From de1112bc22322da62156ebff1a605f62f3777939 Mon Sep 17 00:00:00 2001 From: Fabian Kramm Date: Mon, 9 Dec 2024 10:16:09 +0100 Subject: [PATCH] refactor: use delegate for platform authentication --- .../platformauthenticator.go | 36 +++++++++++++++++++ pkg/server/server.go | 6 ++-- 2 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 pkg/authentication/platformauthenticator/platformauthenticator.go diff --git a/pkg/authentication/platformauthenticator/platformauthenticator.go b/pkg/authentication/platformauthenticator/platformauthenticator.go new file mode 100644 index 000000000..b012bc4d3 --- /dev/null +++ b/pkg/authentication/platformauthenticator/platformauthenticator.go @@ -0,0 +1,36 @@ +package platformauthenticator + +import ( + "net/http" + "sync" + + "k8s.io/apiserver/pkg/authentication/authenticator" +) + +var Default = &PlatformAuthenticator{} + +var _ authenticator.Request = &PlatformAuthenticator{} + +type PlatformAuthenticator struct { + m sync.RWMutex + + delegate authenticator.Request +} + +func (p *PlatformAuthenticator) SetDelegate(delegate authenticator.Request) { + p.m.Lock() + defer p.m.Unlock() + + p.delegate = delegate +} + +func (p *PlatformAuthenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { + p.m.RLock() + defer p.m.RUnlock() + + if p.delegate == nil { + return nil, false, nil + } + + return p.delegate.AuthenticateRequest(req) +} diff --git a/pkg/server/server.go b/pkg/server/server.go index 6e8e41d9f..5fe67d7e3 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -10,6 +10,7 @@ import ( "time" "github.com/loft-sh/vcluster/pkg/authentication/delegatingauthenticator" + "github.com/loft-sh/vcluster/pkg/authentication/platformauthenticator" "github.com/loft-sh/vcluster/pkg/authorization/allowall" "github.com/loft-sh/vcluster/pkg/authorization/delegatingauthorizer" "github.com/loft-sh/vcluster/pkg/authorization/impersonationauthorizer" @@ -52,9 +53,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -// ExtraAuthenticators are extra authenticators that should be added to the server -var ExtraAuthenticators []authenticator.Request - // Server is a http.Handler which proxies Kubernetes APIs to remote API server. type Server struct { uncachedVirtualClient client.Client @@ -232,7 +230,7 @@ func (s *Server) ServeOnListenerTLS(address string, port int, stopChan <-chan st // 3. last is the certificate authenticator authenticators := []authenticator.Request{} authenticators = append(authenticators, delegatingauthenticator.New(s.uncachedVirtualClient)) - authenticators = append(authenticators, ExtraAuthenticators...) + authenticators = append(authenticators, platformauthenticator.Default) authenticators = append(authenticators, serverConfig.Authentication.Authenticator) serverConfig.Authentication.Authenticator = unionauthentication.NewFailOnError(authenticators...)