Merge pull request kubernetes#90064 from neolit123/1.19-fix-authz-warning

k8s-ci-robot · web-flow · commit 613cd04d8c95 · 2020-04-23T12:32:06.000-07:00
kubeadm: fix misleading warning for authz modes
diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go
@@ -222,16 +222,31 @@ func getAuthzModes(authzModeExtraArgs string) string {
 
 		// only return the user provided mode if at least one was valid
 		if len(mode) > 0 {
-			klog.Warningf("the default kube-apiserver authorization-mode is %q; using %q",
-				strings.Join(defaultMode, ","),
-				strings.Join(mode, ","),
-			)
+			if !compareAuthzModes(defaultMode, mode) {
+				klog.Warningf("the default kube-apiserver authorization-mode is %q; using %q",
+					strings.Join(defaultMode, ","),
+					strings.Join(mode, ","),
+				)
+			}
 			return strings.Join(mode, ",")
 		}
 	}
 	return strings.Join(defaultMode, ",")
 }
 
+// compareAuthzModes compares two given authz modes and returns false if they do not match
+func compareAuthzModes(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for i, m := range a {
+		if m != b[i] {
+			return false
+		}
+	}
+	return true
+}
+
 func isValidAuthzMode(authzMode string) bool {
 	allModes := []string{
 		kubeadmconstants.ModeNode,
diff --git a/cmd/kubeadm/app/phases/controlplane/manifests_test.go b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
@@ -1144,3 +1144,43 @@ func TestIsValidAuthzMode(t *testing.T) {
 		})
 	}
 }
+
+func TestCompareAuthzModes(t *testing.T) {
+	var tests = []struct {
+		name   string
+		modesA []string
+		modesB []string
+		equal  bool
+	}{
+		{
+			name:   "modes match",
+			modesA: []string{"a", "b", "c"},
+			modesB: []string{"a", "b", "c"},
+			equal:  true,
+		},
+		{
+			name:   "modes order does not match",
+			modesA: []string{"a", "c", "b"},
+			modesB: []string{"a", "b", "c"},
+		},
+		{
+			name:   "modes do not match; A has less modes",
+			modesA: []string{"a", "b"},
+			modesB: []string{"a", "b", "c"},
+		},
+		{
+			name:   "modes do not match; B has less modes",
+			modesA: []string{"a", "b", "c"},
+			modesB: []string{"a", "b"},
+		},
+	}
+
+	for _, rt := range tests {
+		t.Run(rt.name, func(t *testing.T) {
+			equal := compareAuthzModes(rt.modesA, rt.modesB)
+			if equal != rt.equal {
+				t.Errorf("failed compareAuthzModes:\nexpected:\n%v\nsaw:\n%v", rt.equal, equal)
+			}
+		})
+	}
+}
