Merge pull request kubernetes#79153 from MikeSpreitzer/fix73409

k8s-ci-robot · web-flow · commit a807cb625b08 · 2019-07-02T02:15:11.000-07:00
Make AuthorizeClientBearerToken actually return if authn or authz is nil
diff --git a/staging/src/k8s.io/apiserver/pkg/server/config.go b/staging/src/k8s.io/apiserver/pkg/server/config.go
@@ -662,6 +662,7 @@ func AuthorizeClientBearerToken(loopback *restclient.Config, authn *Authenticati
 	}
 	if authn == nil || authz == nil {
 		// prevent nil pointer panic
+		return
 	}
 	if authn.Authenticator == nil || authz.Authorizer == nil {
 		// authenticator or authorizer might be nil if we want to bypass authz/authn
diff --git a/staging/src/k8s.io/apiserver/pkg/server/config_test.go b/staging/src/k8s.io/apiserver/pkg/server/config_test.go
@@ -23,6 +23,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/http/httputil"
+	"reflect"
 	"testing"
 
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -32,6 +33,39 @@ import (
 	"k8s.io/client-go/rest"
 )
 
+func TestAuthorizeClientBearerTokenNoops(t *testing.T) {
+	// All of these should do nothing (not panic, no side-effects)
+	cfgGens := []func() *rest.Config{
+		func() *rest.Config { return nil },
+		func() *rest.Config { return &rest.Config{} },
+		func() *rest.Config { return &rest.Config{BearerToken: "mu"} },
+	}
+	authcGens := []func() *AuthenticationInfo{
+		func() *AuthenticationInfo { return nil },
+		func() *AuthenticationInfo { return &AuthenticationInfo{} },
+	}
+	authzGens := []func() *AuthorizationInfo{
+		func() *AuthorizationInfo { return nil },
+		func() *AuthorizationInfo { return &AuthorizationInfo{} },
+	}
+	for _, cfgGen := range cfgGens {
+		for _, authcGen := range authcGens {
+			for _, authzGen := range authzGens {
+				pConfig := cfgGen()
+				pAuthc := authcGen()
+				pAuthz := authzGen()
+				AuthorizeClientBearerToken(pConfig, pAuthc, pAuthz)
+				if before, after := authcGen(), pAuthc; !reflect.DeepEqual(before, after) {
+					t.Errorf("AuthorizeClientBearerToken(%v, %#+v, %v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
+				}
+				if before, after := authzGen(), pAuthz; !reflect.DeepEqual(before, after) {
+					t.Errorf("AuthorizeClientBearerToken(%v, %v, %#+v) changed %#+v", pConfig, pAuthc, pAuthz, *before)
+				}
+			}
+		}
+	}
+}
+
 func TestNewWithDelegate(t *testing.T) {
 	delegateConfig := NewConfig(codecs)
 	delegateConfig.ExternalAddress = "192.168.10.4:443"

Original file line number	Diff line number	Diff line change
`@@ -662,6 +662,7 @@ func AuthorizeClientBearerToken(loopback restclient.Config, authn Authenticati`
`662`	`662`	`}`
`663`	`663`	`if authn == nil \|\| authz == nil {`
`664`	`664`	`// prevent nil pointer panic`
	`665`	`+ return`
`665`	`666`	`}`
`666`	`667`	`if authn.Authenticator == nil \|\| authz.Authorizer == nil {`
`667`	`668`	`// authenticator or authorizer might be nil if we want to bypass authz/authn`