From b058b49a70d9efba0b48be684989714509d74845 Mon Sep 17 00:00:00 2001 From: Luke Swart Date: Fri, 16 Aug 2024 11:56:33 -0700 Subject: [PATCH 1/4] add a namespaced field --- pkg/server/server.go | 2 +- pkg/server/server_test.go | 100 +++++++++++++++++++------------------- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/pkg/server/server.go b/pkg/server/server.go index 5059ed006..b152dd84c 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -393,7 +393,7 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request) userExtra["canonicalArn"] = authenticationv1beta1.ExtraValue{identity.CanonicalARN} userExtra["sessionName"] = authenticationv1beta1.ExtraValue{identity.SessionName} userExtra["accessKeyId"] = authenticationv1beta1.ExtraValue{identity.AccessKeyID} - userExtra["principalId"] = authenticationv1beta1.ExtraValue{identity.UserID} + userExtra["eks.amazonaws.com/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID} } json.NewEncoder(w).Encode(authenticationv1beta1.TokenReview{ diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go index f997fbd6b..4b8584ccb 100644 --- a/pkg/server/server_test.go +++ b/pkg/server/server_test.go @@ -524,11 +524,11 @@ func TestAuthenticateVerifierRoleMapping(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{"ABCDEF"}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{"ABCDEF"}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -567,11 +567,11 @@ func TestAuthenticateVerifierRoleMappingCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -614,11 +614,11 @@ func TestAuthenticateVerifierUserMapping(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -657,11 +657,11 @@ func TestAuthenticateVerifierUserMappingCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -700,11 +700,11 @@ func TestAuthenticateVerifierAccountMappingForUser(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -743,11 +743,11 @@ func TestAuthenticateVerifierAccountMappingForUserCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -786,11 +786,11 @@ func TestAuthenticateVerifierAccountMappingForRole(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -829,11 +829,11 @@ func TestAuthenticateVerifierAccountMappingForRoleCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -877,11 +877,11 @@ func TestAuthenticateVerifierNodeMapping(t *testing.T) { "aws-iam-authenticator:0123456789012:TestNodeRole", []string{"system:nodes", "system:bootstrappers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -922,11 +922,11 @@ func TestAuthenticateVerifierNodeMappingCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:TestNodeRole", []string{"system:nodes", "system:bootstrappers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, })) validateMetrics(t, validateOpts{success: 1}) From b134661312afc342456739d00298b3c387e5aab1 Mon Sep 17 00:00:00 2001 From: Luke Swart Date: Mon, 19 Aug 2024 14:53:46 -0700 Subject: [PATCH 2/4] retain original field --- pkg/server/server.go | 1 + pkg/server/server_test.go | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/pkg/server/server.go b/pkg/server/server.go index b152dd84c..b59c0a634 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -393,6 +393,7 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request) userExtra["canonicalArn"] = authenticationv1beta1.ExtraValue{identity.CanonicalARN} userExtra["sessionName"] = authenticationv1beta1.ExtraValue{identity.SessionName} userExtra["accessKeyId"] = authenticationv1beta1.ExtraValue{identity.AccessKeyID} + userExtra["principalId"] = authenticationv1beta1.ExtraValue{identity.UserID} userExtra["eks.amazonaws.com/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID} } diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go index 4b8584ccb..e4f7a7676 100644 --- a/pkg/server/server_test.go +++ b/pkg/server/server_test.go @@ -528,6 +528,7 @@ func TestAuthenticateVerifierRoleMapping(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{"ABCDEF"}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -571,6 +572,7 @@ func TestAuthenticateVerifierRoleMappingCRD(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -618,6 +620,7 @@ func TestAuthenticateVerifierUserMapping(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -661,6 +664,7 @@ func TestAuthenticateVerifierUserMappingCRD(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -704,6 +708,7 @@ func TestAuthenticateVerifierAccountMappingForUser(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -747,6 +752,7 @@ func TestAuthenticateVerifierAccountMappingForUserCRD(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -790,6 +796,7 @@ func TestAuthenticateVerifierAccountMappingForRole(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -833,6 +840,7 @@ func TestAuthenticateVerifierAccountMappingForRoleCRD(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"Test"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -881,6 +889,7 @@ func TestAuthenticateVerifierNodeMapping(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -926,6 +935,7 @@ func TestAuthenticateVerifierNodeMappingCRD(t *testing.T) { "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, })) validateMetrics(t, validateOpts{success: 1}) From 009abd86de23f3860322678bf074a585a9a9ca3d Mon Sep 17 00:00:00 2001 From: Luke Swart Date: Tue, 20 Aug 2024 10:30:07 -0700 Subject: [PATCH 3/4] update to sig.k8s.io namespace --- pkg/server/server.go | 2 +- pkg/server/server_test.go | 120 +++++++++++++++++++------------------- 2 files changed, 61 insertions(+), 61 deletions(-) diff --git a/pkg/server/server.go b/pkg/server/server.go index b59c0a634..da1b40580 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -394,7 +394,7 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request) userExtra["sessionName"] = authenticationv1beta1.ExtraValue{identity.SessionName} userExtra["accessKeyId"] = authenticationv1beta1.ExtraValue{identity.AccessKeyID} userExtra["principalId"] = authenticationv1beta1.ExtraValue{identity.UserID} - userExtra["eks.amazonaws.com/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID} + userExtra["sigs.k8s.io/aws-iam-authenticator/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID} } json.NewEncoder(w).Encode(authenticationv1beta1.TokenReview{ diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go index e4f7a7676..350a767fd 100644 --- a/pkg/server/server_test.go +++ b/pkg/server/server_test.go @@ -524,12 +524,12 @@ func TestAuthenticateVerifierRoleMapping(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{"ABCDEF"}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:role/Test"}, + "canonicalArn": {"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {"ABCDEF"}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -568,12 +568,12 @@ func TestAuthenticateVerifierRoleMappingCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:role/Test"}, + "canonicalArn": {"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {""}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -616,12 +616,12 @@ func TestAuthenticateVerifierUserMapping(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": {"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {""}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -660,12 +660,12 @@ func TestAuthenticateVerifierUserMappingCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", []string{"sys:admin", "listers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": {"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {""}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -704,12 +704,12 @@ func TestAuthenticateVerifierAccountMappingForUser(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": {"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {""}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -748,12 +748,12 @@ func TestAuthenticateVerifierAccountMappingForUserCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:user/Test"}, + "canonicalArn": {"arn:aws:iam::0123456789012:user/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {""}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -792,12 +792,12 @@ func TestAuthenticateVerifierAccountMappingForRole(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, + "canonicalArn": {"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {""}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -836,12 +836,12 @@ func TestAuthenticateVerifierAccountMappingForRoleCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:Test", nil, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"}, - "sessionName": authenticationv1beta1.ExtraValue{"TestSession"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"Test"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"Test"}, + "arn": {"arn:aws:iam::0123456789012:assumed-role/Test/extra"}, + "canonicalArn": {"arn:aws:iam::0123456789012:role/Test"}, + "sessionName": {"TestSession"}, + "accessKeyId": {""}, + "principalId": {"Test"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"}, })) validateMetrics(t, validateOpts{success: 1}) } @@ -885,12 +885,12 @@ func TestAuthenticateVerifierNodeMapping(t *testing.T) { "aws-iam-authenticator:0123456789012:TestNodeRole", []string{"system:nodes", "system:bootstrappers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, + "arn": {"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "canonicalArn": {"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "sessionName": {"i-0c6f21bf1f24f9708"}, + "accessKeyId": {""}, + "principalId": {"TestNodeRole"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"TestNodeRole"}, })) validateMetrics(t, validateOpts{success: 1}) @@ -931,12 +931,12 @@ func TestAuthenticateVerifierNodeMappingCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:TestNodeRole", []string{"system:nodes", "system:bootstrappers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, - "eks.amazonaws.com/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, + "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, + "accessKeyId": authenticationv1beta1.ExtraValue{""}, + "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, })) validateMetrics(t, validateOpts{success: 1}) From ad6c37f5c6a9f8ed6d23f89d2bd2126b8c848ac0 Mon Sep 17 00:00:00 2001 From: Luke Swart Date: Tue, 20 Aug 2024 11:01:03 -0700 Subject: [PATCH 4/4] cleanup to use composite literals --- pkg/server/server_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go index 350a767fd..3e10ab66b 100644 --- a/pkg/server/server_test.go +++ b/pkg/server/server_test.go @@ -931,12 +931,12 @@ func TestAuthenticateVerifierNodeMappingCRD(t *testing.T) { "aws-iam-authenticator:0123456789012:TestNodeRole", []string{"system:nodes", "system:bootstrappers"}, map[string]authenticationv1beta1.ExtraValue{ - "arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"}, - "sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"}, - "accessKeyId": authenticationv1beta1.ExtraValue{""}, - "principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, - "sigs.k8s.io/aws-iam-authenticator/principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"}, + "arn": {"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "canonicalArn": {"arn:aws:iam::0123456789012:role/TestNodeRole"}, + "sessionName": {"i-0c6f21bf1f24f9708"}, + "accessKeyId": {""}, + "principalId": {"TestNodeRole"}, + "sigs.k8s.io/aws-iam-authenticator/principalId": {"TestNodeRole"}, })) validateMetrics(t, validateOpts{success: 1})