testWebhookKey2.Name,
},
},
&authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey1.Namespace,
Name: testJWTAuthenticatorKey1.Name,
},
},
&authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey2.Namespace,
Name: testJWTAuthenticatorKey2.Name,
},
},
@ -128,20 +117,18 @@ func TestController(t *testing.T) {
objects: []runtime.Object{
&authv1alpha.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testWebhookKey1.Namespace,
Name: testWebhookKey1.Name,
},
},
&authv1alpha.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{
Namespace: testJWTAuthenticatorKey1.Namespace,
Name: testJWTAuthenticatorKey1.Name,
},
},
},
wantLogs: []string{
`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two","namespace":"test-namespace"} "kind"="JWTAuthenticator"`,
`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two","namespace":"test-namespace"} "kind"="WebhookAuthenticator"`,
`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two"} "kind"="JWTAuthenticator"`,
`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two"} "kind"="WebhookAuthenticator"`,
},
wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1, testKeyUnknownType},
},
@ -173,7 +160,6 @@ func TestController(t *testing.T) {
syncCtx := controllerlib.Context{
Context: ctx,
Key: controllerlib.Key{
Namespace: "test-namespace",
Name: "test-webhook-name-one",
},
}

View File

@ -100,7 +100,6 @@ func (c *controller) Sync(ctx controllerlib.Context) error {
cacheKey := authncache.Key{
APIGroup: auth1alpha1.GroupName,
Kind: "JWTAuthenticator",
Namespace: ctx.Key.Namespace,
Name: ctx.Key.Name,
}

View File

@ -358,7 +358,6 @@ func TestController(t *testing.T) {
expectedCacheKey := authncache.Key{
APIGroup: auth1alpha1.GroupName,
Kind: "JWTAuthenticator",
Namespace: syncCtx.Key.Namespace,
Name: syncCtx.Key.Name,
}
cachedAuthenticator := cache.Get(expectedCacheKey)

View File

@ -71,7 +71,6 @@ func (c *controller) Sync(ctx controllerlib.Context) error {
c.cache.Store(authncache.Key{
APIGroup: auth1alpha1.GroupName,
Kind: "WebhookAuthenticator",
Namespace: ctx.Key.Namespace,
Name: ctx.Key.Name,
}, webhookAuthenticator)
c.log.WithValues("webhook", klog.KObj(obj), "endpoint", obj.Spec.Endpoint).Info("added new webhook authenticator")