diff --git a/internal/controller/authenticator/authncache/cache.go b/internal/controller/authenticator/authncache/cache.go index 2816d27c2..24269cffe 100644 --- a/internal/controller/authenticator/authncache/cache.go +++ b/internal/controller/authenticator/authncache/cache.go @@ -28,10 +28,9 @@ type Cache struct { } type Key struct { - APIGroup string - Kind string - Namespace string - Name string + APIGroup string + Kind string + Name string } type Value interface { @@ -74,7 +73,6 @@ func (c *Cache) Keys() []Key { sort.Slice(result, func(i, j int) bool { return result[i].APIGroup < result[j].APIGroup || result[i].Kind < result[j].Kind || - result[i].Namespace < result[j].Namespace || result[i].Name < result[j].Name }) return result @@ -83,9 +81,8 @@ func (c *Cache) Keys() []Key { func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *loginapi.TokenCredentialRequest) (user.Info, error) { // Map the incoming request to a cache key. key := Key{ - Namespace: req.Namespace, - Name: req.Spec.Authenticator.Name, - Kind: req.Spec.Authenticator.Kind, + Name: req.Spec.Authenticator.Name, + Kind: req.Spec.Authenticator.Kind, } if req.Spec.Authenticator.APIGroup != nil { key.APIGroup = *req.Spec.Authenticator.APIGroup @@ -95,7 +92,7 @@ func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *log if val == nil { plog.Debug( "authenticator does not exist", - "authenticator", klog.KRef(key.Namespace, key.Name), + "authenticator", klog.KRef("", key.Name), "kind", key.Kind, "apiGroup", key.APIGroup, ) diff --git a/internal/controller/authenticator/authncache/cache_test.go b/internal/controller/authenticator/authncache/cache_test.go index d48a1951e..df383b31f 100644 --- a/internal/controller/authenticator/authncache/cache_test.go +++ b/internal/controller/authenticator/authncache/cache_test.go @@ -31,13 +31,13 @@ func TestCache(t *testing.T) { cache := New() require.NotNil(t, cache) - key1 := Key{Namespace: "foo", Name: "authenticator-one"} + key1 := Key{Name: "authenticator-one"} mockToken1 := mocktokenauthenticator.NewMockToken(ctrl) cache.Store(key1, mockToken1) require.Equal(t, mockToken1, cache.Get(key1)) require.Equal(t, 1, len(cache.Keys())) - key2 := Key{Namespace: "foo", Name: "authenticator-two"} + key2 := Key{Name: "authenticator-two"} mockToken2 := mocktokenauthenticator.NewMockToken(ctrl) cache.Store(key2, mockToken2) require.Equal(t, mockToken2, cache.Get(key2)) @@ -50,11 +50,10 @@ func TestCache(t *testing.T) { // Fill the cache back up with a fixed set of keys, but inserted in shuffled order. keysInExpectedOrder := []Key{ - {APIGroup: "a", Kind: "a", Namespace: "a", Name: "a"}, - {APIGroup: "b", Kind: "a", Namespace: "a", Name: "a"}, - {APIGroup: "b", Kind: "b", Namespace: "a", Name: "a"}, - {APIGroup: "b", Kind: "b", Namespace: "b", Name: "a"}, - {APIGroup: "b", Kind: "b", Namespace: "b", Name: "b"}, + {APIGroup: "a", Kind: "a", Name: "a"}, + {APIGroup: "b", Kind: "a", Name: "a"}, + {APIGroup: "b", Kind: "b", Name: "a"}, + {APIGroup: "b", Kind: "b", Name: "b"}, } for tries := 0; tries < 10; tries++ { cache := New() @@ -85,10 +84,9 @@ func TestAuthenticateTokenCredentialRequest(t *testing.T) { Status: loginapi.TokenCredentialRequestStatus{}, } validRequestKey := Key{ - APIGroup: *validRequest.Spec.Authenticator.APIGroup, - Kind: validRequest.Spec.Authenticator.Kind, - Namespace: validRequest.Namespace, - Name: validRequest.Spec.Authenticator.Name, + APIGroup: *validRequest.Spec.Authenticator.APIGroup, + Kind: validRequest.Spec.Authenticator.Kind, + Name: validRequest.Spec.Authenticator.Name, } mockCache := func(t *testing.T, res *authenticator.Response, authenticated bool, err error) *Cache { diff --git a/internal/controller/authenticator/cachecleaner/cachecleaner.go b/internal/controller/authenticator/cachecleaner/cachecleaner.go index d618e40e9..348b2ed75 100644 --- a/internal/controller/authenticator/cachecleaner/cachecleaner.go +++ b/internal/controller/authenticator/cachecleaner/cachecleaner.go @@ -72,19 +72,17 @@ func (c *controller) Sync(_ controllerlib.Context) error { authenticatorSet := map[authncache.Key]bool{} for _, webhook := range webhooks { key := authncache.Key{ - Namespace: webhook.Namespace, - Name: webhook.Name, - Kind: "WebhookAuthenticator", - APIGroup: auth1alpha1.SchemeGroupVersion.Group, + Name: webhook.Name, + Kind: "WebhookAuthenticator", + APIGroup: auth1alpha1.SchemeGroupVersion.Group, } authenticatorSet[key] = true } for _, jwtAuthenticator := range jwtAuthenticators { key := authncache.Key{ - Namespace: jwtAuthenticator.Namespace, - Name: jwtAuthenticator.Name, - Kind: "JWTAuthenticator", - APIGroup: auth1alpha1.SchemeGroupVersion.Group, + Name: jwtAuthenticator.Name, + Kind: "JWTAuthenticator", + APIGroup: auth1alpha1.SchemeGroupVersion.Group, } authenticatorSet[key] = true } @@ -97,7 +95,7 @@ func (c *controller) Sync(_ controllerlib.Context) error { if _, exists := authenticatorSet[key]; !exists { c.log.WithValues( "authenticator", - klog.KRef(key.Namespace, key.Name), + klog.KRef("", key.Name), "kind", key.Kind, ).Info("deleting authenticator from cache") diff --git a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go index a735900b4..72b427456 100644 --- a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go +++ b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go @@ -26,34 +26,29 @@ func TestController(t *testing.T) { t.Parallel() testWebhookKey1 := authncache.Key{ - APIGroup: "authentication.concierge.pinniped.dev", - Kind: "WebhookAuthenticator", - Namespace: "test-namespace", - Name: "test-webhook-name-one", + APIGroup: "authentication.concierge.pinniped.dev", + Kind: "WebhookAuthenticator", + Name: "test-webhook-name-one", } testWebhookKey2 := authncache.Key{ - APIGroup: "authentication.concierge.pinniped.dev", - Kind: "WebhookAuthenticator", - Namespace: "test-namespace", - Name: "test-webhook-name-two", + APIGroup: "authentication.concierge.pinniped.dev", + Kind: "WebhookAuthenticator", + Name: "test-webhook-name-two", } testJWTAuthenticatorKey1 := authncache.Key{ - APIGroup: "authentication.concierge.pinniped.dev", - Kind: "JWTAuthenticator", - Namespace: "test-namespace", - Name: "test-jwt-authenticator-name-one", + APIGroup: "authentication.concierge.pinniped.dev", + Kind: "JWTAuthenticator", + Name: "test-jwt-authenticator-name-one", } testJWTAuthenticatorKey2 := authncache.Key{ - APIGroup: "authentication.concierge.pinniped.dev", - Kind: "JWTAuthenticator", - Namespace: "test-namespace", - Name: "test-jwt-authenticator-name-two", + APIGroup: "authentication.concierge.pinniped.dev", + Kind: "JWTAuthenticator", + Name: "test-jwt-authenticator-name-two", } testKeyUnknownType := authncache.Key{ - APIGroup: "authentication.concierge.pinniped.dev", - Kind: "SomeOtherAuthenticator", - Namespace: "test-namespace", - Name: "test-name-one", + APIGroup: "authentication.concierge.pinniped.dev", + Kind: "SomeOtherAuthenticator", + Name: "test-name-one", } tests := []struct { @@ -73,14 +68,12 @@ func TestController(t *testing.T) { objects: []runtime.Object{ &authv1alpha.WebhookAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testWebhookKey1.Namespace, - Name: testWebhookKey1.Name, + Name: testWebhookKey1.Name, }, }, &authv1alpha.JWTAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testJWTAuthenticatorKey1.Namespace, - Name: testJWTAuthenticatorKey1.Name, + Name: testJWTAuthenticatorKey1.Name, }, }, }, @@ -91,26 +84,22 @@ func TestController(t *testing.T) { objects: []runtime.Object{ &authv1alpha.WebhookAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testWebhookKey1.Namespace, - Name: testWebhookKey1.Name, + Name: testWebhookKey1.Name, }, }, &authv1alpha.WebhookAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testWebhookKey2.Namespace, - Name: testWebhookKey2.Name, + Name: testWebhookKey2.Name, }, }, &authv1alpha.JWTAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testJWTAuthenticatorKey1.Namespace, - Name: testJWTAuthenticatorKey1.Name, + Name: testJWTAuthenticatorKey1.Name, }, }, &authv1alpha.JWTAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testJWTAuthenticatorKey2.Namespace, - Name: testJWTAuthenticatorKey2.Name, + Name: testJWTAuthenticatorKey2.Name, }, }, }, @@ -128,20 +117,18 @@ func TestController(t *testing.T) { objects: []runtime.Object{ &authv1alpha.WebhookAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testWebhookKey1.Namespace, - Name: testWebhookKey1.Name, + Name: testWebhookKey1.Name, }, }, &authv1alpha.JWTAuthenticator{ ObjectMeta: metav1.ObjectMeta{ - Namespace: testJWTAuthenticatorKey1.Namespace, - Name: testJWTAuthenticatorKey1.Name, + Name: testJWTAuthenticatorKey1.Name, }, }, }, wantLogs: []string{ - `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two","namespace":"test-namespace"} "kind"="JWTAuthenticator"`, - `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two","namespace":"test-namespace"} "kind"="WebhookAuthenticator"`, + `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two"} "kind"="JWTAuthenticator"`, + `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two"} "kind"="WebhookAuthenticator"`, }, wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1, testKeyUnknownType}, }, @@ -173,8 +160,7 @@ func TestController(t *testing.T) { syncCtx := controllerlib.Context{ Context: ctx, Key: controllerlib.Key{ - Namespace: "test-namespace", - Name: "test-webhook-name-one", + Name: "test-webhook-name-one", }, } diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go index 4c54a37a5..edbaca854 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go @@ -98,10 +98,9 @@ func (c *controller) Sync(ctx controllerlib.Context) error { } cacheKey := authncache.Key{ - APIGroup: auth1alpha1.GroupName, - Kind: "JWTAuthenticator", - Namespace: ctx.Key.Namespace, - Name: ctx.Key.Name, + APIGroup: auth1alpha1.GroupName, + Kind: "JWTAuthenticator", + Name: ctx.Key.Name, } // If this authenticator already exists, then only recreate it if is different from the desired diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go index cd66fdcb6..9d3c342f8 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go @@ -356,10 +356,9 @@ func TestController(t *testing.T) { // We expected the cache to have an entry, so pull that entry from the cache and test it. expectedCacheKey := authncache.Key{ - APIGroup: auth1alpha1.GroupName, - Kind: "JWTAuthenticator", - Namespace: syncCtx.Key.Namespace, - Name: syncCtx.Key.Name, + APIGroup: auth1alpha1.GroupName, + Kind: "JWTAuthenticator", + Name: syncCtx.Key.Name, } cachedAuthenticator := cache.Get(expectedCacheKey) require.NotNil(t, cachedAuthenticator) diff --git a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go index 275f68591..732f1a897 100644 --- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go +++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go @@ -69,10 +69,9 @@ func (c *controller) Sync(ctx controllerlib.Context) error { } c.cache.Store(authncache.Key{ - APIGroup: auth1alpha1.GroupName, - Kind: "WebhookAuthenticator", - Namespace: ctx.Key.Namespace, - Name: ctx.Key.Name, + APIGroup: auth1alpha1.GroupName, + Kind: "WebhookAuthenticator", + Name: ctx.Key.Name, }, webhookAuthenticator) c.log.WithValues("webhook", klog.KObj(obj), "endpoint", obj.Spec.Endpoint).Info("added new webhook authenticator") return nil