本文整理汇总了Golang中k8s/io/kubernetes/pkg/client.Config类的典型用法代码示例。如果您正苦于以下问题:Golang Config类的具体用法?Golang Config怎么用?Golang Config使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Config类的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: SetOpenShiftDefaults
// SetOpenShiftDefaults sets the default settings on the passed
// client configuration
func SetOpenShiftDefaults(config *kclient.Config) error {
if len(config.UserAgent) == 0 {
config.UserAgent = DefaultOpenShiftUserAgent()
}
if config.Version == "" {
// Clients default to the preferred code API version
// TODO: implement version negotiation (highest version supported by server)
config.Version = latest.Version
}
if config.Prefix == "" {
switch config.Version {
case "v1beta3":
config.Prefix = "/osapi"
default:
config.Prefix = "/oapi"
}
}
version := config.Version
versionInterfaces, err := latest.InterfacesFor(version)
if err != nil {
return fmt.Errorf("API version '%s' is not recognized (valid values: %s)", version, strings.Join(latest.Versions, ", "))
}
if config.Codec == nil {
config.Codec = versionInterfaces.Codec
}
return nil
}示例2: makeServerIdentificationConfig
// makeUserIdentificationFieldsConfig returns a client.Config capable of being merged using mergo for only server identification information
func makeServerIdentificationConfig(info clientauth.Info) client.Config {
config := client.Config{}
config.CAFile = info.CAFile
if info.Insecure != nil {
config.Insecure = *info.Insecure
}
return config
}示例3: validateToken
func validateToken(token string, clientConfig *kclient.Config) {
if len(token) == 0 {
fmt.Println("You must provide a token to validate")
return
}
fmt.Printf("Using token: %v\n", token)
clientConfig.BearerToken = token
osClient, err := osclient.New(clientConfig)
if err != nil {
fmt.Printf("Error building osClient: %v\n", err)
return
}
jsonResponse, _, err := getTokenInfo(token, osClient)
if err != nil {
fmt.Printf("%v\n", err)
fmt.Println("Try visiting " + getRequestTokenURL(clientConfig) + " for a new token.")
return
}
fmt.Printf("%v\n", string(jsonResponse))
whoami, err := osClient.Users().Get("~")
if err != nil {
fmt.Printf("Error making whoami request: %v\n", err)
return
}
whoamiJSON, err := json.Marshal(whoami)
if err != nil {
fmt.Printf("Error interpretting whoami response: %v\n", err)
return
}
fmt.Printf("%v\n", string(whoamiJSON))
}示例4: TestOAuthDisabled
func TestOAuthDisabled(t *testing.T) {
// Build master config
masterOptions, err := testserver.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Disable OAuth
masterOptions.OAuthConfig = nil
// Start server
clusterAdminKubeConfig, err := testserver.StartConfiguredMaster(masterOptions)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
client, err := testutil.GetClusterAdminKubeClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Make sure cert auth still works
namespaces, err := client.Namespaces().List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
if len(namespaces.Items) == 0 {
t.Errorf("Expected namespaces, got none")
}
// Use the server and CA info
anonConfig := kclient.Config{}
anonConfig.Host = clientConfig.Host
anonConfig.CAFile = clientConfig.CAFile
anonConfig.CAData = clientConfig.CAData
// Make sure we can't authenticate using OAuth
if _, err := tokencmd.RequestToken(&anonConfig, nil, "username", "password"); err == nil {
t.Error("Expected error, got none")
}
}示例5: Clients
// Clients returns an OpenShift and Kubernetes client with the credentials of the named service account
// TODO: change return types to client.Interface/kclient.Interface to allow auto-reloading credentials
func Clients(config kclient.Config, tokenRetriever TokenRetriever, namespace, name string) (*client.Client, *kclient.Client, error) {
// Clear existing auth info
config.Username = ""
config.Password = ""
config.CertFile = ""
config.CertData = []byte{}
config.KeyFile = ""
config.KeyData = []byte{}
// For now, just initialize the token once
// TODO: refetch the token if the client encounters 401 errors
token, err := tokenRetriever.GetToken(namespace, name)
if err != nil {
return nil, nil, err
}
config.BearerToken = token
c, err := client.New(&config)
if err != nil {
return nil, nil, err
}
kc, err := kclient.New(&config)
if err != nil {
return nil, nil, err
}
return c, kc, nil
}示例6: addChaosToClientConfig
// addChaosToClientConfig injects random errors into client connections if configured.
func (s *KubeletServer) addChaosToClientConfig(config *client.Config) {
if s.ChaosChance != 0.0 {
config.WrapTransport = func(rt http.RoundTripper) http.RoundTripper {
seed := chaosclient.NewSeed(1)
// TODO: introduce a standard chaos package with more tunables - this is just a proof of concept
// TODO: introduce random latency and stalls
return chaosclient.NewChaosRoundTripper(rt, chaosclient.LogChaos, seed.P(s.ChaosChance, chaosclient.ErrSimulatedConnectionResetByPeer))
}
}
}示例7: MergeWithConfig
// MergeWithConfig returns a copy of a client.Config with values from the Info.
// The fields of client.Config with a corresponding field in the Info are set
// with the value from the Info.
func (info Info) MergeWithConfig(c client.Config) (client.Config, error) {
var config client.Config = c
config.Username = info.User
config.Password = info.Password
config.CAFile = info.CAFile
config.CertFile = info.CertFile
config.KeyFile = info.KeyFile
config.BearerToken = info.BearerToken
if info.Insecure != nil {
config.Insecure = *info.Insecure
}
return config, nil
}示例8: TestOAuthRequestHeader
func TestOAuthRequestHeader(t *testing.T) {
// Write cert we're going to use to verify OAuth requestheader requests
caFile, err := ioutil.TempFile("", "test.crt")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
defer os.Remove(caFile.Name())
if err := ioutil.WriteFile(caFile.Name(), rootCACert, os.FileMode(0600)); err != nil {
t.Fatalf("unexpected error: %v", err)
}
masterOptions, err := testutil.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
masterOptions.OAuthConfig.IdentityProviders[0] = configapi.IdentityProvider{
Name: "requestheader",
UseAsChallenger: false,
UseAsLogin: false,
Provider: runtime.EmbeddedObject{
&configapi.RequestHeaderIdentityProvider{
ClientCA: caFile.Name(),
Headers: []string{"My-Remote-User", "SSO-User"},
},
},
}
// Start server
clusterAdminKubeConfig, err := testutil.StartConfiguredMaster(masterOptions)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Use the server and CA info, but no client cert info
anonConfig := kclient.Config{}
anonConfig.Host = clientConfig.Host
anonConfig.CAFile = clientConfig.CAFile
anonConfig.CAData = clientConfig.CAData
// Build the authorize request with the My-Remote-User header
authorizeURL := clientConfig.Host + "/oauth/authorize?client_id=openshift-challenging-client&response_type=token"
req, err := http.NewRequest("GET", authorizeURL, nil)
req.Header.Set("My-Remote-User", "myuser")
// Make the request without cert auth
transport, err := kclient.TransportFor(&anonConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
resp, err := transport.RoundTrip(req)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
redirect, err := resp.Location()
if err != nil {
t.Fatalf("expected 302 redirect, got error: %v", err)
}
if redirect.Query().Get("error") == "" {
t.Fatalf("expected unsuccessful token request, got redirected to %v", redirect.String())
}
// Use the server and CA info, with cert info
authProxyConfig := anonConfig
authProxyConfig.CertData = clientCert
authProxyConfig.KeyData = clientKey
// Make the request with cert info
transport, err = kclient.TransportFor(&authProxyConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
resp, err = transport.RoundTrip(req)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
redirect, err = resp.Location()
if err != nil {
t.Fatalf("expected 302 redirect, got error: %v", err)
}
if redirect.Query().Get("error") != "" {
t.Fatalf("expected successful token request, got error %v", redirect.String())
}
// Extract the access_token
// group #0 is everything. #1 #2 #3
accessTokenRedirectRegex := regexp.MustCompile(`(^|&)access_token=([^&]+)($|&)`)
accessToken := ""
if matches := accessTokenRedirectRegex.FindStringSubmatch(redirect.Fragment); matches != nil {
accessToken = matches[2]
}
if accessToken == "" {
t.Fatalf("Expected access token, got %s", redirect.String())
}
//.........这里部分代码省略.........
示例9: TestOAuthLDAP
func TestOAuthLDAP(t *testing.T) {
var (
randomSuffix = string(kutil.NewUUID())
providerName = "myldapprovider"
bindDN = "uid=admin,ou=company,ou=" + randomSuffix
bindPassword = "admin-password-" + randomSuffix
searchDN = "ou=company,ou=" + randomSuffix
searchAttr = "myuid" + randomSuffix
searchScope = "one" // must be "one","sub", or "base"
searchFilter = "(myAttr=myValue)" // must be a valid LDAP filter format
nameAttr1 = "missing-name-attr"
nameAttr2 = "a-display-name" + randomSuffix
idAttr1 = "missing-id-attr"
idAttr2 = "dn" // "dn" is a special value, so don't add a random suffix to make sure we handle it correctly
emailAttr1 = "missing-attr"
emailAttr2 = "c-mail" + randomSuffix
loginAttr1 = "missing-attr"
loginAttr2 = "d-mylogin" + randomSuffix
myUserUID = "myuser"
myUserName = "My User, Jr."
myUserEmail = "[email protected]"
myUserDN = searchAttr + "=" + myUserUID + "," + searchDN
myUserPassword = "myuser-password-" + randomSuffix
)
expectedAttributes := [][]byte{}
for _, attr := range kutil.NewStringSet(searchAttr, nameAttr1, nameAttr2, idAttr1, idAttr2, emailAttr1, emailAttr2, loginAttr1, loginAttr2).List() {
expectedAttributes = append(expectedAttributes, []byte(attr))
}
expectedSearchRequest := ldapserver.SearchRequest{
BaseObject: []byte(searchDN),
Scope: ldapserver.SearchRequestSingleLevel,
DerefAliases: 0,
SizeLimit: 2,
TimeLimit: 0,
TypesOnly: false,
Attributes: expectedAttributes,
Filter: fmt.Sprintf("(&%s(%s=%s))", searchFilter, searchAttr, myUserUID),
}
// Start LDAP server
ldapAddress, err := testserver.FindAvailableBindAddress(8389, 8400)
if err != nil {
t.Fatalf("could not allocate LDAP bind address: %v", err)
}
ldapServer := testutil.NewTestLDAPServer()
ldapServer.SetPassword(bindDN, bindPassword)
ldapServer.Start(ldapAddress)
defer ldapServer.Stop()
masterOptions, err := testserver.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
masterOptions.OAuthConfig.IdentityProviders[0] = configapi.IdentityProvider{
Name: providerName,
UseAsChallenger: true,
UseAsLogin: true,
Provider: runtime.EmbeddedObject{
Object: &configapi.LDAPPasswordIdentityProvider{
URL: fmt.Sprintf("ldap://%s/%s?%s?%s?%s", ldapAddress, searchDN, searchAttr, searchScope, searchFilter),
BindDN: bindDN,
BindPassword: bindPassword,
Insecure: true,
CA: "",
Attributes: configapi.LDAPAttributeMapping{
ID: []string{idAttr1, idAttr2},
PreferredUsername: []string{loginAttr1, loginAttr2},
Name: []string{nameAttr1, nameAttr2},
Email: []string{emailAttr1, emailAttr2},
},
},
},
}
clusterAdminKubeConfig, err := testserver.StartConfiguredMaster(masterOptions)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
// Use the server and CA info
anonConfig := kclient.Config{}
anonConfig.Host = clusterAdminClientConfig.Host
anonConfig.CAFile = clusterAdminClientConfig.CAFile
anonConfig.CAData = clusterAdminClientConfig.CAData
//.........这里部分代码省略.........
示例10: TestHTPasswd
func TestHTPasswd(t *testing.T) {
htpasswdFile, err := ioutil.TempFile("", "test.htpasswd")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
defer os.Remove(htpasswdFile.Name())
masterOptions, err := testserver.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
masterOptions.OAuthConfig.IdentityProviders[0] = configapi.IdentityProvider{
Name: "htpasswd",
UseAsChallenger: true,
UseAsLogin: true,
Provider: runtime.EmbeddedObject{
Object: &configapi.HTPasswdPasswordIdentityProvider{
File: htpasswdFile.Name(),
},
},
}
clusterAdminKubeConfig, err := testserver.StartConfiguredMaster(masterOptions)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
// Use the server and CA info
anonConfig := kclient.Config{}
anonConfig.Host = clientConfig.Host
anonConfig.CAFile = clientConfig.CAFile
anonConfig.CAData = clientConfig.CAData
// Make sure we can't authenticate
if _, err := tokencmd.RequestToken(&anonConfig, nil, "username", "password"); err == nil {
t.Error("Expected error, got none")
}
// Update the htpasswd file with output of `htpasswd -n -b username password`
userpass := "username:$apr1$4Ci5I8yc$85R9vc4fOgzAULsldiUuv."
ioutil.WriteFile(htpasswdFile.Name(), []byte(userpass), os.FileMode(0600))
// Make sure we can get a token
accessToken, err := tokencmd.RequestToken(&anonConfig, nil, "username", "password")
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if len(accessToken) == 0 {
t.Errorf("Expected access token, got none")
}
// Make sure we can use the token, and it represents who we expect
userConfig := anonConfig
userConfig.BearerToken = accessToken
userClient, err := client.New(&userConfig)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
user, err := userClient.Users().Get("~")
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if user.Name != "username" {
t.Fatalf("Expected username as the user, got %v", user)
}
}示例11: CreateKubeSources
func CreateKubeSources(uri *url.URL, c cache.Cache) ([]api.Source, error) {
var (
kubeConfig *kube_client.Config
err error
)
opts := uri.Query()
configOverrides, err := getConfigOverrides(uri)
if err != nil {
return nil, err
}
inClusterConfig := defaultInClusterConfig
if len(opts["inClusterConfig"]) > 0 {
inClusterConfig, err = strconv.ParseBool(opts["inClusterConfig"][0])
if err != nil {
return nil, err
}
}
if inClusterConfig {
kubeConfig, err = kube_client.InClusterConfig()
if err != nil {
return nil, err
}
if configOverrides.ClusterInfo.Server != "" {
kubeConfig.Host = configOverrides.ClusterInfo.Server
}
kubeConfig.Version = configOverrides.ClusterInfo.APIVersion
} else {
authFile := ""
if len(opts["auth"]) > 0 {
authFile = opts["auth"][0]
}
if authFile != "" {
if kubeConfig, err = kubeClientCmd.NewNonInteractiveDeferredLoadingClientConfig(
&kubeClientCmd.ClientConfigLoadingRules{ExplicitPath: authFile},
configOverrides).ClientConfig(); err != nil {
return nil, err
}
} else {
kubeConfig = &kube_client.Config{
Host: configOverrides.ClusterInfo.Server,
Version: configOverrides.ClusterInfo.APIVersion,
Insecure: configOverrides.ClusterInfo.InsecureSkipTLSVerify,
}
}
}
if len(kubeConfig.Host) == 0 {
return nil, fmt.Errorf("invalid kubernetes master url specified")
}
if len(kubeConfig.Version) == 0 {
return nil, fmt.Errorf("invalid kubernetes API version specified")
}
useServiceAccount := defaultUseServiceAccount
if len(opts["useServiceAccount"]) >= 1 {
useServiceAccount, err = strconv.ParseBool(opts["useServiceAccount"][0])
if err != nil {
return nil, err
}
}
if useServiceAccount {
// If a readable service account token exists, then use it
if contents, err := ioutil.ReadFile(defaultServiceAccountFile); err == nil {
kubeConfig.BearerToken = string(contents)
}
}
kubeClient := kube_client.NewOrDie(kubeConfig)
nodesApi, err := nodes.NewKubeNodes(kubeClient)
if err != nil {
return nil, err
}
kubeletPort := defaultKubeletPort
if len(opts["kubeletPort"]) >= 1 {
kubeletPort, err = strconv.Atoi(opts["kubeletPort"][0])
if err != nil {
return nil, err
}
}
kubeletHttps := defaultKubeletHttps
if len(opts["kubeletHttps"]) >= 1 {
kubeletHttps, err = strconv.ParseBool(opts["kubeletHttps"][0])
if err != nil {
return nil, err
}
}
glog.Infof("Using Kubernetes client with master %q and version %q\n", kubeConfig.Host, kubeConfig.Version)
glog.Infof("Using kubelet port %d", kubeletPort)
kubeletConfig := &kube_client.KubeletConfig{
Port: uint(kubeletPort),
EnableHttps: kubeletHttps,
TLSClientConfig: kubeConfig.TLSClientConfig,
//.........这里部分代码省略.........
示例12: TestOAuthRequestHeader
// TestOAuthRequestHeader checks the following scenarios:
// * request containing remote user header is ignored if it doesn't have client cert auth
// * request containing remote user header is honored if it has client cert auth
// * unauthenticated requests are redirected to an auth proxy
// * login command succeeds against a request-header identity provider via redirection to an auth proxy
func TestOAuthRequestHeader(t *testing.T) {
// Test data used by auth proxy
users := map[string]string{
"myusername": "mypassword",
}
// Write cert we're going to use to verify OAuth requestheader requests
caFile, err := ioutil.TempFile("", "test.crt")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
defer os.Remove(caFile.Name())
if err := ioutil.WriteFile(caFile.Name(), rootCACert, os.FileMode(0600)); err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Get master config
masterOptions, err := testserver.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
masterURL, _ := url.Parse(masterOptions.OAuthConfig.MasterPublicURL)
// Set up an auth proxy
var proxyTransport http.RoundTripper
proxyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Decide whether to challenge
username, password, hasBasicAuth := r.BasicAuth()
if correctPassword, hasUser := users[username]; !hasBasicAuth || !hasUser || password != correctPassword {
w.Header().Set("WWW-Authenticate", "Basic realm=Protected Area")
w.WriteHeader(401)
return
}
// Swap the scheme and host to the master, keeping path and params the same
proxyURL := r.URL
proxyURL.Scheme = masterURL.Scheme
proxyURL.Host = masterURL.Host
// Build a request, copying the original method, body, and headers, overriding the remote user headers
proxyRequest, _ := http.NewRequest(r.Method, proxyURL.String(), r.Body)
proxyRequest.Header = r.Header
proxyRequest.Header.Set("My-Remote-User", username)
proxyRequest.Header.Set("SSO-User", "")
// Round trip to the back end
response, err := proxyTransport.RoundTrip(r)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
defer response.Body.Close()
// Copy response back to originator
for k, v := range response.Header {
w.Header()[k] = v
}
w.WriteHeader(response.StatusCode)
if _, err := io.Copy(w, response.Body); err != nil {
t.Fatalf("Unexpected error: %v", err)
}
}))
defer proxyServer.Close()
masterOptions.OAuthConfig.IdentityProviders[0] = configapi.IdentityProvider{
Name: "requestheader",
UseAsChallenger: true,
UseAsLogin: true,
Provider: runtime.EmbeddedObject{
Object: &configapi.RequestHeaderIdentityProvider{
ChallengeURL: proxyServer.URL + "/oauth/authorize?${query}",
LoginURL: "http://www.example.com/login?then=${url}",
ClientCA: caFile.Name(),
Headers: []string{"My-Remote-User", "SSO-User"},
},
},
}
// Start server
clusterAdminKubeConfig, err := testserver.StartConfiguredMaster(masterOptions)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Use the server and CA info, but no client cert info
anonConfig := kclient.Config{}
anonConfig.Host = clientConfig.Host
anonConfig.CAFile = clientConfig.CAFile
anonConfig.CAData = clientConfig.CAData
anonTransport, err := kclient.TransportFor(&anonConfig)
if err != nil {
//.........这里部分代码省略.........
示例13: TestOAuthBasicAuthPassword
func TestOAuthBasicAuthPassword(t *testing.T) {
remotePrefix := "remote"
expectedLogin := "username"
expectedPassword := "password"
expectedAuthHeader := "Basic " + base64.StdEncoding.EncodeToString([]byte(expectedLogin+":"+expectedPassword))
expectedUsername := remotePrefix + expectedLogin
// Create tempfiles with certs and keys we're going to use
certNames := map[string]string{}
for certName, certContents := range basicAuthCerts {
f, err := ioutil.TempFile("", certName)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
defer os.Remove(f.Name())
if err := ioutil.WriteFile(f.Name(), certContents, os.FileMode(0600)); err != nil {
t.Fatalf("unexpected error: %v", err)
}
certNames[certName] = f.Name()
}
// Build client cert pool
clientCAs, err := util.CertPoolFromFile(certNames[basicAuthRemoteCACert])
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Build remote handler
remoteHandler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if req.TLS == nil {
w.WriteHeader(http.StatusUnauthorized)
t.Fatalf("Expected TLS")
}
if len(req.TLS.VerifiedChains) != 1 {
w.WriteHeader(http.StatusUnauthorized)
t.Fatalf("Expected peer cert verified by server")
}
if req.Header.Get("Authorization") != expectedAuthHeader {
w.WriteHeader(http.StatusUnauthorized)
t.Fatalf("Unexpected auth header: %s", req.Header.Get("Authorization"))
}
w.Header().Set("Content-Type", "application/json")
w.Write([]byte(fmt.Sprintf(`{"sub":"%s"}`, expectedUsername)))
})
// Start remote server
remoteAddr, err := testutil.FindAvailableBindAddress(9443, 9999)
if err != nil {
t.Fatalf("Couldn't get free address for test server: %v", err)
}
remoteServer := &http.Server{
Addr: remoteAddr,
Handler: remoteHandler,
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
TLSConfig: &tls.Config{
// Change default from SSLv3 to TLSv1.0 (because of POODLE vulnerability)
MinVersion: tls.VersionTLS10,
// RequireAndVerifyClientCert lets us limit requests to ones with a valid client certificate
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: clientCAs,
},
}
go func() {
if err := remoteServer.ListenAndServeTLS(certNames[basicAuthRemoteServerCert], certNames[basicAuthRemoteServerKey]); err != nil {
t.Fatalf("unexpected error: %v", err)
}
}()
// Build master config
masterOptions, err := testutil.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
masterOptions.OAuthConfig.IdentityProviders[0] = configapi.IdentityProvider{
Name: "basicauth",
UseAsChallenger: true,
UseAsLogin: true,
Provider: runtime.EmbeddedObject{
Object: &configapi.BasicAuthPasswordIdentityProvider{
RemoteConnectionInfo: configapi.RemoteConnectionInfo{
URL: fmt.Sprintf("https://%s", remoteAddr),
CA: certNames[basicAuthRemoteCACert],
ClientCert: configapi.CertInfo{
CertFile: certNames[basicAuthClientCert],
KeyFile: certNames[basicAuthClientKey],
},
},
},
},
}
// Start server
clusterAdminKubeConfig, err := testutil.StartConfiguredMaster(masterOptions)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
//.........这里部分代码省略.........